Skip to main content

March 2021

Flexera One introduced the following new features and enhancements this month.

Flexera One Platform

Flexera One added the following Identity and Access Management (IAM) features in March 2021.

Just-In-Time Provisioning and Group Sync added to Flexera One

note

This feature is available with Flexera One Identity and Access Management.

Just-in-Time (JIT) Provisioning simplifies the onboarding process for new users in organizations using single sign-on. Administrators can use JIT to avoid having to manually provision users with access to features they need, while also providing the benefit of minimizing errors that are inevitable in the manual provisioning process.

Now, in Flexera One, organizations using Flexera One's SAML 2.0 single sign-on may enable Just-in-Time (JIT) Provisioning for their Identity Providers (IdP) to automate user creation and Group Sync to synchronize groups from their IdP to Flexera One. For more information, refer to Just-In-Time Provisioning and Group Sync.

Single Sign-On enforcement added to Flexera One

note

This feature is available with Flexera One Identity and Access Management.

Single Sign-On (SSO) enforcement has been added to Flexera One, providing an extra layer of security to customers using SSO. SSO enforcement is an organization-wide security setting available after identity provider (IdP) configuration is complete. When SSO enforcement is enabled, users accessing an org's resources must login through an identity provider in that org. For more information, refer to Enforcing Single Sign-On in Your Organization.

Flexera One Policies

Flexera one added the following Automation Policy documentation enhancement in March 2021.

Policies reference documentation update

note

This enhancement is available with Automation (Policies).

The legacy policies reference information documentation has been converted to the Flexera One product documentation format. The following Policies Reference Information topics are now included within Flexera One Help.

IT Asset Management

IT Asset Management one added the following features in March 2021.

Adding Oracle Fusion Middleware to GLAS Evidence archive

note

This feature is available with IT Asset Management.

From version 16.1.0 (and later), the FlexNet inventory agent, whether running locally on an Oracle server or using the zero footprint inventory collection method remotely from a suitable inventory beacon, can regularly return specialized data relating to the many applications available under the banner of Oracle Fusion Middleware, as well as uploading special files required for review by the Oracle Global Licensing and Advisory Services (GLAS) to check your compliance with license terms and conditions.

There are two new controls in IT Asset Management to manage this data flow:

  • In the Inventory Settings page (Data Collection > IT Asset Inventory > Inventory Settings), a new Enable collection of Oracle Fusion Middleware audit data check box authorizes your updated FlexNet inventory agents to start collecting and uploading the Fusion Middleware data, as part of their normal upload cycle. (Any earlier versions of FlexNet inventory agents that have not been updated simply ignore this policy setting.)
  • Access the IT Asset Management Settings General page (Administration > IT Asset Management Settings > General), and in its Inventory tab, the Include Oracle Fusion Middleware check box adds the information about Fusion Middleware into the standard OracleGLASEvidence.zip archive, ready for submission for audit when required. Best practice would be to leave this check box turned on only when your relevant upgrades to FlexNet inventory agent are complete, when you have reviewed all the applications installed from the Fusion Middleware collection, and ensured that you have license records (supported by purchase records) that authorize all installations.
tip

This functionality relies on distribution of InventorySettings.xml version 56 or later, which contains the updated Oracle GLAS scripts. (The version number of this file is included in its first line, and the file is updated as part of the regular download of the Application Recognition Library.)

When turning on the audit archive, you can also control the level of data obfuscation applied. Passwords that are collected by the Oracle GLAS scripts are always obfuscated, being replaced by the value text_removed. Optionally, another check box on the same section of the IT Asset Management Settings General page lets you similarly obfuscate all user names and IP addresses that appear in the incoming data for Fusion Middleware. These user name and IP address values are not required in an Oracle audit, and may legitimately be suppressed in this way, if this is required by your enterprise security standards.

