SSO based Discovery FAQ

What are the benefits of using SSO based discovery?

SSO based discovery is great for discovering the managed systems you have in the organization. Since access to managed systems is usually done with SSO using a centralized Identity Provider (idP), by integrating with your idP Mine can continuously discover systems, as well as the employees connected to them.

SSO has much lower coverage than Email based discovery, and does not support discovering unmanaged systems and support shadow IT, however it requires lower permissions to operate.


How to setup SSO based discovery?

SSO (and other) discovery tools are setup using the Radar tool in the application. See Instructions


What permissions does Mine require for SSO based discovery?

Please see the table below for the permissions required depending on the provider you use.


Azure AD

Permission Scope Usage


Allows the app to read user profiles without a signed in user.


Sync employees list, including their properties and show who has access to which system.


Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

 Sync employees list and show who has access to which system.

Microsoft Graph API permissions reference:


Google Workspaces

Permission Scope Usage

Scope for only retrieving users or user aliases.


Sync employees list and show who has access to which system


Read all resources and their metadata—no write operations.

Analyze email metadata (from,to,subject,date) to detect systems employees are using


Google APIs permissions reference: