SaaS Integration Guide
1Password
AKASHI
AWS IAM Identity Center
Acall
Active! gate SS
Adobe CC (Enterprise plan)
AirCourse
Airtable
Amazon Business
Amazon Web Services (AWS)
Amplitude
Amptalk
App Store Connect
AppFigures
AppsFlyer
Asana
Ashita_cloud
Atlassian
Autodesk(Suspended)
Awesome Screenshot
Backlog
BambooHR
Basecamp
Bitbucket
Bitdefender
Bitrise
Bitwarden
Biz Storage fileshare
BlazeMeter
Board
Box
Brabio!
Businessmap
Cacoo
Calendly
Call Connect
Canny
Canva
Channel
ChatGPT for teams
Chatwork
Cisco Meraki
ClickUp
Clip Studio
Cloud CIRCUS
Cloud Campus
Cloud sign
Cloudflare
Codecov
Collaboflow
Confluence
Contentful
ContractS CLM
Coopel
Create! Web Flow
Crowdstrike
Cybozu
Datadog
DatoCMS
DeepL
DeployGate
Dialpad
DirectCloud
Discord
DocSend
Docbase
Docker
DocuSign
Domo
Drata
Dropbox Business
Dropbox Sign
Elastic Cloud
Esa
Exment
Expensify
FastAnswer2
Fastly
Figma
Flyle
Fontworks
Formrun
Formspree
Freshchat
Freshdesk
Freshservice
GMO Sign
Garoon
Gather
Ghost
GigaCC
GitHub
GitKraken
GitLab
Google Cloud Platform
Google Drive with Service Account
Google Play Console
Google Tag Manager
Google Workspace
HENNGE One
HERP Hire
HRBrain Talent Management
HRMOS Talent Management
HRMOS adopts
HRMOS diligence and indolence
HackMD
HaloPSA
Heap
Heroku
Honeybadger
Honeycomb
HotProfile
HubSpot
Hubble
Huntress
ISM CloudOne
InVision
Intercom
Jamf
JetBrains
Job Can Recruitment Management
Job Kan Attendance Management
Job Kan Labor HR
KARTE
KING OF TIME
Kamon
Kaonavi
Keeper Enterprise
Kibela
Kincone
Kintone (Japanese version)
LINE WORKS (OAuth linkage)
Lanscope Endpoint Manager
Lanscope Endpoint Manager (Device)
Lastpass
Linear
List of supported SaaS
Looker
Loom
Lucidchart
Lumin
Lychee Redmine
MAJOR FLOW Z
Mackerel
Mail Dealer
Mailtrap
Marketo Engage
Mekari Journal
Meta Ads Manager
Metabase
MicroCMS
Microsoft 365
Microsoft Entra ID (Azure AD)
Microsoft Intune
Microsoft Teams
MiiTel
Miro
Money Forward Admina
Money Forward Cloud Accounting
Money Forward Cloud Accounting Plus
Money Forward Cloud Accounting Plus (Cost Data)
Money Forward Cloud Agreement
Money Forward Cloud Attendance
Money Forward Cloud Expense
Money Forward Cloud Fixed Assets
Money Forward Cloud Human Resources Management
Money Forward Cloud Invoice
Money Forward Cloud Payroll
Money Forward Cloud payable
Money Forward Pay for Business
Mural
My Redmine
NEXT ENGINE
NI Collabo 360
Netlify
Netsuite
New Relic
NinjaMock
NinjaOne RMM
NotePM
Notion
Okta
OneDrive
Onelogin
OpenAI Platform
Openlogi
OpsRamp
Overflow
PHONE APPLI PEOPLE
PagerDuty
Percy
Pipedrive
Postman
Productboard
ProtoPie
Quantive
Quay
Questetra
Quickbooks
Rakuro
Re:lation
Receptionist
Recruitment batch Kanrikun
Redash
Reftab
Rollbar
SECURE DELIVER
Salesforce
Sansan
Save Point
Seculio
SecureNavi
SendGrid
Sentry
ServiceNow
Shopify
Signavio
Site24x7
Sketch
Slack
Slido
Smaregi Time Card
SmartHR
Smartsheet
Snowflake
Snyk
Soliton OneGate
SonarCloud
Soracom
Splashtop Enterprise
Square
Studio
Sumareji
TOYOKUMO Safety Confirmation Service 2
Tableau
Tailscale
Tally
Tareru Dokodemo Cabinet
Tayori
TeamGantt
TeamSpirit
TeamViewer
Teamwork
Terraform Cloud
TimeCrowd
Todoist
Toggl track
TrackJS
Transifex
Trello
Trimble
Trust Login by GMO
Twilio
Typeform
Unipos
Unity
Valimail
Vercel
Vimeo
Wantedly
Webex by CISCO
Webflow
Whimsical
Wistia
WithSecure
Wix
Wordpress
Wordpress self-host (API)
Workable
Workhub
Workplace from Meta
Wrike
Xero
YarakuZen
Yayoi My Portal
Yoom
YouCanBook.me
Zaico
Zapier
Zendesk
Zenhub
Zeplin
Zoho CRM
Zoho People
Zoom
bakuraku series
dbt Cloud
direct
fondesk
freee HR
freee accounting
freee sign (formerly NINJA SIGN)
hotjar
invox
job can payroll
job can workflow
kickflow
kintone (global version)
monday.com
oVice
oplus
raku raku sales
smartround
trocco
What's New
Tutorial
0. Getting Started
