Discovering Applications with SysAid

  • Published on Oct 28, 2025
Prev Next

Application Discovery automatically identifies and tracks SaaS applications used across your organization, providing IT teams with full visibility into their software landscape.
By integrating with Microsoft Entra ID (SSO), SysAid continuously captures sign-in data to detect active applications. Each discovered application is automatically added to your License Manager inventory. This creates a dynamic, always up-to-date catalog of your SaaS environment.

With this visibility, organizations can quickly identify redundant or risky applications, ensure compliance, and optimize license spend, all within their ITSM.

Avilable for:

Customer using License Manager Advanced. For more details, reach out to your SysAid representative.

How it works

Application Discovery connects to your Microsoft Entra ID (formerly Azure AD) to automatically collect information about applications used by your users. Once connected, the data gets updated on a daily basis.

When users sign in to a SaaS application via Entra ID, SysAid captures these entries and creates corresponding records in the Applications tab within License Manager.

Once the application is detected by SysAid, IT teams can get a centralized view of their application landscape and manage application statuses.

Managing discovered applications

Discovered applications appear under the Applications tab of the License Manager. Each application includes key details such as its state, discovery method, discovery date, and category.

App states

Each application can have one of several statuses that reflect its review or approval progress:

State

Description

Pending review

The application has been discovered and is ready for your review.

Under review

The application is being assessed by IT or procurement.

Optimization opportunity

The application may have unused licenses.

Requested

The application has been submitted for approval by users or departments.

Approved

The application is approved for usage.

Denied

The application was not approved for use within the organization. This helps you monitor the usage of unapproved applications.

Ignored

The application is excluded from reporting and monitoring. This lets you filter out discovered apps without removing them from the list.

By default, each discovered application has a “Pending review” state, prompting you to manage the applications. Changing an application’s state helps IT teams track which SaaS tools are allowed, which are being reviewed, and which should be removed or consolidated.

Connecting your application discovery tool

Customers who already have Entra ID (Azure addon) connected with SysAid

If you’ve already connected your SysAid account with Entra ID (Azure addon), go to your SysAid application in Entra ID and add the AuditLog.Read.All permission:

  1. Go to the Azure Portal and select Microsoft Entra ID.

  2. In the left-hand menu, navigate to Manage > App registrations

  3. Select the application used by SysAid to connect with Azure.

  4. In the selected app, go to Manage > API permissions.

  5. Click Add a permission > Microsoft Graph > Application permissions.

  6. Search for and select AuditLog.Read.All.

  7. Click Add permissions.

  8. Under Configured permissions, click Grant admin consent and confirm by selecting Yes when prompted.

Customers who haven’t connected Entra ID with SysAid

First, you’ll need to add the Azure addon to your SysAid account:

  1. In SysAid, navigate to Settings >  Integrations > Marketplace.

  2. Select Azure from the addon cards.

  3. Click Setup and manage. You will be redirected to the My apps page, where you’ll see Azure.

  4. Click the gear icon.

  5. Check the Azure is secondary to another User Repository checkbox.

  6. Click Save Changes.

Now, you can go ahead and connect the apps - keep your SysAid account in one tab and open a new tab to connect to your Azure portal.

To connect Entra ID (Azure) and SysAid, you’ll need:

  • A Tenant Name

  • A Client ID

  • A Secret Key and Domain name

  • Activate the connection

Let’s walk you through where to find the relevant details in Azure.

Tenant Name:

  1. In the Azure portal, under Azure services, choose Microsoft Entra ID.

  2. In the Overview section, go to Manage > Custom domain names.

  3. Copy the name with an “Available” status and paste it into the Tenant Name field in SysAid.
     

Client ID:

  1. Back in Azure, navigate to Azure Active Directory > App Registrations.

  2. Click New Registration.
     IntegrationOffice365NewRegistrationNewRegistration.jpg

  3. In the Name field, enter a name for the application, for example, "SysAid Login".

  4. Click Register.

  5. Back in the app overview screen, click Add a Redirect URI.
     azureSettingsfilesAppRegistration.jpg

  6. Click +Add a Platform.

  7. Click Web.

  8. In the Redirect URL column, add your SysAid account URI.

    Tip!

    1. Your SysAid URI is the URl that you see when logging into your SysAid account. It should be in the following format:
      https://www.[YourSysAidURI]image-LBWAULKL.png

    azureSettingsfilesRedirectURLRedirectURL.png

  9. Click Configure.

  10. Click Save.

  11. Click Overview in the menu to the left.

  12. Copy the Application (client) ID for the new SysAid app.
     azureSettingsfilesApplicationID.jpg

  13. Back in SysAid, paste the copied text into the Client ID field.

  14. Set Microsoft Graph permissions in Azure:

    1. In Azure, navigate to Overview > View API permissions.

    2. Click Add Permissions.

    3. Click Select an API.

    4. Select Microsoft Graph.

    5. Select the AuditLog.Read.All permission from the Application Permissions section.

    6. Click Save.

    7. In the Required Permissions section, click Grant permissions.

    8. When prompted, click Yes.
       azureSettingsfilesAPIPermissions.png

Secret key and Domain name:

  1. In Azure, under the new SysAid app, go to Manage > Certificates & Secrets.
    azureSettingsfilesDashboard.png

  2. Click New client secret.

  3. Enter a key name in the description field.

  4. Select the expiration date that suits your security needs.

  5. Click Add.
     azureSettingsfilesAddClientSecret.png

  6. Copy the contents of the key's Value column.

  7. Back in SysAid, paste the copied text into the Secret Key field.

  8. Enter the domain you want, for example - [Your company name].com.

Activate the connection:

  1. Make sure the Azure is secondary to another User Repository checkbox is checked.

  2. Click Add.

  3. Click Save Changes.

  4. Click the slider in the top right corner to activate the connection.

SysAid and Entra are now connected. You can go ahead and start the application discovery process.

Starting the initial application discovery process

Once Entra and SysAid are connected, you can start the initial application discovery process:

  1. In your SysAid account, go to License Manager > Applications.

  2. You will see the system is ready, and you can click Start the discovery process to start the scanning process.

This process might take a while, as SysAid scans usage data from the last 30 days in 12-hour increments. Once the initial process is finished, the data will be refreshed daily to make sure everything is up to date.

Let us know what you think

We’re continuously working to improve application discovery, and your feedback plays a big part in shaping what comes next. You can share your thoughts at any time by clicking the Give Feedback button in the top-right corner of the page.