Learn
Documentation
Support
Community

Usage guide: License reclamation

Overview

Large enterprises often struggle to keep track of the numerous software licenses issued to their employees. Over time, unused and overlooked licenses can quietly add up, incurring needless expenses for the company. Moreover, once identified, the process of revoking a user's license can be time-consuming and typically occurs on an individual basis.

Workflow: License reclamation” pack contains two versions of workflows:

  • License reclamation - This version exclusively manages the Azure Entra ID operations and it requires "write" permissions within Entra ID.

  • License reclamation (on-premises Active Directory) - This workflow version is suitable for scenarios where group assignments are managed in on-premises Active Directory, which is synchronized with read-only Entra ID.

Ensure your library pack is properly configured by following the steps highlighted in its configuration guide:

Configuration guide: License reclamation

Workflow Structure - License reclamation

This workflow is designed to operate automatically via an schedule trigger. This section describes the key steps in this workflow:

  • Check the user's group membership. Terminate the process if the user is not in the group specified by the workflow parameter. If the user is in the group, start an Engage campaign to request the uninstallation of the software.

  • If the user agrees, or if the workflow parameter “Ask for user permission” is set to “No”, the workflow performs a technical step to retrieve the user’s UUID. This is necessary for the subsequent step of removing the user from the group.

Workflow Structure - License reclamation (on-premises Active Directory)

This workflow is designed to operate automatically via an schedule trigger. This section describes the key steps in this workflow:

  • Retrieve the IDs and on-premises SAM account names for the user and the Entra ID group. This information is necessary for the subsequent step of removing the user from the Active Directory group. If any step of retrieving this information fails, the workflow will terminate execution.

  • Check if user is a member of application license group.

  • If a user is identified as a member of the group, the campaign will be triggered to inquire if the license can be reclaimed due to low usage. Should the user consent, a remote action will be initiated to remove the user from the Active Directory group.

RELATED TOPICS

Last updated

© Nexthink

Privacy policyResponsible Disclosure Policy