Example: ServiceNow User Provisioning
1.- Open the Active Roles MMC Console and navigate to the Configuration>Script Module node.
2.- Right-click on the Script Modules container (or preferred sub-container) and select New>Script Module.
3.- Name the Script Module as desired, select PowerShell as the Script language, enter a Description as desired and click NEXT.
4.- Select Policy script and click NEXT.
5.- Select onPostCreate and click NEXT.
6.- Click FINISH.
7.- In the Active Roles MMC Console (Configuration>Script Module>[YourNewScript]), click within the script on the right and hit ENTER.
8.- When prompted to Edit, click Yes.
9.- Copy the script from the Appendix and paste it within the brackets of the initial script shell.
Example:
Important Note: Each SCIM-enabled application may have different required attributes that must be specified.
10.- Ensure you have modified the script with the desired workflow parameter name, as well as, change the ServiceNow instance name to the one you are using.
11.- Right-click on the new Script Module and select Save Script on Server.
12.-Navigate to the Policies>Workflow node.
13.- Right-click on the Workflow container (or preferred sub-container) and select New>Workflow.
14.- Click NEXT.
15.- Name the Workflow and set the Description as desired.
16.- Select the change workflow option and click NEXT.
17.- Click FINISH.
18.- Click on the newly created workflow.
19.- In the right pane, expand the ‘Workflow options and start conditions’ section, then click the Configure button.
20.- Set the Operation Conditions, Initiator Conditions and Filtering Conditions as desired and click OK. Example:
21.- Click on the Parameters tab.
22.- Click the Add button at the bottom of the Parameters window.
23.- Modify the Name, Description and DisplayName as desired. For the Syntax, select SecureString. Example:
Note: the ‘Name’ field above must match the Workflow Parameter name you defined in the script copied from the Appendix. Specially, the highlighted area on this line of the script.
$Password = $Workflow.Parameter("NameOfYourWorkflowParameters
When done, click OK at the bottom of the window.
24.- The screen should look similar this:
25.- Ensure to click the Parameter line, then click the View or Change Parameter Value button in the bottom right corner of the window.
26.- Enter the admin password of the ServiceNow instance. It will not be visible. Click OK.
27.- Click OK at the bottom of the window
28.- Drag the Script activity button onto the Workflow.
29.- Double-click the ‘Run Script: Not specified’ workflow activity to configure it.
30.- Name the Workflow and Description as desired.
31.- On this same screen, click the BROWSE button on the ‘Script to use’ field.
32.- Navigate to and select the SCIM Provisioning script created in previous steps and click OK. Example:
33.- In the ‘Function to run’ filed, click the dropdown menu and select ‘onPostCreate’
34.- The completed screen should like this and if so, click OK at the bottom right of the window.
35.- Click the Save Changes button in the bottom right.
36.- Create a new user in Active Roles within the scope of the workflow start conditions. The user should be provisioned in ServiceNow upon completion.
WARNING: Ensure this manual method of SCIM provisioning does not conflict with a SaaS Provisioning Policy that uses Starling Connect (same scope, filtering, application, etc.) or it will fail with an error.
Appendix
Provision to ServiceNow script example
Note: Change what is highlight in bold. Also, in the Body, add/remove attributes as desired.
# Username of the ServiceNow administrator account
$Username = "admin"
# Encrypt Password using Workflow Parameter
$Password = $Workflow.Parameter("NameOfYourWorkflowParameter")
$EncryptedPwd = ConvertTo-SecureString $Security.Cryptography.DecryptFromString($Password) -AsPlainText -Force
$MyCredential = New-Object System.Management.Automation.PSCredential ($Username, $EncryptedPwd)
# ServiceNow Instance URL
$ServiceNowURL = "https://YourServiceNowInstanceName.service-now.com/api/now/table/sys_user"
$Body = @{
user_name = $Request.Get("edsaUPNPrefix")
first_name = $Request.Get("givenName")
last_name = $Request.Get("sn")
user_password = $Request.Get("edsaPassword")
active = "true"
title = $Request.Get("title")
}
$json = $Body | ConvertTo-JSON
$headers = @{
"Content-Type" = "application/json"
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-RestMethod -Method 'Post' -Uri $ServiceNowURL -Headers $headers -Credential $MyCredential -Body $json
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy