The Orchestration Workspace is designed to represent all current connections to SaaS Applications and list all Policy Orchestration Points (POPs) available within the Environment.
SaaS Authorization Management provides out-of-the-box support to leading SaaS vendors and is managed within the Orchestration Workspace.. It enables the Platform to integrate with SaaS vendors to provide standardization and centralized Authorization management while supporting distributed deployment across the organization’s technology stack.
The Orchestration Workspace is used to discover, map, and manage SaaS vendor authorization policies using the vendor's native APIs. It allows your organization to centralize control over Policies originating in third-party applications, while still respecting the structure and constraints of each vendor's authorization model.
Each Orchestration Workspace includes:
- A list of Policy Orchestration Points (POPs) that define the integration between your Platform Tenant and a specific vendor tenant.
- A view of the Vendor Policies and Objects discovered through the connection.
- Tools to discover, manage, and sync Authorization Policies between systems.
For more on POPs, see Managing POPs.
For details on supported vendors and authorizers, see SaaS Authorization Management.
Permissions
The Permissions tab enables you to apply access rights to various levels of the Platform. There are two levels of access permissions:
Admins have full administrative capabilities within the Environment to create, modify, and delete entities at that level
Viewers have access to a full view of all data-related objects managed within the Environment.
Note: Permissions can only be defined when using an external IDP. Changes affecting Permissions may take up to 15 minutes to take effect in the Platform.
For more information, see Platform Permissions.
Creating an Orchestration Workspace
To begin using SaaS Authorization Management, you first need to create an Orchestration Workspace. By default, Environment do not have an Orchestration Workspace. They must be created manually.
Once you have created the Orchestration Workspace, you can manage POPs. Initially, when an Orchestration Workspace is created, the Workspace will be empty, as no POPs have been created yet. Refer to Managing POPs for instructions on how to create a POP.
Workspace Layout and Actions
When accessing an Orchestration Workspace, you can:
- View and manage all POPs connected to the Workspace.
- Initiate a Discovery Process to retrieve authorization-related data, such as Roles, Resources, and Policies, from the vendor.
- Browse discovered Vendor Policies and Objects, including seeing a side-by-side comparison of PlainID and Vendor Policies in their native terminology.
- Identify changes made by the vendor since the last sync through warning indicators.
- Deploy Policies from PlainID to the vendor.
This streamlined environment helps ensure consistency and traceability across authorization models, regardless of the vendor’s native structure.