Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to ServiceNow

ServiceNow Module Overview Installation Managing ServiceNow Incidents from One Identity Manager One Identity Manager for Service Catalog Logging Troubleshooting

Adding approval role for One Identity Manager managers

Once a synchronization operation completes One Identity Manager managers optionally could be added to a configured approval role. The configuration parameters for automatically adding One Identity Manager managers approver role are:

  • add_OneIM_managers_to_approver_role: Boolean value (true/false) that determines whether One Identity Manager Managers will be added to the ServiceNow approver role approver_user.

NOTE: The role could be chargeable. Consult a ServiceNow representative regarding cost involved before enabling this configuration parameter.

One Identity Manager ServiceNow App Tables

One Identity Manager ServiceNow application uses custom tables to store the application related configurations and data that are synchronized from the One Identity Manager. Details of the tables are summarized below.

Configuration Parameters

This table is used to store the One Identity Manager ServiceNow application configuration parameters that can be edited according to the business requirement. This table is only visible to the users with the admin role.

The following table contains a summary of all the custom columns added.

Column Name Descriptions
Config param This column defines the name of the configuration parameter
Config desc This column provides the configuration parameter description
Config value This column is used to enter the value for the config parameter

Config value encrypted

This column is used to enter sensitive data for security reasons. For example password

IT Shop Service Category

Service Categories in One Identity Manager ITShop are synchronized from One Identity Manager to ServiceNow into this custom table. This table is only accessible to the users with the admin role.

The following table contains a summary of all the custom columns added.

Column Name Descriptions
Service Category This column provides the name of the service category in the IT shop service catalog
Description This column provides the description relating to the respective service catalog given in the One Identity Manager
Unique ID This column stores the GUID of the service catalog present in One Identity Manager

XobjectKey

This column stores the XObjectKey for the respective Service catalog in One Identity Manager

IT Shop Service Category – User

Mapping between the One Identity Manager ITShop ServiceCategory and Users are synchronized into this table. This table is only accessible to the users with the admin role.

The following table contains a summary of all the custom columns added.

Column Name Descriptions
Service Category This column provides the name of the service category in the IT shop service catalog
User Name of the user that has the resources
IT Shop Service Items

IT Shop services created under the IT Shop Service Category are synchronized into this table in ServiceNow and are used for assigning the service items in the ServiceNow catalog page. This table is only visible to the users with the admin role.

The following table contains a summary of all the custom columns added.

Column Name Descriptions
Service Item Name of the Service Item created in the One Identity Manager IT Shop
Unique ID GUID of the Service Item created in One Identity Manager

Service Category

Name of the service category under which the Service Item is created in One Identity Manager

UID_ITShopOrg

GUID of IT Shop Org present in One Identity Manager

XObjectKey

Unique XObject Key Present in One Identity Manager

IT Shop Service Items - User

Mapping between the One Identity Manager ITShop ServiceItems and Users are synchronized into this table. This table is only visible to the users with the admin role.

The following table contains a summary of all the custom columns added.

Column Name Descriptions
Service Item Name of the Service Item created in the One Identity Manager IT Shop

Service Category

Name of the service category under which the Service Item is created in One Identity Manager

User Name of the user that has the resources
Shopping Cart Order

All the request orders that are created for a user on the ServiceNow catalog page are stored here. This table is only visible to the users with the admin role.

The following table contains a summary of all the custom columns added.

Column Name Descriptions
UID_ShoppingCartOrder UID_ShoppingCartOrder present in the ShopCartOrder table in One Identity Manager is synchronized in this column

Request

This column provides the Request Number for the request raised through the One Identity Manager for ServiceNow catalog page

Users

All identities from One Identity Manager are synchronized into ServiceNow to this table, if the useraccount exists for the Identity in the sysusers table. Also, the userid for ServiceNow account should match the Central Account / the CustomProperty value. This table is only visible to the users with the admin role.

The following table contains a summary of all the custom columns added.

Column Name Descriptions
Firstname First name of the identity in One Identity Manager

Lastname

Last name of the identity in One Identity Manager

Displayname

Display name of the identity in One Identity Manager

ServiceNow User ID

ServiceNow user ID

ServiceNow User Name

ServiceNow UserName

CustomProperty

The custom property in the One Identity Person table. Optionally this ID can also be used to match One Identity Manager identities to ServiceNow users

UID Person

GUID of the identity in One Identity Manager person table

UID_PersonHead

GUID of the manager present in the One Identity Manager person table

XObjectKey

XObject key present for all the identities in the One Identity Manager person table

NOTE: As these columns are used in various scripts, the column/table names should not be modified as they will lead to exceptions.

Raising a request and approval workflow

One Identity Manager ServiceNow Application allows users that are assigned admin role/sysadmin/businessuser to request company resources such as applications, system roles, or group membership as well as non-IT resources such as mobile telephones or keys.

The resources are requested using the IT Shop from the ServiceNow catalog page. The detailed procedure to request an IT Shop items is explained below.

To request an IT Shop item from ServiceNow Catalog page:

  1. From the ServiceNow instance portal navigate to the Catalog page.

  2. Search for One Identity Manager for Service Catalog.

  3. Enter the Required details, and click on the submit button

NOTE:

  • Fetch specific service category for a user using key search: If a particular service category is not available in the picker on a search, click on the refresh button below in order to sync the categories from One Identity Manager Application Server. Once the categories are refreshed the user can select the specific category using the picker.

  • Wildcard search of service categories for a selected user: In order to fetch all the service categories for the selected user from the One Identity Manager Application server type '**' in the service category picker and then click on the refresh button below. Once the categories are refreshed the user can view all the categories fetched by entering '*' in the picker. User can set how many characters are needs to enter while searching for the service category and service item using configuration parameters.

  • Fetch specific service item for a selected service category and user using key search: If a particular service item for a selected service category is not available in the picker on a search, click on the refresh button below in order to sync the service item from One Identity Manager Application Server. Once the service items are refreshed the user can select the specific item using the picker.

  • The request can be raised only from ServiceNow Service portal catalog page

Request is submitted and processed based on the configuration combinations and approval workflow.

Once the request is approved from ServiceNow, the request is processed according to the approval policy applied on the requested service item in One Identity Manager. The request approval workflow of ServiceNow remains in the wait condition unless any activity(approve/reject) is performed from the One Identity Manager. The status of the request approval workflow of ServiceNow is updated accordingly.

User can change the number of times the request approval workflow executes using the max activity count property of workflow in ServiceNow.

Steps to change the max activity count

  1. Navigate to the Workflow->Workflow Editor using the navigation bar of ServiceNow.

  2. Click on the Approval Workflow for New Access Request.

  3. Check out the workflow using the menu bar option.

  4. Click on the properties.

  5. Navigate to the Activities tab.

  6. Change the max activity count value.

  7. Publish the workflow using the menu bar option.

NOTE: If Request_approval_workflow_expire_in_days or max activity count condition is fulfilled, the ServiceNow request approval workflow is completed. The requested service item is aborted in the One Identity Manager if there is no activity on One Identity manager for the requested service item.

Process overview

Once an IT Shop request is raised, it follows a defined approval process which decides whether the request is be approved or rejected.

Figure 2: Approval workflow process

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating