Integrating your Software Asset Management application with the Confluence Cloud application enables you to track your software subscriptions and to reclaim unused licenses.

Currently this integration supports only one site integration per profile.

Important: Minimize security risks and protect information by granting access only to the necessary user or API permissions.
Table 1. Minimal user permissions
Process Required user role in the Confluence Cloud application Authentication scopes
Download subscriptions User role for confluence product
  • Read user groups (read:confluence-groups)
  • Read user (read:confluence-user)
Pull user activity User role for confluence product Search Confluence content and space summaries (search:confluence)
Reclaim subscription site admin
  • Read user groups (read:confluence-groups)
  • Create, remove, and update user groups (write:confluence-groups)

Create a Confluence Cloud OAuth 2.0 (3LO) application

Create a Confluence Cloud OAuth 2.0 (3LO) application to enable access to the Confluence Cloud API.

Before you begin

Atlassian Role required: Refer to the Minimal user permissions table.

Procedure

  1. From a web browser, open the Atlassian Developer portal.
  2. Log in to your site admin account.
  3. On the page header of the portal, select your profile icon and then select Developer console.
    The My apps page of the Atlassian Developer Console opens.
  4. Select the Create app menu and then select OAuth 2.0 (3LO) integration.
    The Create a new OAuth 2.0 (3LO) integration page opens.
  5. Enter a name for the OAuth 2.0 (3LO) application in the Name field.
  6. Select the I agree to be bound by Atlassian's developer terms check box and then select Create.
  7. Configure the authorization settings for your application.
    1. From the left navigation pane, select Authorization.
    2. Select Configure for the OAuth 2.0 (3LO) authorization type.
      The OAuth 2.0 authorization code grants (3LO) for apps page opens.
    3. In the Callback URL field, enter the URL of the OAuth provider that users are redirected to after authentication.
      Enter https://instance.service-now.com/oauth_redirect.do, where <instance> is the name of your ServiceNow instance.
    4. Select Save changes.
  8. Configure API scopes for your application.
    API scopes specify the level of access that the application has to the Atlassian APIs.
    1. From the left navigation pane, select Permissions.
    2. From the list of available APIs, locate the Confluence API and then select Add.
      The Add action button automatically changes to the Configure action button.
    3. Select Configure.
      The Confluence API page opens.
    4. Add the following scopes for the Confluence API:
      • Search Confluence content and space summaries
      • Read user groups
      • Create, remove, and update user groups
      • Read user
  9. Retrieve the client ID and client secret that are assigned to your application.
    1. From the left navigation pane, select Settings.
    2. In the Authentication details section, copy the values in the Client ID and Secret fields.
      Save them in a secure location for later use.

Create a Confluence Cloud integration profile

Create a Confluence Cloud integration profile to track software subscriptions and optimize licensing for your Confluence Cloud applications.

Before you begin

To create a Confluence Cloud integration profile, request the Software Asset Management - SaaS License Management plugin (sn_sam_saas_int) from the ServiceNow Store.

Atlassian Role required: site admin

ServiceNow Role required: sam_integrator, sn_confluence_spoke.confluence_cloud_admin

About this task

If you’re using Software Asset Workspace, the option to create the Confluence Cloud integration profile in Core UI is inactive.

Procedure

  1. Navigate to the integration profile.
    InterfaceAction
    Core UI
    1. Navigate to All > Software Asset > SaaS License > Direct Integration Profiles.
    2. Select New.
    3. Select Confluence Cloud Integration Profile.
    Software Asset Workspace
    1. Navigate to License operations > User Subscriptions > Direct integration profiles.
    2. Select New.
    3. Select Confluence Cloud from the drop-down list.
    4. Select Continue.
  2. On the form, fill in the fields.
    Table 2. Integration Profile form
    FieldValue
    Display Name Name of the integration profile. For example, Confluence Cloud Integration.
    Connection & Credential Connection and credential alias for Confluence Cloud. This field populates automatically.
    Status Status of the integration profile.
    • If you have not published the integration profile, this field is automatically set to Draft.
    • If you have already published the integration profile, this field is automatically set to Published.
    Profile Type Type of integration profile.

