How to Manage Non-Discoverable SaaS Applications in ServiceNow SAM Pro
How to Manage Non-Discoverable SaaS Applications in ServiceNow SAM Pro
Technical blueprint for achieving license compliance, usage visibility, and cost optimization when SaaS apps don’t show up in discovery.
1) Establish a Non-Discoverable Publisher Data Model
Goal: Treat unmanaged SaaS the same way you treat discoverable software — in a governed, queryable model.
- Extend the Software Model Library with a “Non-Discoverable” flag and fields: Data Source, Integration Type (CSV/API/Middleware), Usage Metric, Refresh Frequency.
- Enforce taxonomy using Software Model Category, naming conventions, and Dictionary Overrides.
- Maintain a reference list of publishers (e.g., Fivetran, Datadog, Snyk, Miro, Lucidchart, Canva, Workiva) with ownership and renewal dates.
2) Ingest Usage & Entitlement Data (CSV/API/Middleware)
Pattern: Import Sets → Transform Maps → SAM tables, scheduled.
| Method | When to use | Notes |
|---|---|---|
| CSV Import | Vendors provide monthly CSV exports | Use Import Sets, Transform Maps, and Scheduled Imports |
| REST API | Platforms expose admin APIs (e.g., Atlassian, Zoom, Fivetran) | Use IntegrationHub, Scripted REST, or MID Server as needed |
| Middleware | Orchestrate multiple sources or approvals | Azure Logic Apps, MuleSoft, Power Automate |
Normalization: map usernames to UPN/email, normalize product/plan names, and dedupe rows before landing.
3) Reconcile Without Discovery Fingerprints (User-Based)
Goal: Compute Effective License Position (ELP) using user/entitlement correlation.
- Create a Reconciliation Definition with User-Based License Metric.
- Land usage into a staging table (e.g.,
x_app_usage_import) → transform tocmdb_sam_sw_installor related SAM usage tables. - Join Usage → User → Entitlement and compute compliance.
// Pseudo logic (Script Include)
var active = usage.active_users(userId, product);
var entitled = entitlement.user_limit(product, orgId);
current.status = (active > entitled) ? 'Over-Licensed' : 'Compliant';Custom Metrics: define user, seat, transaction, or workspace metrics per vendor model.
4) Automate Governance & Data Quality
- Transform Map onBefore scripts: validate required fields; reject malformed records.
- Business Rules: enforce naming, categories, and freshness tags.
- Scheduled Jobs: mark imports “stale” after X days; alert owners.
- Exception Dashboards: missing entitlements, orphaned usage, stale feeds.
// Example transform validation snippet
if (!source_name || !last_updated) {
ignore = true;
gs.addErrorMessage('Non-discoverable import rejected: missing source_name/last_updated');
}5) Integrate with FinOps for Spend & Optimization
- Ingest cost data (CSV/API) from Azure Cost Management/Apptio/CloudHealth.
- Join usage + entitlement + cost in PA Indicators: utilization %, cost per active user, reclaim candidates.
- Surface renewal windows and true-up projections; flag redundant apps.
6) Automate Reclamation & Access Reviews
- Flow Designer/IntegrationHub: if Last Login > 90 days → create reclaim task or call vendor API to disable account.
- Fallback for no API: notify app owner via email approval; update entitlement after confirmation.
- Run quarterly user access reviews per app; store attestations for audit.
7) Compliance Dashboards for Non-Discoverable Apps
- Widgets: ELP by publisher, Usage vs Entitlement, Stale data aging, Renewals by quarter.
- Data Sources:
alm_entitlement,cmdb_sam_sw_install, import staging, contract tables. - KPIs: <30% active usage → reclaim; duplicate tools → consolidation; high growth → forecast spend.
8) Reference Architecture (Summary)
| Component | Purpose | Notes |
|---|---|---|
| Software Model Library | Model non-discoverable SaaS | Flags, taxonomy, owners |
| Import Sets + Transform Maps | Load usage/entitlement | CSV/API/Middleware |
| IntegrationHub / MID | Secure API ingestion | Polling & throttling |
| Custom Metrics | User/seat/consumption | Per-vendor logic |
| Governance Rules | Quality & audit | Validation & freshness |
| Flow Designer | Reclamation / reviews | Close loop with owners |
| Performance Analytics | ELP & optimization | Spend/utilization/renewals |
Outcome: Audit-ready ELP for non-discoverable SaaS, automated access cleanup, and measurable spend optimization — exactly what SAM Pro is expected to deliver for modern SaaS portfolios.