SaaS Security
Onboard an Asana App to SSPM
Table of Contents
Onboard an Asana App to SSPM
Connect an Asana instance to SSPM to detect posture and account risks.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your Asana instance, you must onboard your Asana
instance to SSPM. Through the onboarding process, SSPM connects to an Asana API by
using an API token that you generate from the Asana admin console. After connecting
to the Asana API, SSPM scans your Asana workspace for misconfigured settings and
account risks.
The supported Asana account plans for SSPM scans are the following plans:
- Enterprise +
- Legacy Enterprise
To access your Asana instance, SSPM requires the following information, which you
will specify during the onboarding process.
| Item | Description |
|---|---|
| API Token |
A service account token that Asana generates for a service
account that you create. The token is an alphanumeric string
that SSPM will use to authenticate to the Asana API and leverage
the service account's permissions.
|
To onboard your Asana instance, you complete the following actions:
- Create a service account in Asana and save the service account token.An Asana service account is a non-human, programmatic identity that SSPM will use to scan your Asana workspace. When you create a service account, Asana generates and displays a service account token that SSPM will use to access the Asana API. When you create the service account, Asana will display the service account token. Asana will display this token only once, so you will need to copy and save the token so you can provide it to SSPM later.
- Open a web browser to the Asana website, and log in as a Super Admin.Required Permissions: To create an Asana service account, you must use an account assigned to the Super Admin role. Service accounts are an exclusive feature for organizations on Asana's Enterprise or Enterprise+ plans.Navigate to the Admin Console in Asana. To navigate to the Admin Console, locate your profile picture in the upper-right corner of the Asana webpage and select .In the left navigation pane, select .On the Service Accounts page, Add service account to configure your service account.Fill in the fields of Add service account dialog.
- Specify a Name for the service account. For example, SSPM Service Account.
- Under Permission scopes, select the option that allows Full permissions.
Save changes to generate the service account token. Copy the service account token and paste it into a text file.Don’t continue to the next step unless you have copied the service account token. You must provide this token to SSPM during the onboarding process.![]()
(Optional) Update the expiration period for service account tokens.By default, the lifespan for service account tokens in Asana is 10 years. To limit the attack window should the token become compromised, we recommend that you specify that service account tokens should expire after 90 days.- From the left navigation pane in the Admin Console, select .On the App settings page, locate the Token Expiration settings.For the When should service account tokens expire? setting, select 90 days.Save changes.
![]()
Connect SSPM to your Asana instance.In SSPM, complete the following steps to enable SSPM to connect to your Asana instance.- Log in to Strata Cloud Manager.Select and click the Asana tile.On the Posture Security tab, Add New instance.Log in with Credentials.Enter your API token (service account token) and Connect.
