Saviynt and ServiceNow integration

We can utilize Saviynt to manage our organization's ServiceNow deployment through mainly major two use cases  : 

CASE 1 : ServiceNow as a Managed Application for both reconciliation and provisioning/de-provisioning.

CASE 2 : ServiceNow as a Ticketing System to requests for different (disconnected )application accounts and resources (laptop etc). 

Once request is approved in Saviynt, a corresponding ticket is created in ServiceNow and once that's closed, the access is marked as granted in Saviynt. 

Case 1 : STEP 1 : Create a connection and respective SecuritySystem and Endpoint:

Connection JSON

{ "authentications": { "userAuth": { "authType": "Basic", "url": "https://XXX.service-now.com/", "httpMethod": "POST", "httpParams": {}, "httpHeaders": {}, "httpContentType": "text/html", "properties": { "userName": "xxxxxxxx", "password": "xxxxxxxx" }, "expiryError": "ExpiredAuthenticationToken", "authError": [ "InvalidAuthenticationToken", "AuthenticationFailed" ], "timeOutError": "Read timed out", "errorPath": "error.code", "maxRefreshTryCount": 5, "tokenResponsePath": "access_token", "tokenType": "Basic", "accessToken": "xxxxxxxxxxxxxxxx" } } }

Note  : the access token is built by encoding username:password in base 64 encoder. 

Step 2 : Create and Map your json for importing accounts (keep in mind to import only the attributes required for your deployment as it improves performance)

Import Account JSON

{ "accountParams":{ "connection":"userAuth", "processingType":"SequentialAndIterative", "statusAndThresholdConfig":{ "statusColumn":"status", "activeStatus":["Active","active","ACTIVE","1","TRUE","True","true"], "deleteLinks":"false", "accountThresholdValue":1000 }, "call":{ "call1":{ "callOrder":0, "stageNumber":0, "listField":"result", "keyField":"accountID", "disableDeletedAccounts":true, "http":{ "url":"https://xxx.service-now.com/api/now/table/sys_user?sysparm_query=active=true&sysparm_limit=16000&sysparm_display_value=true&sysparm_fields=name,active,sys_id,city,sys_class_name,location,cost_center,country,department,time_zone,source,locked_out,employee_number,name,user_name,irst_name,last_name,manager,u_middle_name,company,email,state,street", "httpMethod":"GET", "httpContentType":"application/json", "httpHeaders":{ "Authorization":"${access_token}" } }, *\\use this section to map reconciled attributes to Saviynt accoumt attributes "colsToPropsMap":{ "accountID": "sys_id~#~char", "name": "user_name~#~char", "displayname": "name~#~char", "status": "active~#~bool", "description":"sys_class_name~#~char", "customproperty1": "first_name~#~char", "customproperty2": "last_name~#~char", "customproperty3": "name~#~char", "customproperty4": "active~#~char", "customproperty5": "email~#~char", "customproperty6": "location~#~char", "customproperty7": "city~#~char", "customproperty8": "state~#~char", "customproperty9": "country~#~char", "customproperty10": "street~#~char", "customproperty11": "department~#~char", "customproperty12": "cost_center~#~char", "customproperty13": "company~#~char", "customproperty14": "time_zone~#~char", "customproperty15": "zip~#~char", "customproperty16": "source~#~char" }, "statusConfig":{ "active":"true", "inactive":"false" } } } } }

Step 3 : create your json for Creating an user's account in ServiceNow

Create Account JSON

{ "accountIdPath": "call1.message.result.sys_id", "responseColsToPropsMap": { "displayname": "response.message.result.name~#~char", "status": "response.message.result.active~#~char", "customproperty1": "response.message.result.email~#~char" }, "call": [ { "name": "call1", "connection": "userAuth", "url": "https://xxxxx.service-now.com/api/now/table/sys_user", "httpMethod": "POST", "httpParams": "{\"city\": \"${user.city}\",\"location\": \"${user.city}\",\"cost_center\": \"${user.costcenter}\",\"country\": \"${user.country}\",\"department\":\"${user.departmentname}\",\"source\":\"${user.customproperty16}\",\"active\": \"true\",\"locked_out\": \"false\",\"employee_number\": \"${user.employeeid}\",\"name\":\"${user.firstname} ${user.lastname}\",\"user_name\": \"${user.username}\",\"first_name\": \"${user.firstname}\",\"last_name\": \"${user.lastname}\",\"manager\":\"${userManager.username}\",\"u_middle_name\": \"${user.middlename}\",\"mobile_phone\": \"${user.phonenumber}\",\"phone\": \"${user.phonenumber}\",\"company\": \"${user.companyname}\",\"email\": \"${user.email}\",\"state\": \"${user.state}\",\"street\": \"${user.street}\",\"title\": \"${user.title}\"}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json", "unsuccessResponses": { "error.message": "Operation Failed" } } ] }  

Update Account JSON

{ "responseColsToPropsMap": { "name": "call1.message.user_name~#~char", "displayname": "call1.message.name~#~char" }, "call": [ { "name": "call1", "connection": "userAuth", "url": "https://wiley.service-now.com/api/now/table/sys_user/${account.accountID}", "httpMethod": "PUT", "httpParams": "{\"city\": \"${user.city}\",\"location\": \"${user.city}\",\"cost_center\": \"${user.costcenter}\",\"country\": \"${user.country}\",\"department\":\"${user.departmentname}\",\"source\":\"${user.customproperty16}\",\"active\": \"true\",\"locked_out\": \"false\",\"employee_number\": \"${user.employeeid}\",\"name\":\"${user.firstname} ${user.lastname}\",\"user_name\": \"${user.username}\",\"first_name\": \"${user.firstname}\",\"last_name\": \"${user.lastname}\",\"manager\":\"${userManager.username}\",\"u_middle_name\": \"${user.middlename}\",\"company\": \"${user.companyname}\",\"email\": \"${user.email}\",\"state\": \"${user.state}\",\"street\": \"${user.street}\",\"time_zone\": \"${user.customproperty33}\",\"title\": \"${user.title}\"}", "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json" ,"successResponses": { "statusCode": [200, 201, 204] }, "unsuccessResponses": { "statusCode": [302, 400, 403, 401, 404, 409, 501, 500] } } ] }

Enable Account JSON :

{ "call": [ { "name": "call1", "connection": "userAuth", "url": "https://wiley.service-now.com/api/now/table/sys_user/${account.accountID}", "httpMethod": "PUT", "httpParams": "{\"active\": \"true\"}", \\** update to false in case of disable accounts "httpHeaders": { "Authorization": "${access_token}" }, "httpContentType": "application/json" ,"successResponses": { "statusCode": [200, 201, 204] }, "unsuccessResponses": { "statusCode": [302, 400, 403, 401, 404, 409, 501, 500] } } ] }

step 4 : Configure security system and endpoint with appropriate approval workflow and policies 

step 5 : Request an account creation through Saviynt and run the WSRETRY job upon approval , check the task details section and in serviceNow if the user has been created. 

.. to be continued