February 2022
Flexera One introduced the following new features and enhancements this month.
Automation
Flexera One added the following new Automation feature in February 2022.
Configuring ingress for Automation with a safelist CIDR IP
This feature is available with Automation.
Flexera One Automation is a powerful capability that allows integration with public and internal APIs for recommendations, governance, and reporting. In some cases, our Automation system needs to access systems that restrict access by IP address, such as firewalls or SaaS (software as a service) solutions with high security needs.
Flexera provides the CIDR IP ranges used by our Automation capability so that external systems can be configured to allow our systems access to the necessary details using a trusted IP addresses range. The following table provides our Automation IP ranges for the two Flexera One zones. Use the CIDR IP range for the Flexera One zone your organization is hosted in.
| Zone | CIDR IP Range |
|---|---|
| North America | 185.109.134.0/24 |
| Europe | 185.109.135.0/24 |
Flexera One Technopedia API
Flexera One added the following new API in February 2022.
The new public-facing Flexera One Technopedia API is now available
This feature is available with Flexera One API.
We have been working in the past year to rebuild the foundation of Technopedia as well as reimagining how users access it through an API. We are excited to announce that the new Flexera One Technopedia API is now available in both the North American and European clouds.
Technopedia API provides a standard way to access various datasets in Technopedia. The API allows users to query information around manufacturers, software and hardware products, taxonomy, as well as enrichment content (aka “content packs” such as lifecycle dates) that they’re entitled to.
The new Technopedia is built upon a native cloud-based unified content environment. It fulfills the vision to have all content in one place, to become the most trusted and comprehensive source of hardware, software, SaaS and cloud product information in the world.
This is a GraphQL API; it follows the standard GraphQL over HTTP with POST requests.
The API supports the following capabilities:
- The ability to iteratively get all data in batches
- Access to data that the user's organization is entitled to (e.g., specific datasets, enrichments).
- Expose specific properties based on access (for example, certain properties—such as legacy Technopedia IDs—may be hidden from users since they are not relevant to the user’s organization).
- Query capabilities to fetch relations across different datasets.
- Use the API to get data and bring it to other tools (such as BI tools) to do analysis or generate report or to build an integration with other products.
The following enrichments are available:
- Base —Enabled by default, which includes base information around manufacturers, products, versions, models, editions, etc. Base enrichment also includes access to Technopedia Taxonomy.
- Lifecycle and Support —Includes both Software Lifecycle and Hardware Lifecycle.
- Hardware Specifications —Includes information around power consumption, environment specifications, and physical dimension of hardware models.
Open Source Licensing as well as Vulnerability and Threat Intelligence enrichments will be coming later this year.
The following tools and technologies are used to build and deploy the API:
- Golang and Goa framework to develop the back-end code
- MongoDB Atlas for storing the data
- GraphQL to query the data
- IAM for front-end authentication
- AWS Kubernetes (EKS) to deploy the service
- Travis CI for continuous integration
- Jmeter for performance testing
- Front-end testing tools like Postman and Altair
- Github as a code repository
Refer to the following reference links for additional information or reach out to your Flexera account representative if you're interested in the new API or Flexera One in general.
| Topic | Link |
|---|---|
| Technopedia API documentation | https://developer.flexera.com/docs/api/content/v2 |
| Main Flexera API documentation | https://developer.flexera.com/ |
| Technopedia Datasets and their properties | https://developer.flexera.com/docs/page/datasets-v2 |
| Login and Access Management (generate the Refresh Token from here) | North America https://app.flexera.com/ Europe (EU) https://app.flexera.eu/ Asia-Pacific (APAC) h ttps://app.flexera.au/ |
| How to generate an Access Token | https://developer.flexera.com/docs/page/authentication#access-token-generation |
| API URL to access | North America https://beta.api.flexera.com/content/v2/orgs/<ORG\_ID>/graphqlEU https://beta.api.flexera.com/content/v2/orgs/<ORG\_ID>/graphqlAPAC https://api.flexera.au/content/v2/orgs/<ORG\_ID>/graphql |
| GraphQL API and Altair Plugin usage | https://developer.flexera.com/docs/page/graphql-api-usage |
SaaS Management
SaaS Management added the following new feature and enhancements in February 2022.
