SaaS Discovery in APM

Automatically identify all your SaaS services and connect them to your APM workspace

What is SaaS Discovery?

LeanIX SaaS Management Platform (SMP) provides Integrations with key enterprise systems (incl. SSO, CASB, expense management, and financial management) and SaaS vendors to discover and track all your SaaS applications including decentrally purchased SaaS.

  • Centralize all SaaS Applications from disparate locations (spreadsheets) in a unified platform
  • Discover all existing SaaS Applications across the organization and get full visibility
  • Reveal/ identify accountability and ownership
  • Get real-time visibility to optimize usage and ensure proper entitlements, eliminate waste and control SaaS spend
  • Enable business unit leaders to make informed decisions on all SaaS Applications they are using and hold them accountable to justify the need for the Applications in their business unit
  • Reduce the risk of unknown SaaS Applications being overlooked during an organization's regular compliance review

Key Feature


Automated discovery with integrations to key enterprise systems

Mapping of SaaS Applications landscape based on integrations with key enterprise systems.
Includes integrations to SSO, ERP, expense management, CASB, contract management, and similar systems such as Concur, NetSuite, Coupa, Okta, Spring CM, and Zscaler.
Also includes browser plug-in support.

Monitoring and alerting

Detection of SaaS Applications purchased outside of official IT procurement channels. Automatic alerts via email and dashboard when non-compliant or risky SaaS Applications are detected.

Spend analysis

SaaS spend break down and trend analysis by service or organizational unit.

Role-based access control

Access permissions management based on the role of the user within an organization.

All existing and new LeanIX Customers using the APM module - new LeanIX pricing - will get SaaS Discovery & Catalog functionality with no additional costs as part of their subscriptions.

Setting up SaaS Discovery in APM

Activation is available in a self-opt way in the "Optional Features & Early Access" entry in the Admin menu. This means that the administrator has to initiate the activation of the integration from the workspace itself without the intervention of a third party, such as the CSM or support.

  1. In the admin menu, go to the “Optional features and Early access” section. From the list, identify "SaaS Discovery / SaaS Management Platform", and click on activate.
  1. The process will guide you through the 3 following steps:

The signing of a contract amendment to allow data usage


Activation of necessary features - some of which are data model changes.


Creation of a new or linking an existing SMP workspace to your EAM workspace




You can see the details on Data Usage here

  1. Once the integration is active, a new menu entry "SaaS Discovery" will be visible. It might be necessary to refresh the page to see the new entry in the menu. You can now continue there and make the decision to link or create new applications to SMP.


SaaS Catalog

Within the platform capability “Reference catalogs”, LeanIX introduces a second capability for SaaS applications, which provides standard and up-to-date information to simplify EA.
The SaaS Catalog will be activated for all APM customers opting in for SaaS Discovery. The catalog can provide fields as follows:

  • Name and description of the application
  • (New) Product category
  • (New) SSO Availability and available Providers
  • (New) Hosting type and description
  • Logo (visible in the Self-Service Portal)
  • Direct relation with an ITC
  • Indirect relation from the ITC to the Provider



All fields with (New) will be provisioned and added to the data model on activation of the SaaS Catalog, provisioning cannot be undone, but fields and sections can be moved by admin.

The fields to be synchronized can be configured by the admin under the Reference Catalogs section, in order to automate the update of your SaaS Applications.

How to link applications to the SaaS catalog?

On the sidebar of an Application Fact Sheet, under the Reference Catalogs, you will see the "SaaS Catalog" link and you can click on it.

The link will bring you to a new window and this UI will open, and now you are ready to enter the name of the application you want to link in the search bar. A preview of all the available data is displayed, making data synchronization transparent.


New to-dos

The activation of SaaS discovery introduces 2 new to-do types



Use in SaaS Discovery


Creates a new Application FS in the workspace with its respective relations (ITC and Provider) and links it to both the SaaS Catalog, and the SaaS Discovery integration

New Applications


Links an existing Application FS (that is also linked to the SaaS Catalog) with its respective relations (ITC and Provider) to the SaaS Discovery integration

Matching Applications

Setting up integrations in SMP

You can find the detail on how to set up an integration on the Integrations docs page.



To search for all applications that have already been linked, use the filter “Catalog Status” in the inventory.

Managing SaaS applications with SaaS Discovery

Once activated, admins will see the “SaaS Discovery” entry in the admin menu. On this page, users can see a complete list of all discovered applications and decide if they want to link (Matching Applications tab) or create (New Applications tab) new applications in their workspace. A third tab serves as a decision log and displays all resolved applications.

Admins can decide to forward these Import and Link to-dos to other users in the workspace using the "Select assignees" button of the expanded to-do. Be aware of the authorisations given to the assignees, as they need to be able to create and update Fact Sheets when interacting with the Import and Link to-dos.

Match Applications

In Matching Applications, the Fact Sheet column shows the recommended Application found in the workspace. Created on is the date when the application was discovered and the decision column states if the admin decided to approve or reject the linking.


Every entry in the list can be expanded to review not only the description of the Application but also the dependencies that will be created/linked


Matching Applications also have the to-do item directly in the Fact Sheet, not only the admin can decide on the linking but also the Application owner.


Create new Applications from SaaS Discovery

In New Applications, the Fact Sheet column is always empty, as no matching Application has been found in the workspace. Created on is the date when the application was discovered and the decision column states if the admin decided to approve or reject the creation.

In addition to the Create feature, a Search feature is provided in case the admin knows an Application for the discovered one already exists in the workspace, but is still not linked to the catalog.


Review resolved Applications

Next to the Matching and New Applications tab the Resolved Applications tab shows you a list of all Import and Link to-do items that have been closed by rejecting or creating/linking the Application.



FAQ: Why I don't see any data in the SaaS Discovery section?

  • You haven't set up the sources in SMP to discover applications. You can refer to Discovery Sources and Integrations for more detail information
  • The integration runs every night, check up the sync log and filter by name SMPtoEAM to understand the current state and wait for the next run.
  • You don't have any newly discovered applications

SaaS Discovery on applications in APM


In Application Fact Sheets a new section called "Saas Discovery" will be displayed. In this section, it is possible to see the data corresponding to the cost (last month and year-to-date spend) of the application, and the active users - which are directly synchronized with SMP.


To see more information in SMP, users can simply go to the resource tab and click on the link to go directly to the application.

SSO details

SaaS Discovery in combination with the SaaS Catalog also provides details on the SSO. This includes information on the current SSO integration status, like if the Application is integrated with SSO (SSO Status = SSO Implemented) and which “SSO Provider” it is integrated with or if SSO is not implemented (SSO not implemented). If SSO is not implemented, the Provider is left empty.

The SaaS Catalog adds information on which Application can potentially be integrated with SSO (SSO Availability) and lists the available SSO Providers.


Did this page help you?