# Configuration guide: License reclamation

{% hint style="info" %}
The configuration options on this page are only accessible to [administrators](https://docs.nexthink.com/platform/user-guide/administration/account-management/roles#roles-administration).

Refer to the [Usage guide: License reclamation](https://docs.nexthink.com/platform/library-packs/software-asset-management/workflow_-license-reclamation/usage-guide-license-reclamation) to use library content as a standard user.
{% endhint %}

## Pre-requisites <a href="#pre-requisites" id="pre-requisites"></a>

This library pack contains content from the following [expansion products](https://docs.nexthink.com/platform/overview/products)

* [Application Experience - Applications](https://docs.nexthink.com/platform/user-guide/applications)
* [Flow - Workflows](https://docs.nexthink.com/platform/user-guide/workflows)
* [Employee Engagement - Campaigns](https://docs.nexthink.com/platform/user-guide/campaigns)

{% hint style="info" %}
Some of these products offer default access to their respective content, and can still be used without the [expansion products](https://docs.nexthink.com/platform/overview/products).

Refer to the [Nexthink Infinity thresholds and limits overview](https://edocs.nexthink.com/nexthink-infinity/infinity-specifications/nexthink-infinity-default-thresholds-overview) documentation for more information about default thresholds for expansion products.
{% endhint %}

## Included content and dependencies <a href="#content-list-and-dependency" id="content-list-and-dependency"></a>

This library pack contains the following content and dependencies:

| Content type                                                                   | Name                                               | Description                                                                                                                                                          | Dependencies |
| ------------------------------------------------------------------------------ | -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
| [Workflows](https://docs.nexthink.com/platform/user-guide/workflows)           | License reclamation                                | An API call to Entra ID removes a user (based on their user ID) from an application group, which automatically reclaims the license.                                 |              |
| [Workflows](https://docs.nexthink.com/platform/user-guide/workflows)           | License reclamation (on-premises Active Directory) | Triggers a remote action to Active Directory to remove a user (based on their SAM account name) from an application group, which automatically reclaims the license. |              |
| [Campaigns](https://docs.nexthink.com/platform/user-guide/campaigns)           | License reclamation request - Workflow invoke      | Asks users if they are still using an application.                                                                                                                   |              |
| [Remote actions](https://docs.nexthink.com/platform/user-guide/remote-actions) | Invoke remove user from AD group                   | The purpose of the Remote Action is to remove a specified user from an on-premises Active Directory group.                                                           |              |

## Configuring License reclamation <a href="#configuration-guide" id="configuration-guide"></a>

{% hint style="info" %}
Adapt these suggested configuration steps to edit and customize content according to your organizational needs.
{% endhint %}

Follow these steps to install and configure content:

* Before configuration - [Install library pack content from Nexthink Library](https://docs.nexthink.com/platform/user-guide/nexthink-library)
* [Step 1 - Configure remote actions](#step-1-configure-remote-action-s)
* [Step 2 - Edit campaigns](#step-2-edit-campaigns)
* [Step 3 - Configure Entra ID integration](#step-3-configure-entra-id-integration)
* [Step 4 - Configure workflow parameters](#step-4-configure-workflow-parameters)
* [Step 5 - Maintain API thinklet credentials](#step-5-maintain-api-thinklet-credentials)
* [Step 6 - Maintain workflow trigger](#step-6-maintain-workflow-trigger)

### Step 1 – Configure remote actions

From the main menu, go to **Remote actions > Manage remote actions**.

1. Locate **Invoke remove user from AD group**.
2. Review and edit its **input parameters** as needed for your AD environment.
3. Set up a **manual or scheduled trigger** depending on the license cleanup frequency.

### Step 2 – Edit campaigns

From the main menu, navigate to **Campaigns > Manage campaigns**.

For each installed campaign:

1. Customize the **sender name** and **image**.
2. Review and adjust campaign **questions**.
3. **Publish** the campaign when ready.

Nexthink recommends these settings for the license campaign:

| Name                        | Trigger | Priority   |
| --------------------------- | ------- | ---------- |
| License Reclamation Request | Manual  | Not urgent |

### Step 3 – Configure Entra ID integration

If Entra ID is not yet configured, ask your Azure administrator for assistance.

Two integration points are required:

1. Import the **UPN** into the user table.
2. Store **API credentials** in the Entra ID connector.

Refer to [Entra ID integration for workflows](https://docs.nexthink.com/platform/library-packs/faq/entra-id-integration-for-workflows) for full setup instructions.

Check the permissions listed in the [Entra ID connector thinklet](https://docs.nexthink.com/platform/user-guide/workflows/creating-workflows/configuring-connector-thinklet/microsoft-entra-id-connector-thinklet) documentation.

### Step 4 – Configure workflow parameters

In the **workflow editor**, verify these parameters:

* **Ask for permission?** – Choose whether to require user consent before revoking access.
* **Authorization group** – Name of the AD group tied to license provisioning.
* **Application name** – Name of the app being managed.

Example use case:

Use the parameters to target users of "Salesforce Lightning" who:

* Used the app for **< 5 minutes** in the past 90 days.
* Did **not** confirm they still need access in the campaign.

Example **NQL** (requires Application Experience + Software Metering):

```
users during past 30d 
| where ad.email_address != null 
| include software_metering.events during past 90d 
| where application.name == "Salesforce Lightning" 
| compute focus_time = web_focus_time.sum() 
| include campaign.license_reclamation_request.responses during past 90d 
| where parameters.application_name == "Salesforce Lightning" 
| where state == answered 
| where answers.question1.label == "yes" 
| compute user_needs_application = user.count() 
| where focus_time < 5min 
| where user_needs_application == 0
```

### Step 5 – Maintain API thinklet credentials

Each **Service/API thinklet** needs a credential configuration.

1. Go to **Administration > Connector credentials**.
2. Add the required credentials for:
   * Microsoft Graph API
   * Active Directory integration
3. In the workflow, fill in the **Credentials** field of each relevant **API thinklet**.

{% hint style="info" %}
When a workflow is imported from the Library, credential fields will be blank and must be set locally.
{% endhint %}

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-8d26d4c5f85550a974e8ab4fd0c565f0412143a8%2Fimage-20240627-163000%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

### Step 6 – Maintain workflow trigger

This workflow is designed to run on a **scheduled** basis.

1. Open the workflow from **Workflows > Manage workflows**.
2. Go to the **General** tab.
3. Enable the **Schedule** checkbox.
4. Define separate schedules per application or group if needed.

{% hint style="info" %}
For license efficiency, use a tailored NQL query to exclude users who requested to keep their license.
{% endhint %}

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-e9abf0b8a68d0f21286bdde37b6a5c62da33ed03%2Fimage-20240627-163544%20(1).png?alt=media" alt=""><figcaption></figcaption></figure>

***

RELATED TOPICS

* [Manage Applications](https://docs.nexthink.com/platform/user-guide/applications/getting-started-with-applications)
* [Manage Workflows](https://docs.nexthink.com/platform/user-guide/workflows/managing-workflows)
* [Manage Remote Actions](https://docs.nexthink.com/platform/user-guide/remote-actions/getting-started-with-remote-actions)
* [Manage Campaigns](https://docs.nexthink.com/platform/user-guide/campaigns/managing-campaigns)
* [Workflow: License reclamation](https://docs.nexthink.com/platform/library-packs/software-asset-management/workflow_-license-reclamation)
* [Usage guide: License reclamation](https://docs.nexthink.com/platform/library-packs/software-asset-management/workflow_-license-reclamation/usage-guide-license-reclamation)