You can view information about the Single Sign-On (SSO) applications, SSO users, and SSO groups that are associated with your SSO integrations.

Important: You can view information about your SSO applications, users, and groups in both the Software Asset Management Core UI and Software Asset Workspace. The following sections provide details on viewing this information in the Software Asset Management classic application. For details on viewing this information in the Software Asset Workspace, see License operations view.

Viewing SSO integration information

To view the applications, users, and groups for an SSO integration, navigate to All > SaaS License > Administration > SSO Integration Profiles and then select a profile. The related lists provide information about the integration.
Table 1. SSO Integration Profile related lists
ListDescription
SSO Applications All SSO applications.
Directory Users All SSO users.
Directory Groups All SSO groups.
Scheduled Jobs SAM - SSO <sso-provider> download applications scheduled job that downloads all SSO apps. The job runs when the SSO integration profile is published, and then runs daily.

The SAM - SSO <sso-provider> update connected applications scheduled job downloads users, groups, and subscriptions for SSO apps. The job runs daily and whenever an app is connected.
Scheduled Job Results Status of the scheduled jobs.
Directory Jobs <sso-provider> - Download Group Membership directory job that downloads group memberships for all users. The job runs when the SSO integration profile is published, and then runs daily.

The <sso-provider> - Download Groups directory job downloads all groups. The job runs when the SSO integration profile is published, and then runs daily.

The <sso-provider> - Download Users directory job downloads all users. The job runs when the SSO integration profile is published, and then runs daily.
Directory Job Results Status of the directory jobs.

Viewing SSO application information

To view the users, groups, and reclamation candidates for an application, navigate to All > SaaS License > SSO Applications and select an application. The related lists show information for the application. For viewing the SSO application information in Software Asset Workspace, see View SSO applications in workspace.

Table 2. SSO Applications
ListDescription
SSO Application Users All users that have direct access to the application, but not through membership in a group.
SSO Application Groups All groups that have access to the application.
SSO Subscriptions Total number of subscriptions for the application. A user may have both direct access to an app and have access through a group. But the user's access counts as only one subscription so as only one record in the SSO Subscriptions list.
Note:
  • Add the SSO application role column to see how the user is granted access to the application. If the value is a group, then the user has access through membership in that group. If the value is the user's name, then the user has direct access to the application. User subscriptions can't be reclaimed in Software Asset Management if the user has access to the application through a group membership. To reclaim the subscription, remove the user from the group in the Azure AD portal and set the reclamation candidate state to Closed Complete.
  • When SSO subscriptions are created through SSO application groups, the Subscription assigned value is empty. When the subscriptions are created through SSO Application Users, the Subscription assigned value shows the date of when the subscription is assigned to the user. After you upgrade to the Software Asset Management - SaaS License Management 13.1.0 version or later, the existing Subscription assigned values for the subscriptions that were created through SSO application groups turns empty.
Reclamation Candidates Subscriptions that don't meet the usage requirements that are defined by the reclamation rule for the application.

Data synchronization with SSO providers

If you delete a user, group, or app in the Azure AD portal or in the Okta Developer Console, then the corresponding records in Software Asset Management are deleted when the daily scheduled jobs run. If you revoke a user's access to an application in the Azure AD portal or in the Okta Developer Console, either directly or indirectly by removing them from a group, then the corresponding user subscription record is deleted when the daily scheduled jobs run.