How to Manage Non-Discoverable SaaS Applications in ServiceNow SAM Pro

Technical blueprint for achieving license compliance, usage visibility, and cost optimization when SaaS apps don’t show up in discovery.

---

1) Establish a Non-Discoverable Publisher Data Model

Goal: Treat unmanaged SaaS the same way you treat discoverable software — in a governed, queryable model.

• Extend the Software Model Library with a “Non-Discoverable” flag and fields: Data Source, Integration Type (CSV/API/Middleware), Usage Metric, Refresh Frequency.
• Enforce taxonomy using Software Model Category, naming conventions, and Dictionary Overrides.
• Maintain a reference list of publishers (e.g., Fivetran, Datadog, Snyk, Miro, Lucidchart, Canva, Workiva) with ownership and renewal dates.

2) Ingest Usage & Entitlement Data (CSV/API/Middleware)

Pattern: Import Sets → Transform Maps → SAM tables, scheduled.

Method	When to use	Notes
CSV Import	Vendors provide monthly CSV exports	Use Import Sets, Transform Maps, and Scheduled Imports
REST API	Platforms expose admin APIs (e.g., Atlassian, Zoom, Fivetran)	Use IntegrationHub, Scripted REST, or MID Server as needed
Middleware	Orchestrate multiple sources or approvals	Azure Logic Apps, MuleSoft, Power Automate

Normalization: map usernames to UPN/email, normalize product/plan names, and dedupe rows before landing.

3) Reconcile Without Discovery Fingerprints (User-Based)

Goal: Compute Effective License Position (ELP) using user/entitlement correlation.

1. Create a Reconciliation Definition with User-Based License Metric.
2. Land usage into a staging table (e.g., x_app_usage_import) → transform to cmdb_sam_sw_install or related SAM usage tables.
3. Join Usage → User → Entitlement and compute compliance.

// Pseudo logic (Script Include)
var active = usage.active_users(userId, product);
var entitled = entitlement.user_limit(product, orgId);
current.status = (active > entitled) ? 'Over-Licensed' : 'Compliant';

Custom Metrics: define user, seat, transaction, or workspace metrics per vendor model.

4) Automate Governance & Data Quality

• Transform Map onBefore scripts: validate required fields; reject malformed records.
• Business Rules: enforce naming, categories, and freshness tags.
• Scheduled Jobs: mark imports “stale” after X days; alert owners.
• Exception Dashboards: missing entitlements, orphaned usage, stale feeds.

// Example transform validation snippet
if (!source_name || !last_updated) {
  ignore = true;
  gs.addErrorMessage('Non-discoverable import rejected: missing source_name/last_updated');
}

5) Integrate with FinOps for Spend & Optimization

• Ingest cost data (CSV/API) from Azure Cost Management/Apptio/CloudHealth.
• Join usage + entitlement + cost in PA Indicators: utilization %, cost per active user, reclaim candidates.
• Surface renewal windows and true-up projections; flag redundant apps.

6) Automate Reclamation & Access Reviews

• Flow Designer/IntegrationHub: if Last Login > 90 days → create reclaim task or call vendor API to disable account.
• Fallback for no API: notify app owner via email approval; update entitlement after confirmation.
• Run quarterly user access reviews per app; store attestations for audit.

7) Compliance Dashboards for Non-Discoverable Apps

• Widgets: ELP by publisher, Usage vs Entitlement, Stale data aging, Renewals by quarter.
• Data Sources: alm_entitlement, cmdb_sam_sw_install, import staging, contract tables.
• KPIs: <30% active usage → reclaim; duplicate tools → consolidation; high growth → forecast spend.

8) Reference Architecture (Summary)

Component	Purpose	Notes
Software Model Library	Model non-discoverable SaaS	Flags, taxonomy, owners
Import Sets + Transform Maps	Load usage/entitlement	CSV/API/Middleware
IntegrationHub / MID	Secure API ingestion	Polling & throttling
Custom Metrics	User/seat/consumption	Per-vendor logic
Governance Rules	Quality & audit	Validation & freshness
Flow Designer	Reclamation / reviews	Close loop with owners
Performance Analytics	ELP & optimization	Spend/utilization/renewals

---

Outcome: Audit-ready ELP for non-discoverable SaaS, automated access cleanup, and measurable spend optimization — exactly what SAM Pro is expected to deliver for modern SaaS portfolios.