Trelica is a SaaS management platform that helps IT teams to identify and manage the applications that are in use within their organizations.
Trelica connects to other apps in order to collect information about how apps are used and manage access to those apps. Trelica uses the information it collects to make recommendations on reducing costs and improving security. IT teams can configure Trelica to automate granting employees access to the apps they need and revoking access when individuals move teams or leave your organization.
Connection types
Trelica typically connects to applications in one of two ways: via the OAuth2 protocol or using an API key.
OAuth2
OAuth is an open standard which lets you delegate access to your data to another application. This means that you can easily instruct one of your SaaS applications to give Trelica access to certain types of data. OAuth is the simplest way to control data sharing between SaaS applications.
The typical flow for configuring an OAuth integration is as follows:
- Click a button in Trelica to initiate the connection to the app.
- Trelica sends a message to the app saying that you want to give Trelica access to certain types of data.
- The app asks you to log in.
- The app shows you what access Trelica has requested (e.g. access to user data).
- You click a button to authorize this request.
Where possible our integrations use OAuth as this gives you the simplest, most secure and flexible integration experience.
API keys
API keys are an older way of giving another SaaS application access to data. They're like a password, and they typically give quite broad access rights in terms of what Trelica can do. Some applications give you a single API key that you use for all the applications you want to connect, whereas others let you generate specific API keys for each application that you want to connect to (a better approach).
The typical flow for configuring an API key integration is as follows:
- Log in to the app you want to connect to.
- Find the page that displays the API key or allows you to generate API keys.
- Copy the API key to the clipboard.
- Click a button in Trelica to initiate the connection to the app.
- Paste in the API key.
- Save the connection.
If you change or delete the API key that Trelica is using then the connection will be broken and you will need to reconfigure the connection in Trelica.
Security best practices
In order to set up an integration between Trelica and an application, you typically have to log in to the application and grant access to Trelica (either via OAuth2 or an API key, as described above). We recommend setting up a dedicated user account in each app for this purpose.
If an application allows you to restrict API requests to particular IP addresses, you can add the relevant Trelica IP addresses to the allow list.
Comments
0 comments
Please sign in to leave a comment.