SSO Discovery
Connect your identity provider and your agent maps every application your team accesses — who’s using what, how often, and what’s flying under the radar.Why Connect SSO?
Complete Discovery
Find every app your team accesses via SSO
Usage Tracking
See who’s using which applications
Access Insights
Identify unused licenses and access patterns
Shadow IT Detection
Discover apps IT didn’t know about
Supported Identity Providers
- Google Workspace
- Microsoft Entra
- Okta
Connect Google Workspace
Discover apps accessed via Google SSO
- All SAML and OAuth apps in your Google Workspace
- User access patterns and login frequency
- Application usage by team member
- Third-party app permissions
How SSO Discovery Works
What We Discover
Application Information
- App name and logo - Visual identification
- Vendor details - Company behind the app
- Integration type - SAML, OAuth, OIDC
- Configuration - SSO settings and policies
Usage Data
- Active users - Who’s actually using each app
- Login frequency - How often apps are accessed
- Last login - When each app was last used
- Usage trends - Increasing or decreasing usage
Access Patterns
- User assignments - Who has access to what
- Unused licenses - Users with access but no usage
- Shadow IT - Apps added without IT approval
- Access anomalies - Unusual access patterns
All usage tracking requires user consent and can be disabled in Settings → Privacy.
Permissions Required
What We Need
All SSO integrations require read-only admin access to:- ✅ Read application catalog - List all SSO-enabled apps
- ✅ Read user assignments - See who has access to what
- ✅ Read login events - Track application usage
- ✅ Read user directory - Match users to team members
What We DON’T Need
- ❌ Modify applications - We never change SSO configurations
- ❌ Manage users - We never add, remove, or modify users
- ❌ Access credentials - We never see passwords or tokens
- ❌ Change permissions - We never modify access controls
Multi-Provider Support
You can connect multiple identity providers simultaneously:Common Scenarios
Scenario 1: Acquisition or Merger- Connect both Google Workspace and Microsoft Entra
- See unified view of all applications
- Identify duplicate tools across organizations
- Some teams use Google, others use Microsoft
- Connect both to get complete visibility
- Consolidate vendor relationships
- Migrating from Okta to Azure AD
- Connect both during transition
- Track migration progress
Privacy & Security
Data Collection
- Application metadata - App names, logos, vendors
- User assignments - Who has access (anonymized in analytics)
- Login events - Timestamps and frequency (no session data)
- Usage patterns - Aggregated usage statistics
Data Protection
- Encryption - All data encrypted at rest (AES-256) and in transit (TLS 1.3)
- Access control - Only workspace admins can view user-level data
- Audit logs - Complete audit trail of all SSO sync activity
- Token security - OAuth tokens stored securely with encryption at rest
Compliance
- Data privacy - Right to access, delete, and export data (GDPR compliance in progress)
- User consent - Usage tracking requires explicit user consent
Security: Porcia follows industry-standard security practices including end-to-end encryption and role-based access control. Full security documentation coming soon.
Comparison: Email vs SSO Discovery
| Feature | Email Discovery | SSO Discovery |
|---|---|---|
| Setup time | 2-5 minutes | 5-10 minutes |
| Discovery scope | Vendors you email with | Apps accessed via SSO |
| Usage tracking | ❌ No | ✅ Yes |
| Historical data | ✅ 6 months | ⚠️ Ongoing only |
| Admin required | ❌ No | ✅ Yes |
| Best for | Vendor communications | Application usage |
Disconnecting SSO
To disconnect your identity provider:- Go to Settings → Integrations → SSO
- Find your connected IdP
- Click Disconnect
- Confirm disconnection
Disconnecting will stop new application discovery and usage tracking. Historical data will be preserved unless you choose to delete it.