Chat now with support
Chat with Support

Identity Manager 9.3 - Administration Guide for Connecting to ServiceNow

ServiceNow Module Overview Installation One Identity Manager for Service Catalog ServiceNow Mid Server Support Logging Troubleshooting

Raising a request and approval workflow

One Identity Manager ServiceNow Application allows users that are assigned admin role/businessuser to request company resources such as applications, system roles, or group membership as well as non-IT resources such as mobile telephones or keys for themselves or their subordinates.

The resources are requested using the IT Shop from the ServiceNow catalog page. To raise a request for themselves, Request For Self can be selected. To raise a request for subordinates, Request For others can be selected. By default, users can raise a request for direct subordinate, but it can be extended to in-direct subordinates too. It requires configurational changes in APIServer (The required configurational changes are mentioned in later sections). See Enabling Indirect Reportees for Request Creation.

The detailed procedure to request an IT Shop item is explained below.

To request an IT Shop item from ServiceNow Catalog page:

  1. From the ServiceNow instance portal navigate to the Catalog page.

  2. Search for Request for Self or Request for others.

  3. Users need to first login with One identity manager web portal credentials.

  4. Post login, users will be redirected to request page.

  5. Enter the Required details.

  6. Validation is performed for each selected item before submission. If any selected item fails validation, the request cannot be submitted.

  7. If the request passes all validations, proceed by clicking the submit button.

NOTE:

  • Fetch specific service item for a user using key search: If a particular service item is not available in the picker or service category for the service item is not known, users can directly search for the item on a search bar, and can select the specific item.

  • The request can be raised only from ServiceNow Service portal catalog page.

Request is submitted and processed based on the configuration combinations and approval workflow.

Once the request is approved from ServiceNow, the request is processed according to the approval policy applied on the requested service item in One Identity Manager. The request approval workflow of ServiceNow remains in the wait condition unless any activity(approve/reject) is performed from the One Identity Manager. The status of the request approval workflow of ServiceNow is updated accordingly.

User can change the number of times the request approval workflow executes using the max activity count property of workflow in ServiceNow.

Steps to change the max activity count

  1. Navigate to the Workflow->Workflow Editor using the navigation bar of ServiceNow.

  2. Click on the Approval Workflow for New Access Request.

  3. Check out the workflow using the menu bar option.

  4. Click on the properties.

  5. Navigate to the Activities tab.

  6. Change the max activity count value.

  7. Publish the workflow using the menu bar option.

NOTE: If Request_approval_workflow_expire_in_days or max activity count condition is fulfilled, the ServiceNow request approval workflow is completed. The requested service item is aborted in the One Identity Manager if there is no activity on One Identity manager for the requested service item.

Approval Form Widget

The approval page in the global scope often lacks sufficient information related to specific One Identity Manager (OneIM) requests. To address this limitation, the OneIM Approval Record Widget can be used to provide comprehensive details about a OneIM request.

This widget ensures approvers have access to all relevant data, facilitating smoother and more informed decision-making.

Steps to Configure the OneIM Approval Record Widget

  1. Navigate to Widgets in Service Portal

    1. Go to All > Service Portal > Widgets.

  2. Select the OneIM Approval Record Widget

    1. Locate and select the OneIM Approval Record Widget from the list.

  3. Clone the Widget in Global Scope

    1. Clone the selected widget to ensure it operates within the global scope.

  4. Modify the Approval Page

    1. Go to All > Service Portal > Pages.

    2. Find the Approval Form page and open it in the Designer.

  5. Replace the Existing Widget

  6. Replace the Approval Record Widget with the cloned version of the OneIM Approval Record Widget.

NOTE:

  • The OneIM Approval Record Widget only modifies the content displayed for One Identity Manager requests.
  • It does not impact the data or display of other requests on the approval page.
  • This ensures more relevant and detailed information for OneIM requests while main-taining consistency for other request types.

Enabling Indirect Reportees for Request Creation

By default, the application allows users to raise requests for themselves and their direct reportees. However, this functionality can be extended to include indirect reportees as well.

Follow the steps below to enable this feature:

  1. Open Apiserver and login to Admin portal using system admin credential.

  2. Navigate to configuration and select “Web portal” in dropdown.

  3. Navigate to “Feature configuration(QER)”.

  4. Append this query in “Identities for which request can be placed” –

    OR (uid_person IN (SELECT uid_person FROM dbo.SCN_FGetRecursiveEmployees('%useruid%')))

  5. Set "allow indirect reportees" to true.

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating