About the Discovery Process

  • Updated on Oct 29, 2025
  • Published on Nov 28, 2023
  • 2 minute(s) read
Prev Next

Discovery is part of the SaaS Authorization Management and it ensures that PlainID accurately identifies and maps all relevant vendor-side objects and Policies. This step is essential for maintaining synchronization, governance, and visibility across connected systems.

The Discovery process is initiated from the Orchestration Workspace, and its results appear across all Workspaces, as detailed below. Discovery is triggered when you create a new Policy Orchestration Point (POP), in addition to either manual or scheduled Discovery.

During the initial Discovery, the POP connects to the third-party vendor and retrieves objects from the vendor environment. These objects are translated into corresponding building blocks and Policies in the Platform (for example, Asset Types, Identities, Rulesets, and Policies). This alignment enables a unified Policy model across systems.

Note that Each Workspace displays different objects discovered during the process:

  • Identity Workspace: Displays Identities, Identity Sources, and Identity Attributes.
  • Authorization Workspace: Displays Policies, Asset Types, Asset Attributes, Assets, Rulesets, and Applications.
  • Orchestration Workspace: Lists Vendor Policies and Objects discovered from the connected system.

Discovery Learn vs. Manage

Discovery operates in two modes:

  • Learn Mode: Synchronizes the vendor-side environment with PlainID. Policies and Objects discovered in the vendor (such as tables, tags, and views) are created or updated in PlainID automatically.
  • Manage Mode:
    • Objects (e.g., tables, tags, views) are aligned with the vendor’s state.
    • Policies are discovered and displayed in the Orchestration Workspace but are not automatically created in the Authorization Workspace. Flags may appear to indicate inconsistencies between vendor and Platform Policies. For details on handling discrepancies, refer to Discrepancies between PlainID and Vendor Policies.

To run Discovery:

  1. From the Orchestration Workspace, select the relevant Policy Orchestration Point (POP).

  2. Choose one of the following Discovery options:

    • Manual Discovery: Click Discover Now to initiate immediate synchronization.
      image.png
    • Scheduled Discovery: Enable recurring synchronization using the POP Scheduler.
      For setup instructions, refer to POP Scheduler Management.

  3. The system compares the current state of the Platform with the vendor environment.

    • New, modified, or deleted objects and Policies are identified and updated based on the selected Discovery mode.

  4. Wait for Discovery to complete. The initial Discovery may take longer depending on the number of vendor objects, while subsequent runs are faster because only changes are processed.

Status and Progress Indicators

Once Discovery starts, a toast notification confirms that the process has begun.

During Discovery, the Discover Now button becomes unavailable, and progress indicators appear:

  • Under the relevant POP:
    image.png
  • Next to the POP-specific “Search by Keywords” input:
    image.png

Once the loading indicator in the POP card disappears, the Discovery process is complete.

If inconsistencies or errors are detected, contact PlainID Support for assistance.