About the Discovery Process

  • Updated on Dec 14, 2025
  • Published on Nov 28, 2023
  • 3 minute(s) read
Prev Next

Discovery is part of the SaaS Authorization Management and it ensures that PlainID accurately identifies and maps all relevant vendor-side objects and Policies. This step is essential for maintaining synchronization, governance, and visibility across connected systems.

The Discovery process is initiated from the Orchestration Workspace, and its results appear across all Workspaces, as detailed below. Discovery is triggered when you create a new Policy Orchestration Point (POP), in addition to either manual or scheduled Discovery.

During the initial Discovery, the POP connects to the third-party vendor and retrieves objects from the vendor environment. These objects are translated into corresponding building blocks and Policies in the Platform (for example, Asset Types, Identities, Rulesets, and Policies). This alignment enables a unified Policy model across systems.

Note that Each Workspace displays different objects discovered during the process:

  • Identity Workspace: Displays Identities, Identity Sources, and Identity Attributes.
  • Authorization Workspace: Displays Policies, Asset Types, Asset Attributes, Assets, Rulesets, and Applications.
  • Orchestration Workspace: Lists Vendor Policies and Objects discovered from the connected system.

Discovery Learn vs. Manage

Discovery operates in two modes:

  • Learn Mode: Synchronizes the vendor-side environment with PlainID. Policies and Objects discovered in the vendor (such as tables, tags, and views) are created or updated in PlainID automatically.
  • Manage Mode:
    • Objects (e.g., tables, tags, views) are aligned with the vendor’s state.
    • Policies are discovered and displayed in the Orchestration Workspace but are not automatically created in the Authorization Workspace. Flags may appear to indicate inconsistencies between vendor and Platform Policies. For details on handling discrepancies, refer to Discrepancies between PlainID and Vendor Policies.

To run Discovery:

  1. From the Orchestration Workspace, select the relevant Policy Orchestration Point (POP).

  2. Choose one of the following Discovery options:

    • Manual Discovery: Click Discover Now to initiate immediate synchronization.
      image.png
    • Scheduled Discovery: Enable recurring synchronization using the POP Scheduler.
      For setup instructions, refer to POP Scheduler Management.

  3. The system compares the current state of the Platform with the vendor environment.

    • New, modified, or deleted objects and Policies are identified and updated based on the selected Discovery mode.

  4. Wait for Discovery to complete. The initial Discovery may take longer depending on the number of vendor objects, while subsequent runs are faster because only changes are processed.

Status and Progress Indicators

Once Discovery starts, a toast notification confirms that the process has begun.

During Discovery, the Discover Now button becomes unavailable, and progress indicators appear:

  • Under the relevant POP:
    image.png
  • Next to the POP-specific “Search by Keywords” input:
    image.png

Once the loading indicator in the POP card disappears, the Discovery process is complete.

If inconsistencies or errors are detected, contact PlainID Support for assistance.

Discovery Behavior for Identities

Identity Attributes define the logical structure of Identity information, while Sources and Mapper Sets represent how that information is physically obtained and organized. Attributes can be reused across multiple POPs individually. Each time a new Source is introduced, the Platform generates a corresponding Identity Source, and a single Mapper Set is used to represent that context, referencing reusable Attributes.

Only the relevant Attributes for each vendor are included as part of the Mapper Set.
For more information, refer to Object Side Panel and Identity Mapper Sets.

Cross-Vendor IDP Attribute Mapping

The following table provides a unified view of how common Identity Attributes are mapped across supported vendors. In most IDP Attributes, Attributes are preset, which are then used across POPs. This comparison helps ensure consistent usage of generic Attributes reused in Policies, regardless of each vendor’s native identity structure.

Attribute Display Attribute ID Power BI Snowflake Databricks
Current User current_user userprincipalname User_ID Current_User
Session User session_user Session_User
Group group group Current_Role Group
Secondary Group secondary_group Secondary_Role Account_Group
Session Group session_group Session_Role

Discovery is a core mechanism that keeps PlainID synchronized with connected vendor environments, ensuring that Policies and objects remain accurate, aligned, and visible across all Workspaces. By continuously retrieving and translating vendor-side resources into Platform building blocks, Discovery provides a unified Policy model and a reliable source of truth for governance and orchestration.

Discovery maintains consistency, identifies changes or discrepancies, and standardizes identity and attribute mappings across vendors. This streamlined alignment enables organizations to manage authorization confidently and efficiently, even as their ecosystems evolve.