SaaS Discovery

What is SaaS Discovery?

SaaS Discovery allows you to automatically discover your organization's SaaS applications by configuring integrations with third-party systems, such as SSO and CASB solutions.

Whenever a new application is discovered, you can:

  • Create new Fact Sheets, such as Applications, IT Components, or Providers.
  • Add new data to existing Fact Sheets to improve data quality.

With SaaS Discovery, you can automate the process of adding new SaaS applications to LeanIX and ensure that your SaaS inventory remains up to date.



Important to note that the SaaS Discovery feature in LeanIX Enterprise Architecture does not provide insight to cost, adoptions, utilization, contracts, and other SaaS specifics.

Setting up SaaS Discovery in Enterprise Architecture

All functionality, configuration, and setup are available in the "SaaS Discovery" entry in the Admin menu.

The setup requires the following steps:


Activation of the SaaS Catalog feature


Signing the required contract amendment for data usage (only applies to a few customers)


Setting up integrations for Service Discovery



You can see the details on Data Usage here

Details on the SaaS Catalog

Within the platform capability Reference Catalogs, LeanIX provides an additional capability for SaaS applications, the SaaS Catalog. It provides up-to-date information for a large number of SaaS services and is automatically activated for all LeanIX Enterprise Architecture customers opting in for SaaS Discovery, i.e. when discovered SaaS is linked to existing Fact Sheets, a link to the SaaS catalog will be created automatically for the respective Fact Sheet. The catalog provides the following info:

  • Name and description of the application
  • (New) Product category
  • (New) SSO Availability and Available Providers
  • (New) Hosting type and description
  • Logo (visible in the Self-Service Portal)
  • Direct relation with an IT Component
  • Indirect relation from the IT Component to the Provider



All fields with (New) will be provisioned and added to the data model on activation of the SaaS Catalog, provisioning cannot be undone, but fields and sections can be moved by admin.

The fields to be synchronized can be configured by the admin under the Reference Catalogs section in order to automate the update of your SaaS Applications.

Adding discovery integrations to SaaS Discovery

The foundation for continuous service discovery is active integrations into key enterprise systems. These enable LeanIX to identify and discover SaaS that is used throughout your organization.

Integrations can be added in the "Integrations" tab of SaaS Discovery.

Simply select the data source you want to integrate by clicking "Add integration". Available integrations are listed here. Please follow the links for setup details.


Missing a Discover Integration in this list?

You can always give feedback on an integration you would like to see here. To do so please visit our public roadmap page or immediately provide your feedback by clicking here.

Adding discovered SaaS to the Inventory

Once activated, admins will see the “SaaS Discovery” entry in the admin menu. On this page, users can see a complete list of all discovered applications and decide if they want to link (Matching Applications tab) or create (New Applications tab) new applications in their workspace. A third tab serves as a decision log and displays all resolved applications.

Admins can decide to forward these Import and Link to-dos to other users in the workspace using the "Select assignees" button of the expanded to-do. Be aware of the authorizations given to the assignees, as they need to be able to create and update Fact Sheets when interacting with the Import and Link to-dos.

Match Applications

In Matching Applications, the Fact Sheet column shows the recommended Application found in the workspace. Created on is the date when the application was discovered and the Decision column states if the admin decided to approve or reject the linking.

Every entry in the list can be expanded to review not only the description of the Application but also the dependencies that will be created/linked

Matching Applications also have the to-do item directly in the Fact Sheet, not only the admin can decide on the linking but also the Application owner.

Create new Applications from SaaS Discovery

In New Applications, the Fact Sheet column is always empty, as no matching Application has been found in the workspace. Created on is the date when the application was discovered and the decision column states if the admin decided to approve or reject the creation.

In addition to the Create feature, a Search feature is provided in case the admin knows an Application for the discovered one already exists in the workspace, but is still not linked to the catalog.

Review resolved Applications

Next to the Matching and New Applications tab the Resolved Applications tab shows you a list of all Import and Link to-do items that have been closed by rejecting or creating/linking the Application.



If you want to undo/change a linkage you can easily do this in the admin section under "To-Dos". Search the To-Do by name or filter by "closed" ones and set the Status to "Open" and the "Resolution" to "none" (see screenshot below). Then it will appear again under the Matching Applications/New Applications tab.


FAQ: Why I don't see any data in the SaaS Discovery section?

  • The integration runs every night, check up the sync log and filter by name SMPtoEAM to understand the current state and wait for the next run.
  • You don't have any newly discovered applications

SSO details

SaaS Discovery in combination with the SaaS Catalog also provides details on the SSO. This includes information on the current SSO integration status, like if the Application is integrated with SSO (SSO Status = SSO Implemented) and which “SSO Provider” it is integrated with or if SSO is not implemented (SSO not implemented). If SSO is not implemented, the Provider is left empty.

The SaaS Catalog adds information on which Application can potentially be integrated with SSO (SSO Availability) and lists the available SSO Providers.