Configuring IdentityIQ to Integrate with ServiceNow
This section provides the required information for configuring IdentityIQ to integrate with ServiceNow.
This is intended as an introduction to the configuration needed to integrate IdentityIQ with ServiceNow. It outlines some examples that must be used as a reference point for implementation. Some changes may be required to meet specific use case and expertise around both systems are a must for the successful implementations.
SailPoint provides a default ServiceNow configuration. This configuration implements the integration between IdentityIQ and the ServiceNow to fulfill creation of tickets based on IdentityIQ access certification remediation events.
The default configuration is located in the following directory, where iiqHome is the location where IdentityIQ was installed:
iiqHome/WEB-INF/config/connector/IdentityIQforServiceNowServiceDesk.xml
The configuration must include the following entries:
url*
The base URL of Service Desk System.
For example, https://host.service-now.com
authenticationType*
Authentication method that is supported by the managed system
- OAuth2
- Basic
connectorAppForServiceNow
The application name by which ServiceNow account are aggregated. Required for Plan Initializer script.
ticketType
Enter one of the following ticket type to generate ticket on Service Desk system:
- serviceRequest
- incident
- changeRequest
Applicable if authenticationType is selected as Basic
username*
Service Account username. Required when authenticationType is Basic.
password*
Service Account user password. Required when authenticationType is Basic
Applicable if authenticationType is selected as OAuth2
token_url
URL for generating access token.
For example, https://host.service-now.com/oauth_token.do
For more information on generating the access token, see Create an endpoint for clients to access the instance.
grant_type
Enter the following type of Grant:
REFRESH_TOKEN
or
PASSWORD
client_id
Client Id for OAuth2 authentication.
client_secret
Client secret for OAuth2 authentication.
refresh_token*
(Applicable if grant_type is selected as REFRESH_TOKEN) A valid refresh token for grant type authentication.
username*
(Applicable if grant_type is selected as PASSWORD) Service Account username.
password*
(Applicable if grant_type is selected as PASSWORD) Service Account user password.
The Application Configuration XML should have all configurations for Service Request, Incidents and Change modules. Depending on the type of selection for ticketType, respective configuration would be executed by connector for the request processing.
Each module would have provision and checkStatus entries as mentioned below:
Provision:
|
Entries |
Description |
REQ Tracking |
RITM Tracking |
|---|---|---|---|
|
resource |
Ticket creation RESTendpoint. Do not provide the base URL in the value. The system automatically appends the base URL to the endpoint value. Only provide the remaining endpoint URL. ServiceNow: /api/x_sap_sdim/sailpoint_cart_js_api/create_ticket |
- |
- |
|
catalogItem |
(For Service Request only) Map that provides the key value pair of managed application names and catalog item IDs. |
- |
- |
|
responseElement* |
The value is the JSON path expression, which provides information about where to find the ticket number in the response from the REST endpoint. |
|
|
|
requestObject |
The value represents the JSON root element in the request. |
- |
- |
|
request |
Map that represents request payload, which has a velocity template expression and velocity variables that dynamically update by integration before making the REST call. |
- |
|
Check Status:
|
Entries |
Description |
REQ Tracking |
RITM Tracking |
|---|---|---|---|
|
resource |
Ticket creation RESTendpoint. Do not provide the base URL in the value. The system automatically appends the base URL to the endpoint value. Only provide the remaining endpoint URL. |
|
|
|
checkStatusQueryParam |
Map that provides any query parameters needed for RESTcall. |
|
|
|
responseElement* |
The value is JSON path expression which provides information about where to find ticket number in the response from REST endpoint. |
|
|
|
statusMap |
Map that relates Ticket System status to IdentityIQ status. |
- |
- |
|
statusMapCloserCode |
Map that relates Ticket System status to IdentityIQ status. This field has higher precedence over status map. |
- |
- |
If any changes required in the mapping, change the default value/key values in statusMap and statusMapCloserCode as mentioned in the following tables:
statusMap for Service Request to track REQ ticket
|
Entry key (ServiceNow) |
Value (IdentityIQ) |
|
closed_cancelled |
Failed |
|
closed_complete |
Committed |
|
closed_incomplete |
Failed |
|
closed_rejected |
Failed |
|
in_process |
Queued |
|
requested |
Queued |
|
closed_skipped |
Failed |
statusMap for Service Request to track RITM ticket
|
Entry key (ServiceNow) |
Value (IdentityIQ) |
|
-5 |
Queued |
|
1 |
Queued |
|
2 |
Queued |
|
3 |
Committed |
|
4 |
Failed |
|
7 |
Failed |
statusMap and statusMapCloserCode for Incident
|
Entry key (ServiceNow) |
Values (IdentityIQ) |
|
statusMap |
|
|
1 |
Queued |
|
2 |
Queued |
|
3 |
Queued |
|
6 |
Committed |
|
7 |
Committed |
|
8 |
Failed |
|
statusMapCloserCode |
|
|
Solved (Work Around) |
Committed |
|
Solved (Permanently) |
Committed |
|
Solved Remotely (Work Around) |
Committed |
|
Solved Remotely (Permanently) |
Committed |
|
Closed/Resolved by Caller |
Committed |
|
Not Solved (Not Reproducible) |
Failed |
|
Not Solved (Too Costly) |
Failed |
|
Duplicate |
Failed |
|
Known error |
Failed |
|
No resolution provided |
Failed |
|
Resolved by caller |
Committed |
|
Resolved by change |
Committed |
|
Resolved by problem |
Committed |
|
Resolved by request |
Committed |
|
Solution provided |
Committed |
|
Workaround provided |
Committed |
|
User error |
Failed |
statusMap for Change Request
|
Entry key (ServiceNow) |
Value (IdentityIQ) |
|
-1 |
Queued |
|
-2 |
Queued |
|
-3 |
Queued |
|
-4 |
Queued |
|
-5 |
Queued |
|
0 |
Queued |
|
3 |
Committed |
|
4 |
Failed |
Once the configuration information is populated then import the IdentityIQforServiceNowServiceDesk.xml file to create an application.