Discovering SaaS services

As part of SaaS native data protection, R‑Cloud allows you to discover all SaaS services to which you are subscribed and map them by using R-Graph. This helps you to understand the scope of protected and unprotected SaaS data, and to use R‑Cloud to establish the data protection environment according to your business needs.

SaaS service discovery starts automatically after you allow R‑Cloud to access the required SaaS service information by configuring an identity provider for SaaS service discovery in R‑Cloud. After your SaaS services are discovered, you can explore R-Graph, a visual representation of your SaaS data protection environment, which enables you to quickly gain insight into the status of your SaaS application data protection. For details, see Exploring R-Graph.

Prerequisites

You must have the Administrator role assigned at the subscription or protection set level. For details, see Managing users.
For Microsoft Entra ID: Your service principal must have the Microsoft Graph/Application.Read.All application resource permissions.
For Okta: You must use a custom role with permissions to view applications and their details, and a custom resource set that is constrained to all applications.

Consideration

Depending on whether you are a subscription administrator or a protection set administrator, consider the following:

If you are a subscription administrator: You can discover SaaS services in all protection sets in your data protection environment.
If you are a protection set administrator: You can discover the SaaS services in the currently selected protection set.

Procedure

In the Discover Services dialog box, click New.

From the Identity Provider drop-down menu, select your identity provider, and then follow the instructions:

Identity provider	Instructions
Microsoft Entra ID	In the Display Name field, enter a display name for Microsoft Entra ID. In the Client ID field, enter the application ID that was generated for R‑Cloud by Microsoft Entra ID. In the Client Secret field, enter the application secret that was generated by Microsoft Entra ID for the application ID that you entered in the Client ID field. In the Tenant ID, enter the tenant ID of your Microsoft Entra ID.
Okta	In the Display Name field, enter a display name for Okta. In the Okta URL field, enter the URL of your Okta domain. You can find the domain in the global header located in the upper-right corner of your Okta Admin Dashboard. In the API Token field, enter the token that is used to authenticate requests to Okta via Okta APIs. You can find the Okta API token in the Okta Admin Console by navigating to Security, then to API, and then to the Tokens tab.

Identity provider

Instructions

Microsoft Entra ID

In the Display Name field, enter a display name for Microsoft Entra ID.
In the Client ID field, enter the application ID that was generated for R‑Cloud by Microsoft Entra ID.
In the Client Secret field, enter the application secret that was generated by Microsoft Entra ID for the application ID that you entered in the Client ID field.
In the Tenant ID, enter the tenant ID of your Microsoft Entra ID.

Okta

In the Display Name field, enter a display name for Okta.
In the Okta URL field, enter the URL of your Okta domain. You can find the domain in the global header located in the upper-right corner of your Okta Admin Dashboard.
In the API Token field, enter the token that is used to authenticate requests to Okta via Okta APIs. You can find the Okta API token in the Okta Admin Console by navigating to Security, then to API, and then to the Tokens tab.

Click Save. The identity provider is added to the list of identity providers.

You can later edit any of the existing identity providers (click Edit Edit and make the required modifications) or delete the ones that you do not need anymore (click Delete Delete).