The uploaded evidence for Fusion Middleware products is imported as installer evidence with a unique Evidence type value of OracleFMW. This may be returned for any of the Oracle Fusion Middleware products installed on your inventory devices, such as:

  • Oracle Weblogic Server (including the Suite, Enterprise, Standard, Basic or Unspecified editions)
  • Oracle Forms
  • Oracle Reports

You can find this evidence in either of:

  • The Installer evidence tab of the All Evidence page (Applications & Evidence > Evidence > All Evidence)—a convenient place to filter for the evidence type and identify any cases where Assigned displays No, because the evidence has not yet been linked to an application record
  • The Evidence tab of the inventory device properties for any device where you know an appropriate Oracle Fusion Middleware product is installed (be sure to select the Installer subtab, and then look for the Raw evidence type column).

For more information, see Oracle Fusion Middleware Scanning in the Flexera One Help.

Toad for Oracle inventory

note

This feature is available with IT Asset Management.

IT Asset Management now reports installations of Toad for Oracle on Windows-based Oracle servers. Two new evidence types, Toad and Toad License, are available (currently, only the first of these is used for automatic linking to applications through the Application Recognition Library, but either may be used if you are manually creating application records and linking to evidence). The Toad License evidence may also be useful, for example, to recognize installations of the 30-day trial version of Toad for Oracle.

Toad for Oracle generally requires user-based licensing, with no concept of license sharing (for example, when one user stops using the application, another cannot start using it under the same entitlement). Users are called "seats" in Toad-speak, except for Desktop Authority where a 'seat' means a device. For the general case, you might consider a Named User license type if manually creating your licenses; or wherever possible, quote the SKU number for your version of Toad on your purchase, and allow the SKU library and PURL to propose an appropriate license for you.

note

This functionality requires version 16.2.0 or greater of the FlexNet inventory agent; and also make sure that your downloadable libraries are kept up-to-date, to receive the latest recognition rules through the Application Recognition Library.

IT Visibility

IT Visibility one added the following feature in March 2021.

ServiceNow integration with IT Visibility includes support for native tables

note

This feature is available with IT Visibility and the ServiceNow Flexera Integration app.

ServiceNow Integration with IT Visibility utilizes the Flexera Integration app v5.0.4, available in the ServiceNow app store. The app now includes the capability to populate ServiceNow's native (out-of-the-box) tables with Flexera data. That includes populating software model and hardware model tables with standardized models from Technopedia as well as bringing software installations from IT Visibility normalization.

Users are offered the option to turn this capability on or off (by default, only custom Flexera tables will be populated). Furthermore, the flexibility to pick and choose only certain tables will ensure full control on the expected behavior in their consumption of Flexera data.

The new app also brings Flexera data front and center in the Incident/Problem/Change (IPC) management module, which allows users to select standard software and/or hardware models from Technopedia as well as software installation from their Flexera normalized inventory when they file an incident, problem or change ticket.

Exchange data between IT Visibility and ServiceNow to provide deep insights into your IT ecosystem. See the Flexera Integration app page in the ServiceNow app store for current release notes detailing what’s new and the latest prerequisites. For documentation, refer to ServiceNow Integration with IT Visibility.

SaaS Management

SaaS Management one added the following features in March 2021.

Configuring Flexera One API Credentials to use SaaS Management policies

note

This feature is available with SaaS Management along with Automation (Policies).

To use the SaaS Management Policies included with Flexera One, you first need to set up Flexera One API credentials. After you configure your API credentials, the policy engine retrieves data from SaaS Management. To set up and configure these credentials, refer to Configuring Flexera One API Credentials to Use SaaS Management Policies.

Updated minimum permissions required for G Suite integration

note

This enhancement is available with SaaS Management.

G Suite SaaS application integration issues have occurred due to permissions issues. In response, the Minimum Permissions Required section for the G Suite integration instructions were updated to clarify application permissions based on the integration task and the user role.

Import Jobs API

note

This feature is available with SaaS Management.

SaaS Management offers an Import Jobs API that helps you:

  • Add a SaaS application not currently supported by SaaS Management through a direct integration for rightsizing
  • Add and view Single Sign-On (SSO) data for rightsizing and optimization from any SSO provider

The following topics are covered in Loading SaaS Data via the Import Jobs API:

  • Import Jobs API Workflow
  • Model Relationships
  • Required Flexera One Roles and API endpoints
  • Adding a Managed SaaS Application
  • SaaS Data Payload
  • OpenAPI (Swagger) documentation (see API For SaaS Management OpenAPI Specification)

For complete information, refer to the Loading SaaS Data Via the Import Jobs API.

