Organizations of all sizes use single sign-on (SSO) tools and identity access management (IAM) services to make it convenient for employees and staff to log into various company apps. The core idea behind implementing SSO tools like Okta, OneLogin and Microsoft Azure Active Directory, is that it allows the company to see who’s logging into each app and better understand and control app access and usage.
This way, unused SaaS apps are removed from the tech stack and subscriptions for apps that have many users are renewed. Additionally, organizations are also able to open and close user accounts on an as-needed basis, effectively allowing and revoking access to apps.
Theoretically, this sort of information should help organizations improve SaaS management and ultimately reduce costs.
The only problem is that there are certain vital aspects of SaaS management that aren’t supported by SSO or IAM tools. Alone, these tools can only provide basic data on SaaS usage and don’t have the ability to monitor “shadow IT,” tech that employees adopt on their own, without the blessing of the IT department.
In other words, SSO tools like Okta can tell you who’s logged into a particular app the organization uses, but only if the IT department is aware that the app is being used in the first place. SSO tools won’t pick up on any apps that the IT department doesn’t know about. Given how quickly technology trends can change, this is critical information.
Unsanctioned SaaS use, moreover, is one of your IT team’s biggest blind spots, so if you’re planning on using SSO to help ensure that the people in your organization avoid sharing sensitive information with any cybersecurity-challenged cloud services, or if you’re hoping to make your software budget more efficient, then you’re only partway there.
This is where dedicated SaaS management solutions that integrate with SSO truly shine. For one, Torii is designed to help organizations better manage SaaS resources from a centralized location, with or without SSO. It helps IT managers uncover useful information about app usage, expenses, and the total number of users with built-in reports and graphs.
It also has built-in features that assist SaaS lifecycle management, including SaaS stack audits, sanctioning processes, regulatory compliance, employee offboarding and license renewals. Torii also helps organizations set up SaaS management alerts and workflow automations using custom combinations of triggers and actions.
In this article, we’ll explain why single sign-on tools aren’t enough for your team’s SaaS management needs and why you need to be using your SSO (or IAM) tool in tandem with a SaaS management tool like Torii.
1. They Can’t Help You Discover Anomalies or Monitor Shadow IT
Shadow IT is a major concern in most organizations. In fact, chances are someone in your organization has signed up for a SaaS app without informing the IT department.
On their own, SSO and IAM tools can’t help you discover anomalies in SaaS app usage. What if, for example, someone uses certain apps without using their company-issued SSO account? In a situation like this, your SSO tool won’t be able to detect the anomaly, and the SaaS product will go unnoticed, leaving IT unaware of any security vulnerabilities.
Similarly, SSO and IAM tools can’t help you monitor shadow IT and discover newly adopted apps. These third-party services can be used as entry points for cyber hackers and data breaches, not to mention that any efforts to plan out your resources will omit unsanctioned apps.
The good news is that by using Torii together with Okta, for example, you can effectively uncover anomalies and better manage SaaS spend. Torii discovers newly adopted apps in a few different ways:
- Through integration with your organization’s ERP tools and finance apps
- Web browser extensions that match visited websites with the platform’s database
- Integrations with SSO (or IAM) tools
- Manual uploads of invoices and credit card statements
So, for example, Torii can help you identify employees that are using their personal Google Drive accounts to share work files with team members or clients.
2. They Don’t Have Built-in SaaS Security Features
Not all SSO tools have built-in security features suitable for organizations with hundreds of apps and thousands of users.
SAML, for instance, is one of the most widely used standards when it comes to providing users with secure, one-click access to cloud apps via Okta. However, configuring SAML is by no means easy. In fact, each successful SAML integration can take up to weeks (sometimes even months) depending on the complexity of a given app’s SAML requirements.
When you use Torii, you’re able to ensure new SaaS apps are connected to Okta using SAML. Torii also alerts you every time it detects someone who has started using a new app. This gives the IT department a chance to see whether the new app supports SAML before the organization fits it into its tech stack.
3. They Don’t Give You a Clear Picture of Budget Issues
As we briefly mentioned above, SSO tools don’t give IT managers a clear picture of savings or a wider sense of software budget issues.
There’s no easy way to find out how much you’ve saved by removing a particular app from your tech stack or how much you could save by removing under-utilized apps. Additionally, they have no way of providing insight into how you can reduce costs. At best, SSO tools can only tell you which apps were logged into, not app utilization.
Torii and Okta together, however, can help you reduce costs in several different ways.
Torii gives IT managers a unified view of the number of times employees use Okta to log in. In addition to this, it also lets them know which specific apps they’ve logged into. This is a great way to identify which apps are actually being used by employees and which ones go unused or under-utilized.
In addition to this, Torii makes it easy to find unused SaaS app licenses. For example, these may by seats purchased that were never assigned to anyone, or seats assigned to people who didn’t use the apps much.
The platform also lets the IT department find redundancies based on app capabilities. For example, if you’re using two similar project management apps (like Basecamp and Asana), Torii will be able to identify them and point it out.
Finally, Torii helps IT managers decide which app licenses shouldn’t be renewed in the future based on app usage trends over time. If, for example, employees used GoToMeeting at some point but have more recently shifted over to Zoom, IT managers will be able to see these trends and plan accordingly.
4. There’s No Way to Connect On-Premise Web Apps to SSO/IAM Tools
Generally speaking, most SSO tools don’t let you connect to on-premise apps. These are apps that are installed locally in the organization rather than over the cloud.
There are, of course, some SSO tools that let you establish a connection with on-premise apps, although the process is tedious to say the least.
With the Torii-Okta combination, you can easily gain visibility into your organization’s on-premise apps. For example, it may identify them through manual uploads of invoices and credit card statements, or through the organization’s ERP integration.
In this way, you can easily connect SAML-supported on-premise apps to Okta using Torii.
There are many vital aspects of SaaS management that aren’t supported by implementing SSO or IAM tools on their own. To cover all your bases, you need to be using a tool like Torii in tandem with your SSO or IAM tool of choice.
With Torii and Okta, you’re able to discover anomalies and monitor shadow IT within the organization. It also comes with a variety of built-in SaaS security features and gives you a clear picture of any budget issues that could potentially disrupt how your organization uses SaaS tools.