Salesforce Users tab
This feature is available with SaaS Management.
The Salesforce Users tab provides detailed information relating to each Salesforce user. This new tab enables the right decisions to be made by providing a detailed view of usage across all Salesforce licenses.
SaaS Management’s integration with Salesforce now pulls in the following user information:
- Username
- User ID
- Alias
- User License
- Permission Set License
- Feature Set License
- Days Since Last Activity
- User Type
- Role
- Profile
- Locale
- Company
- Account Created Data
The Salesforce Users Tab includes the same features as the Managed Applications Users UI:
- By default, the email column is static and will remain frozen and visible when other columns are adjusted or pinned
- Sorting lists in the order you prefer
- Filtering lists to view only the information that meet the necessary criteria
- Pinning and auto sizing columns for easier navigation
- Improved search capabilities within a single column
For further information, refer to the Salesforce Fields Integrated with SaaS Management Users Tab section of the Salesforce Integration Instructions.
Custom read-only role for ServiceNow license reclamation
This enhancement is available with SaaS Management.
You can now create a custom read-only role to reclaim ServiceNow and ServiceNow OAuth2 licenses. The following describes the custom read-only role permissions and instructions for creating this role.
Minimum Permissions Required
| Integration | Role | Description | Integration Task Name |
|---|---|---|---|
| ServiceNow and ServiceNow OAuth2 | itil, snc_read_only | These roles are required for retrieving the ServiceNow users, and their activities. For details, refer to the Security jump start - ACL rules section of the ServiceNow documentation. | Application Roster Application Access |
| ServiceNow and ServiceNow OAuth2 | user_admin | This role is required for user license management in the reclamation task. For details, refer to the Base System Roles section of the ServiceNow product documentation. | Reclamation |
| ServiceNow OAuth2 | admin | This role is required to register the Client Application and to generate the Client ID and Client Secret in ServiceNow. | Not applicable |
Note the following:
- For an existing Flexera One integration with ServiceNow added using rest-api_explorer permissions, you are required to elevate the role of the user used to authorize the integration with roles suggested in the table.
- If you wish to have a custom role with a reading permission specific to the tables used in the integration API, then follow the steps mentioned below to create a custom role:
- Log in to your ServiceNow instance as a security_admin, or log in as a system administrator. Elevate your role by clicking System Administrator. Navigate to Elevate Roles and enable the security_admin check box, which enables this permission to edit the Access Control List.
- To create a custom role, navigate to the Roles tab by searching for the “roles” keyword in the All Applications menu on the left side of the screen. Click the New button and enter the desired name for the role. Click Submit to create this new role.
- In the All Application navigator, search for the “Access Control” keyword. Click Access Control (ACL) to navigate to the Access Control tab.
- In the Access Control tab, search for the access control keyword “sys_user_has_role”. Click on the record with the read operation type, add the custom role created under the Requires Role section, and click Update.
- Repeat the same steps for the “sys_user_role” Access Control record, add the custom role created to the Requires Role section, and click Update.
License Differentiation option for ServiceNow
This enhancement is available with SaaS Management.
SaaS Management now offers the option whether or not you wish to enable license differentiation for ServiceNow and ServiceNow OAuth2 integrations.
When integrating with SaaS Management, there is a ServiceNow Enable License Differentiation field that allows the following options.
- Entering
YESenables license differentiation and retrieves the Fulfiller/Approver roles assigned for the users. - Entering
noor leaving this field blank does not enable license differentiation. In this case, the Licenses column under the Users tab will show up empty, and no records will be displayed under the Activity tab.
The ServiceNow API endpoints now reflect whether or not you enable license differentiation in SaaS Management.
API endpoints with License Differentiation
Application Roster and Application Access
https://<<instance>>.service-now.com/api/now/table/sys_user_has_role
Reclamation
https://<<instance>>.service-now.com/api/now/v2/table/sys_user_has_role/{sys_id}
API endpoints without License Differentiation
Application Roster and Application Access
https://<<instance>>.service-now.com/api/now/table/sys_user
Reclamation
https://<<instance>>.service-now.com/api/now/v2/table/sys_user/{sys_id}