How to Integrate ServiceNow ServiceDesk with IdentityNow

There has been a surge recently in integrating SNOW (ServiceNow) with IDN (IdentityNow) to generate tickets during provisioning or certification events. Many use-cases come to mind: For example, on an identity joiner event you might want to create SD ticket to give laptop and phones to an employee. Or give / remove an application access which is not directly integrated with IDN. Below I will show you how to get up and running in less than 30 min with the integration

Notes

  • This integration is fast changing and the guide is correct as of 30th April 2021
  • This integration is an additional license cost to IDN. Please talk to your CSM about it.
  • This assume you already have a SNOW tenant in your company
  • The guide doesn’t go in-depth into advance scenarios requiring Velocity or rules.

Prerequisite

  • SailPoint for Service Desk Installed on SNOW tenant

  • SNOW Governance connector installed on IDN and users correlated between IDN and SNOW connector
  • Configure at least one virtual appliance cluster.
  • Configure at least one source to generate manual tasks for Provisioning.
  • Be familiar with Apache Velocity scripting.
  • Know the authentication option (Basic or OAuth2) to use for IdentityNow to authenticate into ServiceNow. For token generation and OAuth Client setup on the ServiceNow instance, see Create an endpoint for clients to access the instance.
  • Have the permissions requirements for a service account: A Service Desk Administrator must be assigned the x_sap_sdim.admin role.

Gather Information

  • Create a source which is going to be used for provisioning and has entitlements a user can request. In this example a flat file source with 3 entitlements.

  • Create an Access Profile and Requestable Role for this source

  • To set an integration source owner, select an org admin user and get their identity ID via API call {{api-url}}/v3/search 2c91808673a16fb20173b8523ecd0021
  • Get the Cluster ID of your VA via API Call {{api-url}}/beta/managed-clusters 2c918088737cf45e0173b8fb6727040d
  • Get the id for the provision source (Say flat file) created via {{api-url}}/beta/sources/ : 2c91808578daf04e0178dcb83b1a0173
  • Get the id for the SNOW governance source which correlates users between SNOW and IDN via {{api-url}}/beta/sources/ : 2c91808478daf0580178dcff779001b4
  • Get the SNOW Application sys_id from SNOW. 8053xxxedbffb300exxxxxxxdbxxxxcx123

 

Integration

Use the following API to create the integration: https://developer.sailpoint.com/apis/beta/#operation/createServiceDeskIntegration

Please populate the payload (attached separately) and replace the parameters with value

Parameter

Value

<ownerId>

2c91808673a16fb20173b8523ecd0021

<clusterId>

2c918088737cf45e0173b8fb6727040d

<Provision_Source_ID>

2c91808578daf04e0178dcb83b1a0173

<SNOW_Sys_ID>

8053xxxedbffb300exxxxxxxdbxxxxcx123

<SNOW_URL>

https://XXXX.service-now.com/

<requesterSource>

2c91808478daf0580178dcff779001b4

<username>

SNOW user

<password>

User Password

 

 

Integration Testing

  • For the provision source, create some Entitlements and create Access Profile and requestable role.
  • Request for a SNOW correlated user for the source

  • In Account Activity a pending request will show for the request with REQ Ticket Number

  • In SNOW “Service Catalog -> Requests” the ticket number shows up

  • Click on RITM and you will see the description of request

  • Once the ticket is closed, the Access Request in IDN will close after interval checks. This frequency can be configured as well (See Configuring a Schedule for Status Checks section in SDIM Integration API Reference Guide)

That should be it. You should be able to create provisioning tickets for the source now.

Hope that helped!!!