# Usage guide: License reclamation

{% hint style="info" %}
This page outlines various ways to use the pack, including use case examples. Administrators can refer to the [Configuration guide: License reclamation](https://docs.nexthink.com/platform/library-packs/software-asset-management/workflow_-license-reclamation/configuration-guide-license-reclamation) to set up and customize the installed content.
{% endhint %}

Large organizations often struggle to manage software licenses issued to employees. Over time, unused licenses accumulate, leading to unnecessary costs.

The **License reclamation** library pack helps you:

* Identify employees who no longer need a specific license.
* Prompt users to return unused software licenses through a campaign.
* Automatically revoke user access using workflow automation, reducing manual intervention.

This pack includes two workflows:

* License reclamation – for environments using Azure Entra ID with write permissions.
* License reclamation (on-premises Active Directory) – for organizations managing group membership in on-premises Active Directory synced with read-only Entra ID.

## Library pack uses

{% hint style="info" %}
Jump to [Use cases](#use-cases) on this page to see relevant scenario applications.
{% endhint %}

Use the library pack for the following purposes.

### Reclaiming licenses in Entra ID environments

The **License reclamation** workflow automatically removes users from license groups based on usage and consent.

Use this when:

* Group membership is managed in Azure Entra ID.
* You have permission to modify group memberships in Entra ID.

Steps performed by the workflow:

1. Retrieve the user's UUID using their UPN with the Entra ID connector thinklet.

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-d1e3561ce2b73d80d750dd8a488165b38bd598ca%2Fimage.png?alt=media" alt="" width="363"><figcaption></figcaption></figure>

2. Check if the user is in the target license group.

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-8de2eb7e58af7be590ae1d93156cfd491a82ac2b%2Fimage.png?alt=media" alt="" width="375"><figcaption></figcaption></figure>

3. Trigger a campaign asking for permission to uninstall unused software.

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-84fe5a7dc3b980ad162fe4c48a0505a08f2ad0c6%2Flicense_reclamation_request2%20(2).png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

4. If consent is given, or if the Ask for user permission parameter is disabled, remove the user from the group.

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-3fb8fd53bd8bd41b0ca4c16016b7fb235213a1cf%2Fimage.png?alt=media" alt="" width="375"><figcaption></figcaption></figure>

### Reclaiming licenses in on-premises Active Directory

Use the **License reclamation (on-premises Active Directory)** workflow when:

* You manage group assignments in **Active Directory**.
* Your **Entra ID** is read-only and synchronized with on-prem AD.

Steps performed by the workflow:

1. Retrieve the user's SAM account name and the group ID from Entra ID.

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-07ed6156ad2b30a5205dffa461badb9f30ef9183%2Fimage-20240628-065905%20(1).png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

2. Verify if the user is a member of the license group.

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-bd618e412acfdecc8d3f996b746f2eef4bdc0048%2Fimage-20240628-070329%20(1).png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

3. Trigger a campaign asking the user to release the license due to low usage.

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-84fe5a7dc3b980ad162fe4c48a0505a08f2ad0c6%2Flicense_reclamation_request2%20(2).png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

4. If the user agrees, execute a remote action to remove them from the Active Directory group.

<figure><img src="https://268444917-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxJSUDk9NTtCHYPG5EWs3%2Fuploads%2Fgit-blob-75c907aeeb6c837160ad86022c838b070a82ffdc%2Fimage-20240628-070447%20(1).png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

## Use cases

In addition to the relevant use cases covered below, you may uncover other troubleshooting scenarios specific to your environment.

### Reclaiming unused application licenses in Entra ID

Use this workflow to remove a user from a license group if they no longer need the application.

From the **Workflows** module:

1. Ensure the **License reclamation** workflow is deployed and configured.
2. Set up a **schedule trigger** to run the workflow automatically.
3. The workflow uses the **Entra ID connector thinklet** to retrieve the UUID from the UPN.
4. If the UUID is found, it checks the user's **group membership**.
5. If the user belongs to the group, a **campaign** is launched requesting license return.
6. Based on user response or automation settings, the user is removed from the group.

### Reclaiming unused application licenses in on-premises Active Directory

Use this workflow when license groups are managed on-prem.

From the **Workflows** module:

1. Deploy the **License reclamation (on-premises Active Directory)** workflow.
2. Configure a **schedule trigger** to run the workflow automatically.
3. The workflow retrieves the user's **SAM account name** and group ID.
4. It checks if the user is in the application group.
5. A **campaign** prompts the user to return the license if unused.
6. Upon consent, a **remote action** removes the user from the on-prem AD group.

***

RELATED TOPICS

* [Manage Applications](https://docs.nexthink.com/platform/user-guide/applications/getting-started-with-applications)
* [Manage Workflows](https://docs.nexthink.com/platform/user-guide/workflows/managing-workflows)
* [Manage Remote Actions](https://docs.nexthink.com/platform/user-guide/remote-actions/getting-started-with-remote-actions)
* [Manage Campaigns](https://docs.nexthink.com/platform/user-guide/campaigns/managing-campaigns)
* [Workflow: License reclamation](https://docs.nexthink.com/platform/library-packs/software-asset-management/workflow_-license-reclamation)
* [Configuration guide: License reclamation](https://docs.nexthink.com/platform/library-packs/software-asset-management/workflow_-license-reclamation/configuration-guide-license-reclamation)