License Removal Process and SAM Requirement Gathering Template
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hello Team,
- When we remove an unlicensed installation in ServiceNow, will the system automatically remove the license from the third-party application as well, or do we need to implement an integration to handle license removal in the third-party system?
- Could anyone please share a requirement gathering template or checklist, if available? I would like to understand what questions we should ask the client and in what sequence during requirement gathering.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Part 1: License Removal Behavior
When you remove an unlicensed installation record in ServiceNow (typically in the Software Asset Management module), ServiceNow does not automatically remove or revoke the license in the third-party application. Here's why:
ServiceNow SAM is fundamentally a system of record, not a system of action for third-party tools. It tracks entitlements, installations, and compliance positions — but it has no native outbound mechanism to reach into Adobe, Microsoft, Salesforce, or any other vendor's licensing portal and revoke a seat.
So to answer directly:
| Action | Happens Automatically? |
|---|---|
| Installation record removed in SNOW SAM | ✅ Yes — SNOW updates its own records |
| License count recalculated in SNOW | ✅ Yes — compliance position updates |
| License revoked in third-party system | ❌ No — requires integration |
| User deprovisioned in third-party app | ❌ No — requires integration or manual process |
The integration you would need is typically one of:
- Flow Designer / IntegrationHub spoke (e.g. Microsoft 365, Okta, Adobe) triggering a deprovisioning action when a SAM record changes
- Custom REST outbound call to the third-party vendor's API when an installation or allocation record is deleted/updated
- Identity governance integration (e.g. SailPoint, Saviynt) if one exists in the environment, which may already handle downstream revocation
Part 2: Requirement Gathering Checklist
Here is a structured template ordered by discovery sequence — starting broad and narrowing toward technical specifics.
Phase 1 — Business Context
These establish why the client needs this capability before you discuss what to build.
- What is driving this initiative — audit findings, cost reduction, compliance mandate, or a specific incident?
- Which software vendors/applications are in scope initially?
- What is the expected volume of license removal events per month?
- Who currently owns the license removal process — IT, Procurement, or a separate SAM team?
- Is there an existing manual process today, and if so, where does it break down?
- What is the cost or risk of a license not being removed promptly?
Phase 2 — Current State & Systems
- What ServiceNow modules are licensed and active — SAM Pro, ITAM, ITSM?
- How are software installations currently discovered — SCCM, JAMF, agent-based, manual?
- Which third-party applications need license revocation integration (prioritized list)?
- Do those third-party apps have APIs available for license/user management?
- Is there an Identity Provider (Okta, Azure AD, Ping) already handling user lifecycle that could be leveraged?
- Are any IntegrationHub spokes already deployed in the environment?
Phase 3 — Process & Workflow
- What event should trigger the license removal workflow — offboarding, role change, manager request, scheduled reclaim?
- Is there an approval step required before a license is revoked?
- Should the user be notified before revocation, and how much notice is required?
- What happens to the user's data in the third-party app when the license is removed?
- Are there exceptions — e.g. executives, contractors, specific departments that should never be auto-reclaimed?
- Who has authority to override or pause a reclaim?
Phase 4 — Technical & Integration
- What authentication method does the third-party API support — OAuth 2.0, API key, basic auth?
- Is the third-party application cloud-hosted or on-premise? If on-premise, is a MID Server required?
- What is the expected API rate limit or throttling constraint from the vendor?
- Should revocation be real-time (synchronous) or batched (scheduled)?
- How should failures be handled — retry logic, fallback to manual ticket, alerting?
- What data needs to be passed in the API call — user email, employee ID, license SKU, tenant ID?
Phase 5 — Compliance & Reporting
- Does the client need an audit trail of every license removal event?
- Are there regulatory requirements around how quickly a license must be revoked after a trigger event (e.g. SOX, GDPR)?
- What reports or dashboards are needed to demonstrate compliance?
- How long should revocation event logs be retained?
Phase 6 — Success Criteria & Acceptance
- How will you measure whether the integration is working correctly?
- What does a successful UAT scenario look like end to end?
- Who signs off on go-live readiness?
- What is the hypercare period expectation post go-live?
The sequencing matters here — clients often want to jump to Phase 4 (technical) before Phases 1–3 are solid, which leads to building the right integration for the wrong process. Anchoring on business context and current state first saves significant rework downstream.