1. Account Creation and Initialization
2. Employee Master Setup
3. Cost Management Setup
4. Integrating SaaS
5. Setup Billing
SaaS Management
Billing
Check SaaS license status
Custom Apps(Manual Integration)
How can I learn more about how to work with cloud services?
How to link cloud services managed by other business divisions and departments?
Integration Log Function
Inviting other users
Need to stop the integrated service
Request an unsupported SaaS or feature to be added
Troubleshooting failed integrations
User Type Judgment Criteria: Quick Reference
[Event Log] Check SaaS usage
Shadow IT
Admina Browser Extention for Microsoft Edge
How to setup Admina Browser Extension
Shadow IT Detection
The detail of Shadow IT detection
Account Management
About alert types
Account Provisioning (register a new SaaS account)
Export account data
What is Last Activity
Employee Off-Boarding
Alert Mute
Delete/deactivate an account in the Admina by Money Forward
Do you have a retired account left?
Manage former employee accounts (Employee offboarding)
Note on possible data loss when deleting a cloud service account
Retired account export
Slack Notification Settings
Cost Management
Analyze the cost situation (Insight)
Check the payment status of SaaS
Cost Management with CSV Data
Manage SaaS contract dates
Manage SaaS invoices and receipts
Use cost management β
Manage public files
External Shared Content Management Functions
[Google Drive] Specify the conditions for detecting files
[Safelist] Exclude detected files
Device Management
Device features FAQ
How to create a device ledger CSV for import
List of management items
Use device functions
FAQ
Can I use two-factor authentication (2FA) to log into Money Forward Admina?
Deleted users in Google Analytics remain in Money Forward Admina
How to get an account with Jira, Confluence, Trello, etc.
How to invite Admina operators
I want to change my Money Forward Admina login password
If you link with the Money Forward Cloud Series, you will receive a security notification email
Integration procedures when 2FA (two-factor authentication) is enabled
New Admina Role
To change your Money Forward Admina billing address
User name display (acquisition criteria)
What happens if the person who linked the cloud service retires?
What if IP address restrictions are applied on the SaaS side?
[Integration Error] Authentication error occurs when login using Google Authentication or SSO.
Others
Table of Contents
- All Categories
- Tutorial
- 2. Employee Master Setup
2. Employee Master Setup
Updated by Yasuhiro Miyoshi
Employee master setup will unleash ’s full potential and allow you to determine any former employee accounts, guest accounts, etc., helping you gain complete visibility into your SaaS apps, in real-time.
Admina currently supports the following SaaS as employee masters.
- Google Workspace
- Azure AD
- Microsoft 365
- Okta
- Smart HR
Employee master can be configured from Settings > Organization > Setup employee master.
Google workspace
How to Integrate
- Go to Settings > Organization > Setup employee master.
- Select Google Workspace and Click “
Sign in with Google
” - Please make sure to sign in with an account with Super Admin role.
- If a workspace has already been integrated, select it and click the "
Integrate
" button to complete the process. - If you want to integrate with a workspace that is not yet integrated, then select "Integrate new workspace" and then click "
Integrate
" to continue.
- A screen for selecting access rights will appear. Check all items, then click Continue.
Labeling conditions after employee master integration
- Obtain a domain name to identify the company as an employee of the company. Domain names also include subdomains and alias domains.
