May 2021
Flexera One introduced the following new features and enhancements this month.
Automation
Flexera One added the following Automation change in May 2021.
Flexera One Policies has been renamed Automation
This change is available with Automation.
In Flexera One's left-hand navigation and product documentation, the Flexera One application "Policies" has been renamed Automation. The Policies Dashboard in Flexera One was also renamed as the Automation Dashboard.
Be sure to bookmark the new Automation Product Documentation URL, which can also be found in the Flexera One Documentation Library.
Flexera One Automation uses policies to automate governance across your multi-cloud environment to increase agility and efficiency while managing security and risk in your organization. The capability is purpose built to leverage an intelligent policy engine that lets you enforce rules and best practices to help you achieve your business outcomes like saving time, cost reduction, increasing utilization, and rightsizing your cloud environment.
IT Asset Management
IT Asset Management added the following new feature in May 2021.
Editable points rules
This feature is available with IT Asset Management.
To calculate license consumption, some licenses use sets of points rules. For example, installations on some more powerful types of computer processor may be worth more points than older models; but there can be many different ways of choosing how many points apply to a particular inventory device where the linked software is installed (or where there is a license allocation causing consumption).
One of the license types that uses points rule sets is the Microsoft Server Core license, which is eligible for the Microsoft Azure Hybrid Benefit (support for AHB was announced in April in the Microsoft Azure Hybrid benefit allows Bring Your Own License for cloud solution providers section of this Feature List document). For these licenses in particular, a points rule may also identify one or more applications that must be present for the points rule to apply. (Recall that an "application" may define both the edition and the version of a particular product.)
In general, points rule sets are delivered as part of the Application Recognition Library downloads, and imported automatically. Within each set, points rules supplied by Flexera cannot be changed.
However, new functionality has now been added so that you can add a new points rule into an existing set, either by creating a rule “from scratch” and defining every detail, or by cloning an existing rule (including one downloaded with the Application Recognition Library) and just tweaking the value(s) you want customized. When, as a result of customization, you have two points rules within the set that have overlapping eligibility, your local copy of the points rule always takes precedence. And if you later decide that your customization is no longer needed, you can also choose to delete any points rule added locally.
You access the editor for points rules by choosing the appropriate points rule set from the Points Rule Sets page of Flexera One (Licenses > License Management > Point Rule Sets), then opening a point rule set’s properties, and finally, selecting the Points rules tab. There you may either CREATE an entirely new points rule, or CREATE FROM an existing points rule that you preselected within the set. A blue editor area opens within the tab so that you can “edit in place”.
Importantly for AHB licensing, the editor also allows you to customize the list of applications “mapped” into each rule. Your customized points rule can then apply only to the applications mapped into its definition. This means, for example, that you may have two related rules within the same set: the first rule may allocate 1 point for each installation of MyApp Standard edition (in any version), while the second rule may allocate 5 points for any installed version of the MyApp Gold edition. The points rule editor is highly flexible.
SaaS Management
SaaS Management added the following integration enhancements in May 2021.
BIM 360 integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the BIM 360 integration instructions.
Information stored
The Application Access integration task now stores the User ID field.
Minimum permissions required
Administrator-level access is required to connect your application to a specific BIM 360 Account. For details, refer to BIM 360's documentation Get Access to a BIM 360 Account.
The BIM 360 OAuth Scope account:read is required to read the list of users in your BIM 360 account. For more details, refer to the GET users section of the BMI 360 API Reference.
Authentication method
The authentication method for integrating BIM 360 with SaaS Management is OAuth2Client Credentials. For details, refer to BIM 360's documentation Get a 2-Legged Token.
DocuSign integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the DocuSign integration instructions.
Information stored
For the Application Access integration task, the Event Type (Template Events) and Template Events (Template ID, Last Modified, Template Name) fields were removed and replaced with the User ID field.
Minimum permissions required
The Minimum Permissions Required section was updated to clarify the minimum API required permissions based on the DocuSign scopes required and the user permission profile.
Authentication method
The authentication method for integrating DocuSign with SaaS Management is OAuth2 with Authorize flow. For details, refer to DocuSign’s documentation: How to get an access token with Authorization Code Grant.
Credentials required
The following note was added.
Username and Password are required only for authorizing the application. These values are not stored in SaaS Management.
Integrating DocuSign with SaaS Management
Steps 2 and 3 were updated with the following text.
Step 2: After clicking Authorize, you will be directed to the DocuSign login portal.
Step 3: Enter the DocuSign Username and Password of the Administrator user and click Accept to authorize the required permissions for calling the APIs used in the Integration.
API endpoints
The Template Event endpoint was removed. The following Application Roster and Application Access API endpoint was added to obtain the base URL and account ID: https://account.docusign.com/oauth/userinfo.
Dropbox integration updates
The Integrating Dropbox with Saas Management section was updated to reflect the current integration instructions.
Duo Security integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the Duo Security integration instructions.
Information stored
The following integration tasks were updated.
- Application Roster
- First Name, Middle Name, and Last Name fields were replaced with Real Name.
- Application Access
- Occurred and Notes fields were replaced with Last Login.
- Application Discovery
- SSO Display Name and Application Instance ID fields were removed.
- SSO Application Roster
- SSO Display Name and Application Instance ID fields were removed.
- First Name, Middle Name, and Last Name fields were replaced with Real Name.
- SSO Application Access
- SSO Display Name, Application Instance ID, and Notes fields were removed.
- Event Type was added.
Minimum permissions required
The First Steps section of the Duo Admin API documentation was added as a reference.
G Suite integration instructions
This enhancement is available with SaaS Management.
The following sections were updated in the G Suite integration instructions.
Information stored
For the Application Access integration task, the Notes field was replaced with the following:
User activities are tracked for the following Google applications:
- Google Drive
- Currents (Google+)
- Calendar
- Google Meet
- Last Login
Minimum permissions required
Google Workspace documentation references were added to the Application Permissions and User Role tables.
Authentication method
The authentication method for integration G Suite with SaaS Management is OAuth2 with Authorize flow. For details, refer to the Obtaining OAuth 2.0 Access Tokens section of the Google Identity documentation.
Credentials required
Username and Password were added, along with the following note.
These credentials are required only for authorizing the application. They are not stored in SaaS Management.
Human Capital Management (Workday) integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the Human Capital Management (Workday) integration instructions.
Authentication method
The authentication method was updated to WS-Security.
HR Roster API endpoint
The HR Roster API endpoint was updated to the following: https://<< Service URL Root >>/ccx/service/<< Tenant Name >>/Human\_Resources/v33.0.
Meetings (WebEx) integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the Meetings (WebEx) integration instructions.
Information stored
The following integration tasks now store additional information.
Application Roster
User ID field was added.
Application Access
Unique ID was replaced with the User ID field.
A Notes field was added.
Minimum permissions required
The Last meeting attendee history section of the Webex XML API Reference Guide was added as a reference for the Site Administrator.
Microsoft Application integration updates
This enhancement is available with SaaS Management.
The Power BI, Project (Microsoft), and Visio integration instructions were updated.
Information stored
For the Power BI, Project, and Visio Application Access integration task, the "User ID" field was replaced with "User ID (User Principal Name)".
Minimum permissions required
This section was updated to provide Microsoft's description of the Application Administrator.&text=Users%20assigned%20this%20role%20can,to%20impersonate%20the%20application%27s%20identity) user role
Authentication method
The authentication method for integrating Power BI, Project (Microsoft), and Visio with SaaS Management is OAuth2 with Authorize flow. For details, refer to Microsoft's instructions in Microsoft identity platform and OAuth 2.0 authorization code flow.
Credentials required
The following note was added.
Username and Password are required only for authorizing the application permissions. These values are not stored in SaaS Management.
Microsoft Applications with Client Credentials integration updates
The Power BI Client Credentials, Project (Microsoft) Client Credentials, and Visio Client Credentials integration instructions were updated.
Information stored
The following integration tasks now store additional information.
Power BI, Project Client, and Visio Credentials Application Roster
User ID was replaced with User ID (User Principal Name).
Power BI, Project, and Visio Client Credentials Application Access
User ID was replaced with User ID (User Principal Name).
Last Login was added.
Minimum permissions
The Global Administrator role is required to grant the application permissions. For details, refer to the Microsoft documentation Azure AD Built-In Roles.
Authentication method
The authentication method for integrating Power BI Client Credentials, Project (Microsoft) Client Credentials, and Visio Client Credentials with SaaS Management is OAuth2 with Client Credentials. For details, refer to Microsoft's instructions in Microsoft identity platform and OAuth 2.0 client credentials flow.
Namely integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the Namely integration instructions.
Information stored
User ID is no longer stored for the HR Roster integration task.
Minimum permissions required
The Authentication section of the Namely API documentation was added as a reference.
PingOne Cloud (Enterprise) integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the PingOne Cloud (Enterprise) integration instructions.
Information stored
SSO Application Instance ID is no longer stored as part of the SSO Application Roster and SSO Application Access integration tasks.
Minimum permissions required
Global Administrator is required to generate or renew an API key. For details, refer to Ping Identity's documentation View or renew directory API credentials.
Application Discovery API endpoint
This API endpoint was updated to the following: https://admin-api.pingone.com/v3/applications/templates/available/<Account ID>.
ServiceNow integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the ServiceNow integration instructions.
Information stored
For the Application Access integration task, the Username field was added.
Minimum permissions required
The description for the user_admin user role was updated and includes a reference to the Base System Roles section of the ServiceNow product documentation. The Application Roster and Application Access integration tasks also require the user_admin role permissions.
Integrating ServiceNow with SaaS Management
The following steps were updated.
Steps 1 and 2 were removed and replaced with the following Step 1: Log in to your ServiceNow instance, using the credentials of the ServiceNow user with permissions as outlined in the Minimum Permissions Required.
Step 5 was replaced with the following: Enter the Username and Password of the ServiceNow user with privileges as outlined in the Minimum Permissions Required.
ServiceNow OAuth2 integration updates
This enhancement is available with SaaS Management.
The following sections were updated in the ServiceNow OAuth2 integration instructions.
Information stored
For the Application Access integration task, the Username field was added.
Minimum permissions required
The description for the user_admin user role was updated and includes a reference to the Base System Roles section of the ServiceNow product documentation. The Application Roster and Application Access integration tasks also require the user_admin role permissions.
Integrating ServiceNow OAuth2 with SaaS Management
This section was revised to clarify user credentials. You need to enter the Username and Password of the ServiceNow user with privileges as outlined in the Minimum Permissions Required.
Slack integration updates
The Integrating Slack (for Enterprise Grid) with SaaS Management and the Integrating Slack (For Workspace) with SaaS Management sections were updated to reflect the current integration instructions.
Zoom integration updates
This enhancement is available with SaaS Management.
The Zoom Application Access integration task now stores the following information:
- User ID
- Meeting Title
- Meeting Created Date