SSO vs. Direct Connect

    SSO vs. Direct Integrations

    FlexNet SaaS Manager provides clients with two ways to access their company’s application and usage data:

    1. Via your SSO (SSO)
    2. Via the application itself (Direct)

    Differences between SSO and Direct

    SSO

    When SaaS Manager connects to your company’s SSO it discovers all applications connected to your single service provider. For these applications, it monitors/displays:

    • A User Roster of users/accounts connected to that application in your SSO
    • Login information for all users per application
      • Example: John Doe logged in to Salesforce from Dallas, TX at 4:30 pm
      • Jane Doe logged into Confluence from Birmingham, United Kingdom at 11:16 am

    Pros:

    • Speed and Efficiency
      • Data pulled from the SSO can be gathered and displayed very quickly, a user only needs to authenticate or authorize one (1) application to pull data from multiple connected apps.
    • Number of Applications
      • Pulling login data from SSOs allows SaaS Manager to access  user  data that it may not otherwise be able to access. SSO connections fill the data gaps in the cases  where  a direct connection has not yet been or cannot be created.
    • Access to On-Premise Data
      • SSO connections can pull data to any and every system you have connected to your Single Sign-On. If there are on-premise applications connected, SaaS Manager will monitor this rosters and login activities. (This is the ONLY way for SaaS Manager to access On-Prem software).

    Cons:

    • Reliance of SSO Provider
      • All SSO integrations are pulled from a single source. If the source goes down or requires updates, the whole system is affected by the downtime.
    • Accuracy
      • SSO integrations only track what is recorded in the SSO. Is the SSO  in  not maintained, data displayed could be incorrect or skewed.
    • Depth of Data
      • SSO integrations only track login activities that occur within the SSO, they cannot track any usage data outside of or beyond the SSO Login events.

    Direct

    When SaaS Manager connects to applications directly, it monitors/displays

    A User Roster of users/accounts that are active within the application

    - Usage information for all users per application

    -Example: John Doe edited Spreadsheet: NAM Enterprise Services in Google Sheets at 4:15pm

    Jane Doe had an UberConference call at 11:49am

    Pros:

    • Direct Connection
      • Direct connections pull data in one of 2 ways: Via an API or via Web Scraping. If one integration malfunctions or requires an update, it does not affect the remainder of the system

    • Accuracy
      • Direct integrations pull rosters and usage information directly from the application itself, providing a more accurate look at license consumption and usage

    • Depth of Data
      • Direct integrations track direct actions within the application. Some integrations track logins, some deeper, more robust utilization logs. All data comes directly from the application itself.

    Cons:

    • Speed and Efficiency
      • All direct applications must be authenticated individually. This process requires additional time and collaboration across various product administrators   
    • Access to Data
      • Direct integration data is limited to what is provided or available via an API or web scraping. There are cases where these are not available/viable means for gathering data and integrations are limited or not possible.
    • No On-Premise Services
      • SaaS Manager does NOT offer the ability to track on-premise software. 



    Best Practices

    We recommend a two-phased approach.

    Phase 1: Authenticate your SSO Provider - Add all applications you wish to monitor from your SSO into your app catalog. This allows you to begin filling out your app catalog and begins generating data quickly.

    Phase 2: Identify which applications you would like to add to the catalog or convert to direct integrations. Create a dropdown list of most important applications and begin converting those applications first.

    **Note: SSO monitored apps CAN be converted to Direct integrations. Direct integrations CANNOT be converted to SSO monitored apps.