Auto-populated Office 365 and Office 365 Client Credentials License Information

note

This feature is available with SaaS Management

The Flexera One integrations with Office 365 and Office 365 Client Credentials offer a License Information integration task that automatically retrieves the name of the Office 365 plan, license type, and total allowed number of licenses. This auto-populated Office 365 and Office 365 Client Credentials license information provides a more complete view of your Microsoft SaaS entitlements and component usage by displaying:

  • Assigned entitlements.
  • User’s license activity (based on the user’s last login) for O365 Exchange, O365 OneDrive, O365 SharePoint, O365 Skype, O365 Yammer, O365 Teams, and O365 Outlook.
  • A 7 Services filter in the Office 365 Activity tab, which helps you narrow the focus of your organization’s Office 365 license activity.

The details for this new License Information integration task can be found in the following sections of the Office 365 and Office 365 Client Credentials integration instructions:

Information Stored

  • Application Access integration task now stores the last activity date for Outlook.
  • License Information integration task was added, which stores the License Name, License Type, and Purchased Quantity.

Minimum Permissions Required

The Directory.Read.All permission is required for the License Information integration task.

Auto-Populated Office 365/Office 365 Client Credentials License Information

This new section provides step-by-step instructions to enable the License Information integration task.

API endpoints

Application Roster

The following API was added: https://graph.microsoft.com/v1.0/subscribedSkus

Application Access

The following API was added: https://graph.microsoft.com/beta/reports/getEmailActivityUserDetail

License Information

A new API was added https://graph.microsoft.com/v1.0/subscribedSkus

Reclamation

The following API was added: https://graph.microsoft.com/v1.0/subscribedSkus

Application Task Tracking

The Application Task Tracking chart was updated to include a License Information column. Office 365 and Office 365 Client Credentials were added to the License Information column.

Updated HR Roster information for Okta Platform integration

note

This enhancement is available with SaaS Management.

The Okta Platform integration now stores the following information for the HR Roster integration task:

  • Location
  • Department

Updated minimum permissions required and API endpoints for ServiceNow integration

note

This enhancement is available with SaaS Management.

Minimum Permissions Required

The Minimum Permissions Required section for the ServiceNow integration instructions were updated to clarify application permissions based on the integration task and the user role.

RoleDescriptionIntegration Task Name
rest_api_explorerThis role is required for retrieving the ServiceNow users and activities details.Application Roster
Application Access
user_adminThis role is necessary for user license management in the reclamation task.License Reclamation

API endpoints

The following ServiceNow API endpoints were updated.

Application Roster and Application Access

https://<<instance>>.service-now.com/api/now/stats/sys_user

https://<<instance>>.service-now.com/api/now/table/sys_user

Reclamation

https://<<instance>>.service-now.com/api/now/v2/table/sys_user/{sys_id}

ServiceNow integration secured with OAuth2 authentication

note

This enhancement is available with SaaS Management.

Flexera One now offers OAuth2 with password grant type authentication for ServiceNow. Many organizations are adopting security polices that require this authentication method. The ServiceNow OAuth2 integration instructions describe how to integrate with Flexera One. ServiceNow OAuth2 has also been added to the Application Task Tracking chart.

Workday report options

note

This enhancement is available with SaaS Management.

The Workday report options were clarified for the Human Capital Management (Workday) integration. In the section “Sending Report Credentials to the SaaS Management Administrator”, there are two report options: Full and Partial. The following text clarifies each option.

Report Options (Full/Partial): This applies to the Report-based Workday integration (“Workday Report” and not “Human Capital Management”) and determines what Flexera One does with the results received from Workday.

  • Full - A complete overwrite of the existing HR Roster in SaaS Management with the new result set received from Workday.
  • Partial (default, if left blank) - Keep the existing HR Roster in SaaS Management, and update it with the result set received from Workday.