How to automate SaaS rights assignment and revocation with directory synchronization

How to automate SaaS rights assignment and revocation with directory synchronization

As the number of SaaS operations, the work of SaaS operations is bound to increase. This is where synchronizing directory services such as Active Directory plays an important role.
October 19, 2023
4 min read
Megazone PoPs
It's time to gain visibility into your SaaS usage.
Request a demo to see how PoPs helps you integrate and manage the SaaS tools used across your organization.
Request a Demo

Introduction

The number of SaaS operations conducted in anticipation to the number of SaaS. Since users and licenses are managed for each SaaS, SaaS operations are bound to increase as the number of SaaS contracts. If pops revoke the rights of retirees such as Notion, Slack, and Zira, it will actually be considered in each SaaS.

To sync users from a directory to a POPs organization, you must first add a directory to the organization. In this article, I will explain how to integrate Active Directory.

Inactive Active Directory

1. A memorable work

Before adding an LDAP directory to an organization, the following tasks must be discussed:

(1) Dissolve the firewall

The firewall must be disabled so that POPs can access the LDAP server. If the firewall is opened so that the following IPs can access the 389 (LDAP) and 636 (LDAPS) ports, POPs can communicate with the server and manage sensitive information.

- 13.124.200.100

- 13.209.184.88

(2) Manager DN preparation

Prepare the DN of the administrator account to be used to authenticate the server to which you want to connect. You can use an existing account, but we are creating a separate account to use for the POPs directory.

2. Add directory > enter information

When the completed tasks are completed, click the [Add Directory] button in the directory list and select the [LDAP] button to move to the information input screen. On the information input screen, basic information and server information must be considered in order to link with a server in an existing directory.

(1) Basic information

Basic information is used to separate directories within an organization.

- Directory name*

- Directory description

- Password change URL

(2) Server information

The following server information is required to actually connect to the server and related information.

- Host*

- Port*

- Base DN*

- Manager DN*

- Manager Password*

After completing all required fields (*) of basic information and server information, click the [Test Connection] button. In order to move on to the next step, the server must be integrated through a connection test. If the connection test is successful, click Next to move to the next step.

3. Add directory > Filter settings

(1) Filter settings

A filter must be set to specify the list of users to be imported from the server. The following information must be considered in order to set filters. Filters cannot be modified after the directory has been added.

- Search Base*

- User Search Filter*

(2) Filter testing

After considering all required items (*) for filter settings, click the [Test Filter] button. In the filter test, can you find out the number of users queried through the interesting filter information. If the intended filter information is different from the number of users to be queried, check that the filter information corrected is correct and try again. If the filter test is successful, click Next to move to the next step.

4. Add directory > Link attributes

(1) Link required attributes

Map directory attributes to fields in the organization. Fields that are managed as required by an organization must be mapped to an attribute in the directory. The fields managed as required by the organization are the organization's default fields and custom fields, which have been considered as required by the administrator. Mappings can be modified at any time, even after the directory has been added.

(2) Preview properties

The mapped attributes can be used to test what values are being considered from the directory. After selecting the username of the directory user in the attribute preview input box, click the [Preview] button to import and display the mapped value based on the user information.

5. Directory addition completed

Once you have connected the attributes, you can finalize adding the directory by adding the [Add Directory] button.

Automate the assignment and revocation of SaaS permissions

SaaS management requires synchronization by synchronizing users after directory integration. After authenticating to the SaaS API in the POPs admin, view the list of users in that SaaS. With linked SaaS, user permissions can be set in the POPs admin, and the settings are applied to the relevant SaaS. In other words, POPs can manage users of each SaaS such as Slack, Zira, and Asana in one place.

If you manage multiple SaaS with a single platform, routine tasks will be automated, processing time will be efficient, and employees will be able to focus on more important tasks. Megazone Cloud has also reduced onboarding time for new hires by hired and quickly upgraded SaaS rights to new hires through POPs.

Get notified whenever valuable SaaS management content is updated.

구독해주셔서 감사합니다.
이메일 주소를 다시 확인해주세요.
By clicking the “Subscribe” button and submitting your email, you are deemed to consent to receiving promotional information for marketing purposes. This is optional and will not affect your use of the MegazonePoPs service even if you do not agree.
[Required] Consent to Collection and Use of Personal Information
PoPs collects and uses your personal information as described below. Please review the following and indicate your consent by checking the box.

Collector: MegazoneCloud Corp.

Personal Information Collected:
[Required] Email address

Purpose of Collection and Use:
- To provide the PoPs newsletter

Retention and Use Period:
- 3 years from the date of collection (data will be deleted without delay upon withdrawal of consent)

※ How to Withdraw Consent

Click the unsubscribe link in the email or notify us via the contact listed in the message

Personal Information Inquiry Contact

Team: Offering GTM Team

Email: offering_gtm@mz.co.kr

※ Right to Refuse & Disadvantages
You have the right to refuse consent. However, if you do not agree, we may not be able to provide the above-mentioned service.

[Optional] Consent to Collection and Use of Personal Information (for Marketing & Promotional Use)
PoPs collects and uses your information as described below. Please review and indicate your consent by checking the box.

Collector: MegazoneCloud Corp.

Personal Information Collected:
[Required] Email address

Purpose of Collection and Use:
- To send PoPs newsletters
※ This includes consent to receive promotional content via email.

Retention and Use Period:
- Until consent is withdrawn

※ How to Withdraw Consent

Click the unsubscribe link in the email to opt out

Personal Information Inquiry Contact

Team: Offering GTM Team

Email: offering_gtm@mz.co.kr

※ Right to Refuse & Disadvantages
You have the right to refuse consent. However, if you do not agree, we may not be able to provide the above-mentioned service.

Back to list

Achieve SaaS Cost Optimization

Gain full visibility into your SaaS usage and uncover hidden expenses through centralized management.
Control rising costs, eliminate waste, and make smarter decisions—starting now.
Request a Demo
We’ll respond within 3 business days.
Includes a live walkthrough of SaaS integration and centralized management across your organization.