Once a synchronization operation completes One Identity Manager managers optionally could be added to a configured approval role. The configuration parameters for automatically adding One Identity Manager managers approver role are:
NOTE: The role could be chargeable. Consult a ServiceNow representative regarding cost involved before enabling this configuration parameter.
One Identity Manager ServiceNow application uses custom tables to store the application related configurations and data that are synchronized from the One Identity Manager. Details of the tables are summarized below.
Configuration Parameters
This table is used to store the One Identity Manager ServiceNow application configuration parameters that can be edited according to the business requirement. This table is only visible to the users with the admin role.
The following table contains a summary of all the custom columns added.
Column Name |
Descriptions |
Config param |
This column defines the name of the configuration parameter |
Config desc |
This column provides the configuration parameter description |
Config value |
This column is used to enter the value for the config parameter |
Config value encrypted |
This column is used to enter sensitive data for security reasons. For example password |
IT Shop Service Category
Service Categories in One Identity Manager ITShop are synchronized from One Identity Manager to ServiceNow into this custom table. This table is only accessible to the users with the admin role.
The following table contains a summary of all the custom columns added.
Column Name |
Descriptions |
Service Category |
This column provides the name of the service category in the IT shop service catalog |
Description |
This column provides the description relating to the respective service catalog given in the One Identity Manager |
Unique ID |
This column stores the GUID of the service catalog present in One Identity Manager |
XobjectKey |
This column stores the XObjectKey for the respective Service catalog in One Identity Manager |
IT Shop Service Category – User
Mapping between the One Identity Manager ITShop ServiceCategory and Users are synchronized into this table. This table is only accessible to the users with the admin role.
The following table contains a summary of all the custom columns added.
Column Name |
Descriptions |
Service Category |
This column provides the name of the service category in the IT shop service catalog |
User |
Name of the user that has the resources |
IT Shop Service Items
IT Shop services created under the IT Shop Service Category are synchronized into this table in ServiceNow and are used for assigning the service items in the ServiceNow catalog page. This table is only visible to the users with the admin role.
The following table contains a summary of all the custom columns added.
Column Name |
Descriptions |
Service Item |
Name of the Service Item created in the One Identity Manager IT Shop |
Unique ID |
GUID of the Service Item created in One Identity Manager |
Service Category |
Name of the service category under which the Service Item is created in One Identity Manager |
UID_ITShopOrg |
GUID of IT Shop Org present in One Identity Manager |
XObjectKey |
Unique XObject Key Present in One Identity Manager |
IT Shop Service Items - User
Mapping between the One Identity Manager ITShop ServiceItems and Users are synchronized into this table. This table is only visible to the users with the admin role.
The following table contains a summary of all the custom columns added.
Column Name |
Descriptions |
Service Item |
Name of the Service Item created in the One Identity Manager IT Shop |
Service Category |
Name of the service category under which the Service Item is created in One Identity Manager |
User |
Name of the user that has the resources |
Shopping Cart Order
All the request orders that are created for a user on the ServiceNow catalog page are stored here. This table is only visible to the users with the admin role.
The following table contains a summary of all the custom columns added.
Column Name |
Descriptions |
UID_ShoppingCartOrder |
UID_ShoppingCartOrder present in the ShopCartOrder table in One Identity Manager is synchronized in this column |
Request |
This column provides the Request Number for the request raised through the One Identity Manager for ServiceNow catalog page |
Users
All identities from One Identity Manager are synchronized into ServiceNow to this table, if the useraccount exists for the Identity in the sysusers table. Also, the userid for ServiceNow account should match the Central Account / the CustomProperty value. This table is only visible to the users with the admin role.
The following table contains a summary of all the custom columns added.
Column Name |
Descriptions |
Firstname |
First name of the identity in One Identity Manager |
Lastname |
Last name of the identity in One Identity Manager |
Displayname |
Display name of the identity in One Identity Manager |
ServiceNow User ID |
ServiceNow user ID |
ServiceNow User Name |
ServiceNow UserName |
CustomProperty |
The custom property in the One Identity Person table. Optionally this ID can also be used to match One Identity Manager identities to ServiceNow users |
UID Person |
GUID of the identity in One Identity Manager person table |
UID_PersonHead |
GUID of the manager present in the One Identity Manager person table |
XObjectKey |
XObject key present for all the identities in the One Identity Manager person table |
NOTE: As these columns are used in various scripts, the column/table names should not be modified as they will lead to exceptions.
One Identity Manager ServiceNow Application allows users that are assigned admin role/sysadmin/businessuser to request company resources such as applications, system roles, or group membership as well as non-IT resources such as mobile telephones or keys.
The resources are requested using the IT Shop from the ServiceNow catalog page. The detailed procedure to request an IT Shop items is explained below.
To request an IT Shop item from ServiceNow Catalog page:
-
From the ServiceNow instance portal navigate to the Catalog page.
-
Search for One Identity Manager for Service Catalog.
-
Enter the Required details, and click on the submit button
NOTE:
-
Fetch specific service category for a user using key search: If a particular service category is not available in the picker on a search, click on the refresh button below in order to sync the categories from One Identity Manager Application Server. Once the categories are refreshed the user can select the specific category using the picker.
-
Wildcard search of service categories for a selected user: In order to fetch all the service categories for the selected user from the One Identity Manager Application server type '**' in the service category picker and then click on the refresh button below. Once the categories are refreshed the user can view all the categories fetched by entering '*' in the picker. User can set how many characters are needs to enter while searching for the service category and service item using configuration parameters.
-
Fetch specific service item for a selected service category and user using key search: If a particular service item for a selected service category is not available in the picker on a search, click on the refresh button below in order to sync the service item from One Identity Manager Application Server. Once the service items are refreshed the user can select the specific item using the picker.
-
The request can be raised only from ServiceNow Service portal catalog page
Request is submitted and processed based on the configuration combinations and approval workflow.
Once the request is approved from ServiceNow, the request is processed according to the approval policy applied on the requested service item in One Identity Manager. The request approval workflow of ServiceNow remains in the wait condition unless any activity(approve/reject) is performed from the One Identity Manager. The status of the request approval workflow of ServiceNow is updated accordingly.
User can change the number of times the request approval workflow executes using the max activity count property of workflow in ServiceNow.
Steps to change the max activity count
-
Navigate to the Workflow->Workflow Editor using the navigation bar of ServiceNow.
-
Click on the Approval Workflow for New Access Request.
-
Check out the workflow using the menu bar option.
-
Click on the properties.
-
Navigate to the Activities tab.
-
Change the max activity count value.
-
Publish the workflow using the menu bar option.
NOTE: If Request_approval_workflow_expire_in_days or max activity count condition is fulfilled, the ServiceNow request approval workflow is completed. The requested service item is aborted in the One Identity Manager if there is no activity on One Identity manager for the requested service item.
Once an IT Shop request is raised, it follows a defined approval process which decides whether the request is be approved or rejected.
Figure 2: Approval workflow process