- If the SaaS side finds an email address that is not in Google Workspace, it determines that the email address is an employee based on the domain.
- User objects retrieved from Google Workspace are given the "Employee" label.
- Group objects retrieved from Google Workspace will be given the "System" label.
- All objects registered in domains other than the domain of the employee master will be assigned the "External" label.
- IDs with employee labels that have been deleted or suspended will also be assigned the "Former Employee " label.
- If for some reason an email address cannot be obtained, an "Unknown" label will be assigned.
- Google Workspace will keep the ID for a certain period of time after deletion, and then it will disappear completely. While it remains, a retirement label is given and data is retrieved, but after it disappears completely, it also disappears from the list of accounts on the Google Workspace details screen.
AzureAD, Microsoft365
How to Integrate
- Go to Settings > Organization > Setup employee master.
- Select Azure AD or Microsoft 365 and Click “
Integrate
” - If a workspace has already been integrated, select it and click the "
Integrate
" button to complete the process.
- If you want to integrate with a workspace that is not yet integrated, click "Integrate new workspace" and then click "
Integrate
". The normal integration flow will be displayed, so please follow the integration procedure of AzureAD or Microsoft 365 to successfully integrate the workspace.
【Attention】
- When inviting a user with administrative privileges to configure the employee master, please invite the user as "Admin", and not as a "Member".
The "Settings" screen, which is a configuration item for the employee master, will not be displayed due to authority limitation.
Labeling conditions after employee master integration
- Obtain a domain name to identify the company as an employee of the company. The domain name includes subdomains. However, if the Azure tenant itself is different, the domain name cannot be obtained. Only the primary tenant of the linked user's data will be acquired.
- If an email address is found on the SaaS side that is not in AzureAD, Microsoft365, it is determined to be an "Employee" based on the domain.
- User objects that can be retrieved in AzureAD, Microsoft365 include objects other than actual users. Specifically, resources such as meeting rooms, shared mailboxes, etc.
- Of the user objects retrieved from AzureAD, Microsoft365
- Group address objects will be given a "system" label.
- Resource objects (e.g., meeting rooms) will be assigned the "system" label.
- Shared mailbox objects (*) will be labeled "system"
- The connector account (
On-Premises Directory Synchronization Service Account
) used to connect AzureAD and On-premise AD is assigned a system label. - All other accounts are assigned the "Employee" label as regular accounts.
- Accounts with employee-labeled IDs that are set to Login Disable will also be assigned the "Former Employee" label.
- All objects registered in domains other than the domain of the employee master will be given the "External" label.
- If for some reason an e-mail address cannot be obtained, an "Unknown" label will be assigned.
AzureAD, Microsoft365 will change the "PrincipleID" as soon as it is deleted, and it will be seen as a different user.
Okta
How to Integrate
- Go to Settings > Organization > Setup employee master.
- Select Okta and input Workspace Key & Access Token and Click “
Integrate
” - Please refer to the Okta integration guide for more details on how to integrate with Okta.
Labeling conditions after linking the employee master
- Accounts that have an email address and exist in Okta will be given the "Employee" label. (There is no distinction by domain).
- Accounts that have an email address but do not exist in Okta will be labeled as "External".
- Accounts with a status of "Suspended" will be assigned the "On leave" label.
- Accounts with a status of "Deactivated" will be labeled "Former Employee".
- If for some reason an email address cannot be obtained, an "Unknown" label will be assigned.
SmartHR
How to Integrate
- Go to Settings > Organization > Setup employee master.
- Select SmartHR and input Workspace Name, Workspace Key & Access Token and Click “
Integrate
” - Please refer to the SmartHR integration guide for more details on how to integrate with SmartHR
Labeling conditions after employee master linkage
Synchronization targets are SmartHR email address accounts and accounts that exist in the employee list.
If an email address in the email address account and an account in the employee list are linked, they will be merged into a single employee.
In that condition,
- Accounts that exist in SmartHR's "Employee List" will be given the "Employee" label.
- Accounts with the "Employee" label that have an enrollment status in SmartHR of "On Leave" or "Retired" will be given the "Retired" label as well.
・ Accounts that do not have an email address in either of these categories will not be eligible for synchronization.
This is in Japanese only.
About Roles in SmartHR
The following accounts are described as Crew
or User
in the IT Management Cloud
- Accounts that exist in Smart HR's "Employee List":
Crew
- Accounts that exist in the "Email Accounts" section of Smart HR:
User