    This field is automatically set to Confluence Cloud Subscription.
  3. On the Download Subscription Subflow tab, verify that the Subflow field is set to Confluence Cloud Download Subscriptions Subflow.
  4. On the Calculate Activity Subflow tab, verify that the Subflow field is set to Confluence Cloud Update User Activity Subflow.
    You can also select the date and time that you want to analyze user activity from in the Analyze user activity from field. By default, you can analyze user activity up to 60 days prior to the current date and view events performed by individual users from the time you create this profile.
    Note: Software Asset Management pulls the events from the time that you start analyzing user activity irrespective of the profile creation date.
    You can modify this value in the Last activity threshold field of your software reclamation rules. For more information, see Review a software reclamation rule.
  5. On the Reclaim Subscription Subflow tab, verify that the Subflow field is set to Confluence Cloud Reclaim Subscription Subflow.
  6. Select Save.
    Your ServiceNow instance creates a draft integration profile. The integration profile uses the Confluence Cloud Download Subscriptions, Confluence Cloud Update User Activity, and Confluence Cloud Reclaim Subscription subflows to retrieve user data from the Confluence Cloud application.
  7. Open the connection & credential aliases record by selecting the preview icon (Preview icon.) next to the Connection & Credential field and then selecting Open Record in the record preview.
  8. On the Connection & Credential Aliases form, select the Create New Connection & Credential related link.
  9. In the dialog box, fill in the fields.
    Table 3. Create Connection and Credential dialog box
    FieldDescription
    Name Name of the connection.
    Connection URL API URL for Confluence Cloud.

    This field is automatically set to https://api.atlassian.com.
    OAuth Client ID Client ID that is assigned to your Confluence Cloud OAuth 2.0 (3LO) application.
    OAuth Client Secret Client secret that is assigned to your Confluence Cloud OAuth 2.0 (3LO) application.
    OAuth Redirect URL URL of the OAuth provider that users are redirected to after authentication.

    This field populates automatically based on the callback URL that you specified in Create a Confluence Cloud OAuth 2.0 (3LO) application.
  10. Select Create and Get OAuth Token.
    Note: For the role required to perform this step, refer to the Minimal user permissions table.
  11. When the dialog box appears, grant permission to the Confluence Cloud application.
    The dialog box closes and you automatically return to the Connection & Credential Aliases form.
  12. Specify the groups that have access to Confluence products.
    By specifying these groups on your ServiceNow instance, you can retrieve data and manage licenses for only the users within these groups.
    1. In a new tab, open the Atlassian Administration portal.
    2. Log in to the admin account with a site_admin role
    3. Navigate to SITE SETTINGS > Product access.
    4. In the Confluence section, view the list of groups that have access to Confluence products.
      Take note of this information for later use.
    5. Return to your ServiceNow instance and navigate to Confluence Cloud > Confluence Groups.
    6. On the Confluence Groups form, select the Add Groups related link.
      The Add Confluence Groups dialog box opens.
    7. In the Available list, select the groups that have access to Confluence products.
      Tip: The Available list includes all groups that are associated with your Atlassian account. Select only the groups that have access to Confluence products.
    8. Select the right arrow button to move the groups from the Available list to the Selected list.
    9. Select OK.
  13. Return to your integration profile by navigating to SaaS License > Administration > Direct Integration Profiles and then selecting the profile from the Integration Profiles list.
  14. Select Publish.
  15. In the Publish Confirmation dialog box, select OK.

What to do next

After the integration connects, your ServiceNow instance automatically creates software models, reclamation rules, and software subscriptions that are refreshed daily.

If you want to set up multiple integration profiles with unique connections, create child aliases to manage different configurations and settings for each integration profile. For more information, see Create a child alias to set up multiple integration profiles.

Review all automatically generated reclamation rules to reclaim user subscriptions. For more information, see Review a software reclamation rule.

Create software entitlements for the automatically generated software models to track used software against owned software.
Reconciliation also runs on your subscriptions as a scheduled job or on-demand. You can view your reconciliation results in the License Workbench (Software Asset Management classic application) or the License usage view (Software Asset Workspace). Use these results to determine your license compliance position and to remediate any non-compliance.