How to: Provisioning to a SCIM Endpoint without using Starling Connect (322483)

Example: ServiceNow User Provisioning

1.- Open the Active Roles MMC Console and navigate to the Configuration>Script Module node.
2.- Right-click on the Script Modules container (or preferred sub-container) and select New>Script Module.
3.- Name the Script Module as desired, select PowerShell as the Script language, enter a Description as desired and click NEXT.

4.- Select Policy script and click NEXT.

5.- Select onPostCreate and click NEXT.



6.- Click FINISH.

7.- In the Active Roles MMC Console (Configuration>Script Module>[YourNewScript]), click within the script on the right and hit ENTER.

8.- When prompted to Edit, click Yes.

9.- Copy the script from the Appendix and paste it within the brackets of the initial script shell.
Example:

Important Note: Each SCIM-enabled application may have different required attributes that must be specified.
10.- Ensure you have modified the script with the desired workflow parameter name, as well as, change the ServiceNow instance name to the one you are using.
11.- Right-click on the new Script Module and select Save Script on Server.



12.-Navigate to the Policies>Workflow node.
13.- Right-click on the Workflow container (or preferred sub-container) and select New>Workflow.
14.- Click NEXT.

15.- Name the Workflow and set the Description as desired.

16.- Select the change workflow option and click NEXT.

17.- Click FINISH.

18.- Click on the newly created workflow.
19.- In the right pane, expand the ‘Workflow options and start conditions’ section, then click the Configure button.

20.- Set the Operation Conditions, Initiator Conditions and Filtering Conditions as desired and click OK. Example:

21.- Click on the Parameters tab.

22.- Click the Add button at the bottom of the Parameters window.

23.- Modify the Name, Description and DisplayName as desired. For the Syntax, select SecureString. Example:

Note: the ‘Name’ field above must match the Workflow Parameter name you defined in the script copied from the Appendix. Specially, the highlighted area on this line of the script.
$Password = $Workflow.Parameter("NameOfYourWorkflowParameters")

When done, click OK at the bottom of the window.

24.- The screen should look similar this:

25.- Ensure to click the Parameter line, then click the View or Change Parameter Value button in the bottom right corner of the window.

26.- Enter the admin password of the ServiceNow instance. It will not be visible. Click OK.

27.- Click OK at the bottom of the window

28.- Drag the Script activity button onto the Workflow.

29.- Double-click the ‘Run Script: Not specified’ workflow activity to configure it.
30.- Name the Workflow and Description as desired.

31.- On this same screen, click the BROWSE button on the ‘Script to use’ field.

32.- Navigate to and select the SCIM Provisioning script created in previous steps and click OK. Example:

33.- In the ‘Function to run’ filed, click the dropdown menu and select ‘onPostCreate’

34.- The completed screen should like this and if so, click OK at the bottom right of the window.

35.- Click the Save Changes button in the bottom right.

36.- Create a new user in Active Roles within the scope of the workflow start conditions. The user should be provisioned in ServiceNow upon completion.

WARNING: Ensure this manual method of SCIM provisioning does not conflict with a SaaS Provisioning Policy that uses Starling Connect (same scope, filtering, application, etc.) or it will fail with an error.

Appendix
Provision to ServiceNow script example
Note: Change what is highlight in bold. Also, in the Body, add/remove attributes as desired.

# Username of the ServiceNow administrator account
$Username = "admin"

# Encrypt Password using Workflow Parameter
$Password = $Workflow.Parameter("NameOfYourWorkflowParameter")
$EncryptedPwd = ConvertTo-SecureString $Security.Cryptography.DecryptFromString($Password) -AsPlainText -Force
$MyCredential = New-Object System.Management.Automation.PSCredential ($Username, $EncryptedPwd)

# ServiceNow Instance URL
$ServiceNowURL = "https://YourServiceNowInstanceName.service-now.com/api/now/table/sys_user"

$Body = @{
user_name     = $Request.Get("edsaUPNPrefix")
first_name    = $Request.Get("givenName")
last_name     = $Request.Get("sn")
user_password = $Request.Get("edsaPassword")
active        = "true"
title         = $Request.Get("title")
}

$json = $Body | ConvertTo-JSON
$headers = @{
"Content-Type" = "application/json"
}

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-RestMethod -Method 'Post' -Uri $ServiceNowURL -Headers $headers -Credential $MyCredential -Body $json