counting subscription users from a specific SSO group

David Buckner
Tera Contributor

Question:

Is there a way for SAM Pro to only count SSO subscription users for users that have a specific role or license assigned to them in the respective SaaS portal? 

 

Context: We have set up a SSO integration profile for software that our end users access via Okta. Many of the SSO applications that we have connected to the integration profile have several Active Directory groups behind Okta to determine the role of the user (e.x. admin vs licensed user vs read only etc). These groups are displayed as SSO groups in SAM Pro. When an application is connected using the SSO integration profile, all users from each SSO group associated to the application are pulled into SAM Pro as "SSO subscriptions" and consume a license against the entitlement in SAM Pro. This can make it look like we are overallocated as every accessing a SaaS portal via Okta will consume a license, when in reality only users in a specific AD group (SSO group) are assigned a full use license. My initial thought was to add a condition to the software model to only count users in a specific SSO group as consuming a license. The condition I added was "SSO Subscription.SSO application role.SSO Application Groups.Directory Group" is "group name." However, users from all AD groups are still being counted as SSO subscriptions. Is there a different way to target the licensed subset of users who have access to a SaaS application? 

0 REPLIES 0