Overview

Torii supports day-to-day governance and operations by continuously discovering applications, and mapping users and their access permissions in each app. The first step to managing your SaaS stack is to know what you have, since you can't manage what you don't know.

Torii automatically discovers applications and users from multiple sources. By leveraging so many discovery sources, your data will be more accurate and complete with Torii.

In this article, we will discuss how to, any why, you should:

• Connect your IDP
• Connect your SSO
• Deploy the Torii browser extension
• Connect desktop agent integrations
• Connect your expense software
• Connect your contract management software
• Connect your core SaaS tools

Connect your Identify Providers (IdP)

Connecting your IDP is the very first step you should take when starting out with Torii. This will give you the best starting point for discovering your SaaS stack. Connecting your IdP to Torii will:

• Fetch all users which are found in that system (i.e. all users in your Google Workspace account) as well as relevant user fields you can use to later for views, filters and dedicated workflows.
• Fetch users and applications connected to your IDP. This includes applications that have been logged into using your IDP for authentication and authorization.

How to connect your IDP

1. Navigate to the Integrations Page - https://app.toriihq.com/team/services

2. Hover on the relevant IDP and click Connect

3. The first sync of your IDP might take a few hours, you'll receive a notification by email when the sync is completed.

Connect your Single-Sign-On provider

Using a Single Sign On (SSO) solution is one of the basic steps for managing your SaaS. Connecting your SSO provider to Torii creates a unified view in Torii of all your SSO-connected tools in addition to all the other tools discovered by Torii.

• Torii will pull in a list of all apps managed by your SSO as well as the users who are assigned to those apps.
• Torii also pulls application usage information from your SSO giving you full insight into your SaaS engagement levels and utilization.

How to connect your SSO provider

1. Navigate to the Integrations Page - https://app.toriihq.com/team/services

2. Hover on the relevant SSO provider and click Connect

Deploy the Torii browser extension

The Torii browser extension acts as an agent on the browser. It is the best tool to surface Shadow-IT. Whenever an employee signs in to a business SaaS application (and no other apps or site visits), the Torii browser extension will pick it up and make it visible on your Torii console.

Read more about the Browser Extension in the following article 

Connect desktop agent integrations

There are a number of desktop agents - apps which are installed by IT on every employee’s work device, and allows them to monitor and govern the devices, push updates and make sure they are used securely and appropriately.

Examples of such applications are: Jamf, Kandji, Microsoft Intune etc.

Torii can integrate with these applications and pull information on which apps are installed on each employee’s device (and, for some sources, also usage data of said apps). This information supplements other discovery sources, and provides important value specifically in cases such as:

• Apps which are only used “offline” (i.e. cannot be discovered via OAuth, SAML/SSO or Browser Extension methods) - such as many tools in the Adobe suite.
• Apps which are used dually online and offline - such as the Microsoft 365 suite.

Connect your expense software

One of Torii's strengths is reconciling data from multiple data sources. Your SaaS financial data is one of these data sources. Importing your SaaS expenses into Torii will enrich your SaaS inventory with the cost of each tool - but it is also an important way to discover apps in use (and paid for) by your organization. 

In addition to assisting with visualizing your SaaS expense, connecting your expense software to Torii will:

• Help uncover Shadow IT
• Find paid applications that are underutilized or no longer in use.

Note: Discovering SaaS expenses and apps via their expenses is available for customers with the Torii SMP module. 

Connect your contract management software

Similarly to expense software, Torii can connect to your contract management software. In addition to providing contract data to help holistically manage contracts and renewals within Torii, Torii can identify apps via their contracts and uncover more apps in use by your company - even ones you were not aware of. 

Note: Discovering SaaS contracts and apps via their contracts is available for customers with the Torii SMP module. 

Connect your core SaaS tools

Direct integrations use API to fetch user, license and (where possible) usage information from the services. This is the most accurate data as it is pulled directly from the application itself. We recommend that you connect directly to as many SaaS tools as you can - but at least make sure to connect the core apps in your organization so that you can manage them completely within Torii. 

Our direct integrations provide the following information 

• Users
• User attributes (groups, departments and more)
• Roles
• Licenses
• Last login date
• Last usage date 

Please note: Some data points may not be provided by all SaaS tool APIs and thus will not be retrieved by Torii.  

• Every integration has a designated help article which explains the specific details on how to connect it, provides answers to commonly answered questions and more.
• You can learn about our integration process from the "Introduction to Integrations" article.

Best Practices

• Start with connecting your IDP and SSO, and go over the list of apps discovered. This is good starting point to getting a feel for Torii's SaaS management capabilities, and will already provide you with a lot of visibility on apps in use by your organization.
• Connect your desktop agent tool, (and if you have the Torii SMP module) expense software and contract management software to Torii. These will be immensely helpful in uncovering Shadow IT 
• Test the browser extension's capabilities on a small sample group to prove it's value and then push for it to be deployed cross-company
• Connect as many apps as possible via Torii's native direct integration. Aim for at least 20, or your group of core SaaS apps that managing well will provide you with the most impact. 
• Connecting some of these integrations may require permissions or assistance from other employees in your organization. Lay out a plan for what you want to connect and get the approval/cooperation process started early, so that everyone is aligned when you are ready to connect. 

Next: Introduction to SaaS Expenses in Torii