What are the benefits of using SSO based discovery?
SSO based discovery is great for discovering the managed systems you have in the organization. Since access to managed systems is usually done with SSO using a centralized Identity Provider (idP), by integrating with your idP Mine can continuously discover systems, as well as the employees connected to them.
SSO has much lower coverage than Email based discovery, and does not support discovering unmanaged systems and support shadow IT, however it requires lower permissions to operate.
How to setup SSO based discovery?
SSO (and other) discovery tools are setup using the Radar tool in the application. See Instructions
What permissions does Mine require for SSO based discovery?
Please see the table below for the permissions required depending on the provider you use.
Azure AD
| Permission Scope | Usage |
|
User.Read.All Allows the app to read user profiles without a signed in user.
|
Sync employees list, including their properties and show who has access to which system. |
|
Directory.Read.All Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. |
Sync employees list and show who has access to which system. |
Microsoft Graph API permissions reference: https://learn.microsoft.com/en-us/graph/permissions-reference
Google Workspaces
| Permission Scope | Usage |
|
admin.directory.user.readonly Scope for only retrieving users or user aliases.
|
Sync employees list and show who has access to which system |
|
gmail.readonly Read all resources and their metadata—no write operations. |
Analyze email metadata (from,to,subject,date) to detect systems employees are using |
Google APIs permissions reference: