>
    Onboarding Overview for Supported SaaS Apps
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    4. Onboarding Overview for Supported SaaS Apps
    Download PDF
    SaaS Security

    Onboarding Overview for Supported SaaS Apps

    Table of Contents

    Onboarding Overview for Supported SaaS Apps

    Before you onboard a SaaS app in SSPM, there are certain actions you must take.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    When you onboard a SaaS app to SSPM, SSPM might prompt you for information that SSPM uses to connect to the SaaS app, such as administrator credentials for a service account. The required information varies from app to app, and in many cases you must first take some actions on the SaaS app, such as creating an API key.
    The following table provides links to detailed onboarding instructions for most applications. Where detailed instructions are not available for a particular SaaS app, the following table describes the onboarding steps.
    SaaS AppOnboarding Instructions
    Aha.io
    See Onboard an Aha.io App to SSPM.
    Alteryx Designer Cloud
    See Onboard an Alteryx Designer Cloud App to SSPM.
    Aptible
    See Onboard an Aptible App to SSPM.
    ArcGIS
    See Onboard an ArcGIS App to SSPM.
    Articulate Global
    See Onboard an Articulate Global App to SSPM.
    Asana
    See Onboard an Asana App to SSPM.
    Atlassian
    See Onboard an Atlassian App to SSPM.
    AutomoxSee Onboard an Automox App to SSPM.
    BambooHR
    See Onboard a BambooHR App to SSPM.
    Basecamp
    See Onboard a Basecamp App to SSPM.
    Bitbucket
    See Onboard a Bitbucket App to SSPM.
    Bito
    See Onboard a Bito AI App to SSPM.
    SSPM does not support scans for Bito. You will manually enter your Bito instance's settings, which SSPM will compare against its recommended settings.
    BlueJeans
    See Onboard a BlueJeans App to SSPM.
    Box
    See Onboard a Box App to SSPM.
    Bright Security
    See Onboard a Bright Security App to SSPM.
    Businessmap
    See Onboard a Businessmap App to SSPM.
    Celonis
    See Onboard a Celonis App to SSPM.
    Cisco Meraki
    See Onboard a Cisco Meraki App to SSPM.
    Claude
    See Onboard a Claude App to SSPM.
    SSPM does not support scans for Claude. You will manually enter your Claude instance's settings, which SSPM will compare against its recommended settings.
    ClickUp
    See also Onboard a ClickUp App to SSPM.
    Codeium
    See also Onboard a Codeium App to SSPM.
    SSPM does not support scans for Codeium. You will manually enter your Codeium instance's settings, which SSPM will compare against its recommended settings.
    Cody
    See Onboard a Cody App to SSPM.
    SSPM does not support scans for Cody. You will manually enter your Cody instance's settings, which SSPM will compare against its recommended settings.
    Confluence
    See Onboard a Confluence App to SSPM.
    To enable SSPM to scan your Confluence instance for connected third-party plugins, you must also onboard the Atlassian app.
    Contentful
    See Onboard a Contentful App to SSPM.
    Convo
    See Onboard a Convo App to SSPM.
    Couchbase
    See Onboard a Couchbase App to SSPM.
    Coveo
    See Onboard a Coveo App to SSPM.
    Crowdin Enterprise
    See Onboard a Crowdin Enterprise App to SSPM.
    Customer.io
    See Onboard a Customer.io App to SSPM.
    Databricks
    See Onboard a Databricks App to SSPM.
    Datadog
    See Onboard a Datadog App to SSPM.
    DocHub
    See Onboard a DocHub App to SSPM.
    DocuSign
    See Onboard a DocuSign App to SSPM.
    Dropbox Business
    See Onboard a Dropbox Business App to SSPM.
    Envoy
    See Onboard an Envoy App to SSPM.
    Expiration Reminder
    See Onboard an Expiration Reminder App to SSPM.
    Gainsight
    See Onboard a Gainsight PX App to SSPM.
    Github Enterprise
    See Onboard a GitHub Enterprise App to SSPM.
    Gitlab
    See Onboard a GitLab App to SSPM.
    Google Analytics
    See Onboard a Google Analytics App to SSPM.
    Google Workspace
    See Onboard a Google Workspace App to SSPM.
    GoTo Meeting
    See Onboard a GoTo Meeting App to SSPM.
    Grammarly
    See Onboard a Grammarly App to SSPM.
    Harness
    See Onboard a Harness App to SSPM.
    Hellonext
    See Onboard a Hellonext App to SSPM.
    Hugging Face
    See Onboard a Hugging Face App to SSPM.
    SSPM does not support scans for Hugging Face. You will manually enter your Hugging Face instance's settings, which SSPM will compare against its recommended settings.
    IDrive
    See Onboard an IDrive App to SSPM.
    Informatica Address Doctor
    Complete the following steps to enable SSPM to access configuration information through an administrator account.
    1. Identify the Informatica Address Doctor administrator account whose login credentials you will supply to SSPM.
    2. Identify your Informatica Address Doctor tenant ID, which is included in your login URL.
    3. During onboarding in SSPM, provide SSPM with the tenant ID and the administrator login credentials.
    Intercom
    See Onboard an Intercom App to SSPM.
    Jira
    See Onboard a Jira App to SSPM.
    To enable SSPM to scan your Jira instance for connected third-party plugins, you must also onboard the Atlassian app.
    JumpCloudSee Onboard a JumpCloud App to SSPM.
    Kanbanize
    Kanbanize was rebranded as Businessmap. See Onboard a Businessmap App to SSPM.
    Kanban Tool
    See Onboard a Kanban Tool App to SSPM.
    Krisp
    See Onboard a Krisp App to SSPM.
    SSPM does not support scans for Krisp. You will manually enter your Krisp instance's settings, which SSPM will compare against its recommended settings.
    Kustomer
    See Onboard a Kustomer App to SSPM.
    Lokalise
    See Onboard a Lokalise App to SSPM.
    Microsoft 365 Copilot
    See Onboard a Microsoft 365 Copilot App to SSPM.
    SSPM does not support scans for Microsoft 365 Copilot. You will manually enter your Microsoft 365 Copilot instance's settings, which SSPM will compare against its recommended settings.
    Microsoft Azure AD
    See Onboard a Microsoft Azure AD App to SSPM.
    Microsoft Exchange
    See Onboard a Microsoft Exchange App to SSPM.
    Microsoft OneDrive
    See Onboard a Microsoft OneDrive App to SSPM.
    Microsoft Outlook
    See Onboard a Microsoft Outlook App to SSPM.
    Microsoft SharePoint
    See Onboard a Microsoft SharePoint App to SSPM.
    Microsoft Teams
    See Onboard a Microsoft Teams App to SSPM.
    Miro
    See Onboard a Miro App to SSPM.
    monday.com
    See Onboard a monday.com App to SSPM.
    MongoDB Atlas
    See Onboard a MongoDB Atlas App to SSPM.
    MuleSoft
    See Onboard a MuleSoft App to SSPM.
    Mural
    See Onboard a Mural App to SSPM.
    Nintex Workflow Cloud
    Complete the following steps to enable SSPM to connect to a Nintex Workflow Cloud API.
    1. Log in to a Nintex Workflow Cloud account that is assigned to the Global administrator role.
    2. From the Apps and Tokens page in your Nintex Workflow Cloud settings, add an app.
    3. Copy the Client ID and the Client Secret that is associated with your app.
    4. During onboarding in SSPM, provide SSPM with the Client ID and the Client Secret that is associated with your app.
    Notta
    See Onboard a Notta App to SSPM.
    SSPM does not support scans for Notta. You will manually enter your Notta instance's settings, which SSPM will compare against its recommended settings.
    Office 365
    See Onboard an Office 365 App to SSPM.
    Office 365 - Productivity Apps
    See Onboard Office 365 Productivity Apps to SSPM.
    Okta
    See Onboard an Okta App to SSPM.
    OpenAI
    See Onboard an OpenAI App to SSPM.
    SSPM does not support scans for OpenAI. You will manually enter your OpenAI instance's settings, which SSPM will compare against its recommended settings.
    PagerDuty
    See Onboard a PagerDuty App to SSPM.
    Perplexity
    See Onboard a Perplexity App to SSPM.
    SSPM does not support scans for Perplexity. You will manually enter your Perplexity instance's settings, which SSPM will compare against its recommended settings.
    Ping Identity
    Complete the following steps to enable SSPM to connect to a Ping Identity API.
    1. Log in to Ping Identity as an administrator assigned to either the Organization Admin or Environment Admin role.
    2. Create a Ping Identity worker application, which will inherit your role assignments and enable access to the API. Copy the application's Client ID and Client Secret.
    3. Copy your Environment ID and Region, which are shown on your environment page in Ping Identity.
    4. During onboarding in SSPM, provide SSPM with the following information:
      • The Client ID and Client Secret of the worker application
      • Your Environment ID and Region
    Pipedrive
    Complete the following steps to enable SSPM to connect to a Pipedrive API:
    1. Enable SSPM to connect to a Pipedrive API. Log in to Pipedrive as an administrator and copy the administrator's personal API token.
    2. During onboarding in SSPM, provide SSPM with the API token.
    Pivotal Tracker
    Complete the following steps to enable SSPM to connect to a Pivotal Tracker API.
    1. Log in to Pivotal Tracker as an administrator.
    2. Generate and copy an API token.
    3. During onboarding in SSPM, provide SSPM with the API token.
    Power BI
    See Onboard a Microsoft Power BI App to SSPM.
    Qodo
    See Onboard a Qodo App to SSPM.
    SSPM does not support scans for Qodo. You will manually enter your Qodo instance's settings, which SSPM will compare against its recommended settings.
    Qualtrics XM
    Complete the following steps to enable SSPM to access configuration information through an administrator account. Your organization must be using Okta as an identity provider. MFA using one-time passcodes must be configured.
    1. Identify the Qualtrics XM administrator whose credentials you will supply to SSPM. The account must have Brand Administrator authority.
    2. To enable SSPM to access the account using Okta credentials:
      1. Identify your Okta subdomain.
      2. Generate and copy an MFA secret key.
    3. Identify your Organization ID. After you log in to Qualtrics XM, your organization ID is included in the Qualtrics XM URL. The URL format is <org-ID>.qualtrics.com.
    4. Identify your SSO display name. To get the display name, go to AdminOrganization SettingsSSO and open the Edit page for the SSO connection.
    5. During onboarding in SSPM, provide SSPM, provide SSPM with the information.
    Redis Labs
    Complete the following steps to enable SSPM to connect to a Redis Labs API.
    1. Log in to Redis Labs as a user assigned to the Owner role.
    2. Generate and copy an API Account key and an API User key.
    3. During onboarding in SSPM, provide SSPM with the API Account key and the API User key.
    RingCentral
    See Onboard a RingCentral App to SSPM.
    Salesforce
    See Onboard a Salesforce App to SSPM.
    SAP Ariba
    See Onboard an SAP Ariba App to SSPM.
    Segment
    Complete the following steps to enable SSPM to access configuration information through an administrator account.
    1. Identify the user account whose login credentials you will supply to SSPM. The account must be assigned to the Workspace Owner role.
    2. If multi-factor authentication (MFA) is configured for the user account:
      1. Make sure MFA is configured for one-time passcodes and authenticator apps and not for text messages.
      2. Copy the MFA secret key for the account.
    3. During onboarding in SSPM, provide SSPM with the user credentials. If MFA is configured for the user, provide the MFA secret key. If MFA is not configured for the user, leave the MFA Secret Key field empty.
    Sentry
    See Onboard a Sentry App to SSPM.
    ServiceNow
    See Onboard a ServiceNow App to SSPM.
    ShareFile
    Complete the following steps to enable SSPM to connect to a ShareFile API.
    1. Log in to ShareFile using an account that has Access company account permissions.
    2. Create an API key and copy the credentials (Client ID and Client Secret) that are associated with the key.
    3. During onboarding in SSPM, provide SSPM with the Client ID and Client Secret.
    Slack Enterprise
    See Onboard a Slack Enterprise App to SSPM.
    Snowflake
    See Onboard a Snowflake App to SSPM.
    SparkPost
    See Onboard a SparkPost App to SSPM.
    Splunk Cloud
    Complete the following steps to enable SSPM to access configuration information through an administrator account. Your organization must be using Okta as an identity provider. MFA using one-time passcodes must be configured.
    1. Identify the Splunk administrator whose credentials you will supply to SSPM.
    2. To enable SSPM to access the account using Okta credentials:
      1. Identify your Okta subdomain.
      2. Generate and copy an MFA secret key.
    3. Identify your Splunk app domain, which is a subdomain included in the Splunk Cloud URL. The URL format is <app_domain>.cloud.splunk.com or <app_domain>.splunkcloud.com.
    4. During onboarding in SSPM, provide SSPM with your organization's Okta domain, the administrator credentials, the MFA secret key, and the Splunk app domain.
    Sumo Logic
    See Onboard a Sumo Logic App to SSPM.
    Syncplicity
    SSPM connects to an API and accesses configuration information through OAuth 2.0 authorization.
    1. Identify the administrator account that you will use to log in to Syncplicity to grant SSPM access.
    2. When SSPM redirects you to the Syncplicity login page during onboarding, log in to the administrator account and grant SSPM the requested access.
    Tableau
    See Onboard a Tableau Cloud App to SSPM.
    Tabnine
    See Onboard a Tabnine App to SSPM.
    SSPM does not support scans for Tabnine. You will manually enter your Tabnine instance's settings, which SSPM will compare against its recommended settings.
    Terraform
    See Onboard a Terraform App to SSPM.
    TextExpander
    Complete the following steps to enable SSPM to access configuration information through an administrator account. Your organization must be using Okta as an identity provider. MFA using one-time passcodes must be configured.
    1. Identify the TextExpander administrator whose credentials you will supply to SSPM.
    2. To enable SSPM to access the account using Okta credentials:
      1. Identify your Okta subdomain.
      2. Generate and copy an MFA secret key.
    3. During onboarding in SSPM, provide SSPM with your organization's Okta domain, the administrator credentials, and the MFA secret key.
    Tresorit
    Complete the following steps to enable SSPM to access configuration information through an administrator account. Your organization must be using Okta as an identity provider. MFA using one-time passcodes must be configured.
    1. Identify the Tresorit administrator whose credentials you will supply to SSPM.
    2. To enable SSPM to access the account using Okta credentials:
      1. Identify your Okta subdomain.
      2. Generate and copy an MFA secret key.
    3. During onboarding in SSPM, provide SSPM with your organization's Okta domain, the administrator credentials, and the MFA secret key.
    VMWare
    Complete the following steps to enable SSPM to connect to a VMWare API.
    1. Log in to VMWare Cloud Services using an account that is assigned to the Organization Owner role.
    2. Generate and copy an API token for the organization. Configure the API key to these specifications:
      • Limit Organization Roles access to the Organization Owner role.
      • Limit Service Roles to Skyline Advisor.
      • Select the OpenID scope.
      • (Optional) Select the email preference option to be notified when the token is about to expire.
    3. Copy your Organization ID, which you can access from your profile.
    4. (Optional) Activate MFA for tokens that are associated with the account, and copy the MFA secret key for the account.
    5. During onboarding in SSPM, provide SSPM with the API token and your organization ID. If you configured MFA for tokens, also provide your MFA secret key.
    Webex
    See Onboard a Webex App to SSPM.
    Weights & Biases
    See Onboard a Weights & Biases App to SSPM.
    SSPM does not support scans for Weights & Biases. You will manually enter your Weights & Biases instance's settings, which SSPM will compare against its recommended settings.
    Workday
    See Onboard a Workday App to SSPM.
    Wrike
    See Onboard a Wrike App to SSPM.
    YouTrack
    See Onboard a YouTrack App to SSPM.
    Zendesk
    See Onboard a Zendesk App to SSPM.
    Zoho One
    Complete the following steps to enable SSPM to access configuration information through an administrator account. Your organization must be using Okta as an identity provider. MFA using one-time passcodes must be configured.
    1. Identify the Zoho One administrator account whose credentials you will supply to SSPM.
    2. To enable SSPM to access the account using Okta credentials:
      1. Identify your Okta subdomain.
      2. Generate and copy an MFA secret key.
    3. Identify your Zoho One region where your data is hosted. This information is available on the account profile page.
    4. During onboarding in SSPM, provide SSPM with your organization's Okta domain, the administrator credentials, the MFA secret key, and your region.
    Zoho WorkDrive
    See Onboard a Zoho WorkDrive App to SSPM.
    Zoom
    See also Onboard a Zoom App to SSPM.

    © 2025 Palo Alto Networks, Inc. All rights reserved.