faq
Frequently Asked Questions
App Discovery
This feature allows you to discover SaaS that is being used without authorization using OAuth and SSO, and check who is using what software and what licenses they are using. The app discovery feature can prevent indiscriminate SaaS use and suggest new policies or alternatives.
How do I know if my users are using SaaS?
You can view the user's app login history. This allows you to see whether the user is logging into a specific app, not logging in, or is inactive for a long time.
Why is shadow IT a threat from an administrator's perspective?
Shadow IT refers to software, applications, devices, etc. that are used by employees of a company without the permission of the IT or security team. Because they are used without permission, they are vulnerable to data leaks and security breaches.
Employees can leak data and compromise security, whether intentionally or not. When data is moved, it loses control and oversight, and it goes beyond the scope of security protocols, making security, compliance, data breaches, and disaster recovery difficult.
How is the user list structured? Is it viewable in one place?
It is possible. You can aggregate and check the list of users and numbers assigned to the app in various ways. You can get insights to increase the utilization and efficiency of SaaS.
Cost Optimization
Can I pay for SaaS costs at once at PoPs?
You can see the SaaS contract details used within your organization at a glance. You can manage the contract period, usage status, price, and contract manager of each contract at once, and you can also renew the contract for each SaaS. We plan to support SaaS cost payments at once in PoPs.
How do I check the cost of using the app?
You can check the cost of using the app through the invoice. We are planning various ways to check the cost. We provide various cost confirmation methods such as invoice, card payment history linkage, ERP linkage, etc., and customers can check the cost registered through the corresponding method.
How do I import invoices into PoPs?
You can send invoices to PoPs or enter invoice information and link it to the corresponding SaaS contract. You can automatically add invoice emails by email parsing.
Can I also subscribe to new SaaS through PoPs?
Of course. We are also preparing a service that will recommend products that fit your organization and allow you to see user reviews.
Account Management Automation
Why is directory synchronization useful?
Administrators do not need to manually set up directories one by one. For example, if our organization (company) uses Google Workspace or Microsoft 365, we can import the directory as is and apply it to PoPs. In addition, we can set the synchronization scope so that only specific organizations can be synchronized.
How can we automatically provision SaaS to identify what the enterprise is using?
It depends on whether the SaaS provides the corresponding API. Apps that provide user provisioning functionality can view, invite, add, activate, delete, and deactivate users. Apps that provide provisioning APIs can view the user list in the admin console, so that you can compare it with the organization's user list. Even if the administrator does not assign or de-assign users, provisioning is automatically performed through directory synchronization to the organization that assigns the app.
I have a former employee. I want to reclaim all app assignments immediately. What should I do?
You can automatically revoke permissions. Depending on the situation in your organization, you can also set up policies such as: Notify the departure and deprovisioning administrator (Org Admin, App Admin, License Admin, Manager) → Notify the SCIM Admin → Assign (determined by team-organization/group, job)
Can PoPs be accessed from outside the organization?
It depends on your network settings. Organizations can control which IPs are allowed. They can also set sessions to expire after a maximum session time to reduce the risk of session cookie misuse and hijacking.
Can only organization admins manage the app?
You can designate separate app administrators. The organization's administrator can designate app administrators with permissions for each app, such as assigning and deleting. You can also have multiple administrators for one app. App administrators are designated from among the organization's users and manage only the apps for which they are responsible.
What are the benefits of segmenting and unitizing into workspaces, directories, and groups?
Workspaces are suitable for one-time or repetitive projects. Companies have multiple projects, large and small. The people involved in the projects and the work they do will all be different. It is time-consuming to individually manage the SaaS used each time, set permissions, and apply security regulations. In this case, if you use workspaces to manage them, you can conveniently maintain settings temporarily and repeatedly depending on the project.
Also, assuming there is a TF, if you manage it by grouping, you can temporarily group and manage the necessary personnel without touching the organization chart. Since the organization chart set in Google Workspace or Microsoft 365 can be applied to the PoPs directory as is, repetitive and time-consuming work can be omitted.
You can also subscribe to and apply for a plan based on your workspace to manage your costs separately. All the features are provided so that you can use your workspace as a separate organization.
Is it possible to set up subtenants under an organization?
It is possible. You can create sub-tenants called workspaces and manage them according to your needs, such as affiliates, subsidiaries, and grandchild companies, or by department or project.
Can an enterprise also be managed using a single PoP?
Of course. You can use each affiliate, subsidiary, or subsidiary company as a separate workspace or directory to suit your management system.
