Identity Manager 9.1.2 - Administration Guide for Connecting to ServiceNow

Performing a full synchronization through scheduled job Performing delta synchronization through scheduled job Performing full synchronization through Catalog Page Performing delta synchronization through Catalog Page

Roles and Permissions

Approver roles Adding approval role for One Identity Manager managers

One Identity Manager ServiceNow App Tables

Raising a request and approval workflow Process overview ServiceNow Approval

Manager Approval SOD cases

One Identity Manager Approval Create One Identity Manager employee from ServiceNow

Logging Troubleshooting

One Identity Manager for Service Catalog

Manager Approval

If manager approval is enabled, the request is routed to user’s ServiceNow/One Identity Manager’s manager for approval depending on the configuration parameter. Configure the following configuration parameters described below

Config name	Value
perform_manager_approval	true
manager_approval_authoritative_source	SNOW / ONEIM
fallback_approver	“Fallback approver name”

If manager_approval_authoritative_source has been configured to SNOW, the request will be routed to user’s ServiceNow manager and if one does not exist, it is routed to the configured fallback approver.

If manager_approval_authoritative_source has been configured to ONE IDENTITY MANAGER, the request will be routed to user’s One Identity Manager’s manager and if one does not exist, it is routed to the configured fallback approver.

NOTE: If the authoritative source is ServiceNow then system admin should make sure that the appropriate manager has approver role.

Self-Service approval in ServiceNow

To enable self-service approval in ServiceNow, configure the following configuration parameters with the value specified

Config name	Value
perform_manager_approval	false

Now the user requests will be automatically approved.

SOD cases

SOD rules configured in One Identity Manager can be checked and validated against at ServiceNow end by enabling the configuration parameter perform_sod_check (set the configuration parameter to true). SOD use cases are summarized below:

No SOD conflict for any of the requested item: The request is routed to the configured manager/fallback approver/self-service approval is performed.
SOD Conflict for some of the requested items and exception approver has been configured in the One Identity Manager SOD Rule: The request is routed to the compliance officer configured in ServiceNow (Configuration parameter: compliance_officer). If the compliance officer approves the request, the request is then routed to the configured manager/fallback approver/self-service approval is performed. If compliance officer rejects, the request is rejected
SOD Conflict for some of the requested items and exception approver has not been configured in the One Identity Manager SOD Rule: The request is automatically canceled.

One Identity Manager Approval

Once the IT Shop Item is approved in the One Identity ServiceNow application, the request is then processed by the defined approval process in One Identity manager. Optionally ITShop approval policy could be configured in such a way that self-service approval takes place when the request has been raised and approved in ServiceNow while request raised from One Identity Manager goes over the regular approval process. This way approvals do not need to take place multiple times for request raised from ServiceNow.

For more information on IT Shop Request approval process please refer to the Identity Manager 8.1 - IT Shop Administration Guide.

Create One Identity Manager employee from ServiceNow

One Identity Manager ServiceNow Application allows admin to create a new employee for One Identity Manager using ServiceNow “One Identity Manager for Person OnBoarding” feature. The detailed procedure to create an employee is explained below.

NOTE: Ensure that the data has been synced from One identity manager to ServiceNow tables.

To create an employee from ServiceNow Person OnBoarding Catalog page

From the ServiceNow instance portal navigate to the Catalog page.
Search for One Identity Manager for Person OnBoarding.
Enter the required details and click on submit.

Detailed explanation of the fields

Table 2: Fields
Field Names	Description
FirstName	First name of the employee
LastName	Last name of the employee
Contact Email Address	The email address of the employee
Gender	Gender of the employee
Primary department	Department to which the employee is primary assigned
Primary Cost Center	Cost center to which the employee is primary assigned
Primary Location	Location to which the employee is primary assigned
Primary Business Role	Business role to which the employee is assigned
Person Manager	Select the Person Manager for the new employee
Person Sponsor	Select the Person Sponsor for the new employee. The sponsor is the ServiceNow user requesting for new employee
Date of Birth	This field will determine the date of birth of employee
Entry Date/Time	Date the employee started at the company. The Entry date is in user's configured timezone. The time will be converted into GMT format in the One Identity Manager
Employee Type	Employee type of the new Employee. This field is auto populated from the Configuration parameters "default_employee_type"
Remarks	Additional information about the Employee

NOTE:

Either one of the fields, "Person Manager" or "Person Sponsor" is mandatory. Person manager is given the preference if both are selected.
Person Manager or Person Sponsor must have approver_role to approve the request.
To view the Person OnBoarding form, the user must have x_oni_oneim_addon.admin role.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.