Configuring IdentityIQ with Ivanti Cherwell Service Desk

This section provides the required information for configuring IdentityIQ with Ivanti Cherwell Service Desk. It outlines some examples that must be used as a reference point for implementation. Some changes may be required to meet the specific use case and expertise around both systems are a must for the successful implementations.

SailPoint provides a default Ivanti Cherwell Service Desk configuration. This configuration implements the integration between IdentityIQ and the Ivanti Cherwell Service Desk to fulfil (fulfilment of the ticket is done manually) creation of tickets based on IdentityIQ access certification remediation events.

The default configuration is located in the following directory, where iiqHome is the location where IdentityIQ was installed:

iiqHome/WEB-INF/config/connector/IdentityIQforIvantiCherwellServiceDesk.xml

Note
Once the following configuration information is populated then import the IdentityIQforIvantiCherwellServiceDesk.xml file. This would create an application.

The configuration must include the following entries:

The base URL of Cherwell Service Management System. For example, https://CSMSiteName.cherwell.com

Authentication method that is supported by the managed system is OAuth2.

The name of the Ivanti Cherwell Application in IdentityIQ from which Cherwell Service Management customers (contact managers) are aggregated. This is required for use by the Plan Initializer.

The ticket type to generate the ticket on Cherwell Service Management system:

  • incident

  • serviceRequest

Supported grant type by the Service Desk System. Select the type of grant from the following:

  • REFRESH_TOKEN

  • PASSWORD

URL for generating access token. For example, https://CSMSiteName.cherwell.com/CherwellAPI/token

Client Id for OAuth2 authentication.

Client secret for OAuth2 authentication.

Applicable if grant_type is selected as REFRESH_TOKEN

A valid refresh token for REFRESH_TOKEN grant type authentication.

Applicable if grant_type is selected as PASSWORD

Service Account username.

Service Account user password.

Provision

Each module would have provision and checkStatus entries as mentioned below:

Entries

Description

resource

Ticket creation rest endpoint. Do not provide the base url in the value. Base url would be appended to this endpoint value. Provide only remaining endpoint URL.

IdentityIQ for Ivanti Cherwell Service Desk: /CherwellAPI/api/V1/savebusinessobject

responseElement

The value is JSON path expression which provides information about where to find ticket number in the response from REST endpoint. For example, $.busObPublicId

request

Map that represents the request payload, which has velocity template expression and velocity variables that would be dynamically updated by integration before making rest call.

requestRootElement

The value represents JSON root element in the request.

requestRootElementType

The value represents JSON root element’s type in the request. For example, JSONObject

busObId

Provide the Business Object ID for Incident business object template from your Cherwell Service Management System. In CSM, Incidents and Service Requests are stored together in the Incident Business Object. For more information, refer to CSM 10.4.0 ITSM Practices: About Incidents and Service Requests.

fields

Provide the list of mapped fields and its value that will be send to Cherwell Service Management System to create tickets. For example, to map the Description from the API response, ensure to provide its sub-attributes as well in the following format to create the ticket.

Copy 
<entry key="dirty" value="true"/>
<entry key="displayName" value="Description"/>
<!-- Provide the Field ID for Description  -->
<entry key="fieldId" value="FIELD ID FOR DESCRIPTION"/>
<entry key="name" value="Description"/>
<entry key="value" value="Ticket submitted by SailPoint IdentityIQ"/>

persist

Set persist = true to actually save the Business Object (ticket request) to the disk.

Check Status

Entries

Description

resource

Ticket creation rest endpoint. Do not provide the base url in the value. Base url would be appended to this endpoint value. Provide only remaining endpoint URL.

IdentityIQ For Ivanti Cherwell Service Desk: /CherwellAPI/api/V1/getbusinessobject/busobid/{BUSINESS OBJECT ID FROM CSM SYSTEM}/publicid/$ticketId

Replace BUSINESS OBJECT ID FROM CSM SYSTEM with the actual value of business object ID (busObId) for Incident business object template as provided under Provision section.

responseElement

The value is JSON path expression which provides information about where to find ticket number status in the response from REST endpoint. For example, $.fields.[?(@.name=='Status')].value

statusMap

Map that relates Ticket System status to IdentityIQ status.

statusMap for Incident

If any changes required in the mapping, change the default value /key values in statusMap as mentioned in the following tables:

Entry key (Ivanti Cherwell Service Management) Status

Values (IdentityIQ)

Assigned

Queued

Closed

Committed

In Cart

Queued

In Progress

Queued

New

Queued

Pending

Queued

Reopened

Queued

Resolved

Committed

statusMap for Service Request

If any changes required in the mapping, change the default value /key values in statusMap as mentioned in the following tables:

Entry key (Ivanti Cherwell Service Management) Status

Values (IdentityIQ)

Assigned

Queued

Closed

Committed

In Cart

Queued

In Progress

Queued

New

Queued

Pending

Queued

Reopened

Queued

Resolved

Committed