How do users apply when they want to use a new app?
Users can see the apps that I can use in the launcher. This is because the apps that the administrator has approved for the user's request are displayed in the launcher. You can check the available apps in the launcher and request to use them. After approval is completed according to the process set by the administrator, the organization administrator (or app manager) assigns the app. Apps that support OAuth can be used at any time if the user consents to providing information without the administrator's approval.
SSO
Is it possible to log in to SaaS (app) only with SSO?
Apps that do not support SSO can still be added by the administrator in the organization and assigned to users. Users can also check the unsupported apps in the launcher. However, since SSO is not supported, only a link is provided and login is done separately in the app. Apps that do not support SSO can be logged in by saving the ID and password of the app in PoPs.
Do I have to use Google Workspace or Microsoft 365 for SSO?
PoPs provide features such as SSO and MFA. Since I use Google Workspace or Microsoft 365 for basic email and productivity tools for work, I mostly use Google Workspace and Microsoft 365 accounts. For apps that do not support SSO, you can save the ID and password of the app in PoPs and log in.
How is it different from Okta?
PoPs overlaps with IdP and security-related features such as SSO and MFA provided by Okta, but it has a roadmap as a SaaS Management Platform such as inquiry into SaaS usage and cost, cost optimization, more suitable SaaS recommendation, and SaaS management automation.
Compliance
Can PoPs be accessed from outside the organization?
It depends on your network settings. Organizations can control which IPs are allowed. They can also set sessions to expire after a maximum session time to reduce the risk of session cookie misuse and hijacking.
Can only organization admins manage the app?
You can designate separate app administrators. The organization's administrator can designate app administrators with permissions for each app, such as assigning and deleting. You can also have multiple administrators for one app. App administrators are designated from among the organization's users and manage only the apps for which they are responsible.
Is two-step authentication required?
The administrator can apply a two-step authentication policy to each app. Apps that are required can only be used with two-step authentication. The authentication method is the two-step authentication method set for the user account in common. If two-step authentication is not set for the user account and the user logs in to an app that requires two-step authentication, two-step authentication is set first.
What if I lose my two-step authentication method?
When setting up two-step verification, users register an email address for verification in case they lose their authentication method. If they lose their authentication method, they can disable two-step verification through the email address for verification.
Pricing
I'm curious about the price of PoPs.
PoPs consists of four plans: Free, Essentials, Professional, and Enterprise. We will support you to choose the plan that best suits your organization's situation.
View pricing page → What are the charging criteria?
A monthly usage fee is charged per member based on the annual/monthly contract.
For example, if a company with 1,000 employees uses Professional for just one month, it will be charged $6,000.
Do I have to sign a contract for a year?
You can sign a contract for a month as well as a year. For more information, please
contact us .
Is user provisioning free?
User provisioning is supported starting from the Professional plan.
MegaZone Cloud provides SSO function free of charge to existing customers.
Can I change my plan at any time?
You can also change your plan while you are using it. For more information, please leave a
inquiry .
Is it true that add-ons are optional and have different prices depending on the plan?
About SMP
What is a SaaS Management Platform (SMP)?
SMP is an abbreviation for SaaS Management Platform, which is a platform for integrating and managing SaaS used in an organization. SaaS administrators can control it from a centralized console, and employees can conveniently check and use all SaaS to which they have access from a single console.
According to the 2022 Gartner report, SMPs should have seven capabilities. They are defined as Discover (SaaS app usage and cost), Manage (SaaS app configuration and regulation), Optimize (cost and entitlement), Automate (admin, templates, workflow), Enable (app catalog, adoption and ROI insights), and Govern (reports, notifications, SLA and XLA measurement, integration via API). PoPs are listening to the voice of customers and improving their products.
Today, regardless of the size of the company, an average of 100 SaaS are being used. Since the management entity of SaaS is not clear, IT, finance, and general affairs personnel only perform the minimum management.
SMP allows you to provision SaaS used by employees and check usage and cost visibility from a centralized console. This helps you use SaaS more efficiently. It also eliminates data leaks and security threats by identifying unauthorized SaaS (shadow IT) and placing them under management.
Any business, organization, or group that uses SaaS can use it.
What is the difference between SSO and SMP?
SSO(Single Sign On) is an authentication solution that allows users to log in to multiple applications and websites using a single login credential. SMP(SaaS Management Platform) is a platform that manages and operates SaaS used by an organization. PoPs provide both SSO and SMP functions.