The Challenge: Beyond Standard Integrations
ServiceNow integrations are often a cornerstone of Phase 1 IdentityNow projects. SailPoint offers three primary integrations catering to a range of management, request, and provisioning tasks. While these integrations meet most customer needs, IDMWORKS recently encountered a unique client requirement.
During the creation of a ServiceNow account, the demand was to generate a separate ServiceNow service request rather than using the standard provisioning actions: Enable, Disable, Modify. These operations should be using out-of-the-box connector capabilities, but that was not the case.
Harnessing SailPoint’s Workflow Capabilities
To address this, IDMWORKS leveraged SailPoint IdentityNow’s workflow capabilities. Let’s delve into this solution with a JDBC source scenario.
We crafted a tailored workflow that triggers specific actions based on operations, such as requests from the request center for account creation in the target system. Specifically, we wanted SNOW request creation only for the “CREATE” operation. This workflow integrates with the JDBC generic connector, managing other operations like ‘disable,’ ‘enable,’ and ‘add/remove role.’
The workflow will be intelligently configured to identify and distinguish between various operations performed on the connected source. When a ‘CREATE’ operation is detected, the workflow will automatically trigger the generation of a corresponding SNOW ticket through the SaaS Workflows. For all other operations, such as ‘disable,’ ‘enable,’ or ‘add/remove role,’ the workflow will seamlessly leverage the direct JDBC generic connector. This will ensure that these actions are efficiently executed without any interference from the ServiceNow service desk configuration, streamlining the process and ensuring optimal performance.
This well-crafted workflow allows SailPoint IdentityNow to address diverse operational needs, creating SNOW tickets when necessary and executing other operations using the direct JDBC generic connector. This not only solves the initial challenge but also amplifies the efficiency and adaptability of the SailPoint IdentityNow ServiceNow service desk connector integration.
The Data Flow: A Visual Representation
Below is a data flow diagram showcasing the workflow process:
To effectively meet these requirements, various SailPoint artifacts are employed. Here’s a step-by-step guide to creating this solution:
1. Create a JDBC Source:
To begin, we will set up a JDBC source, which will establish the connection with the external database system. This can be accomplished by following the guidelines provided in the reference: [Building JDBC Source].
2. Write a JDBC Provisioning Rule:
The next step involves crafting a JDBC provisioning rule that will define the logic for creating roles with approval. This rule will govern the provisioning process and guide the system in generating roles and obtaining necessary approvals. For insights on how to build this rule, refer to: [Building JDBC Provisioning Rule].
3. Design the Workflow:
We then construct a workflow that includes a trigger-point that’s based on the request approval decision. The workflow should be configured to activate only when specific criteria, as defined within the workflow trigger step, are met. This step will ensure that the workflow is initiated appropriately and on relevant occasions. For guidance on building workflows, consult: [Building Workflow]
4. Integrating SNOW Ticket Creation:
Suppose you wish to create SNOW tickets directly without integrating the SNOW service desk within IdentityNow. In that case, you can directly call the SNOW APIs to achieve this functionality, by utilizing the relevant SNOW REST API for creating service requests. For information on SNOW REST APIs, refer to: [SNOW REST API to Create Service Request]
By following these steps and the provided references, you effectively create a SailPoint solution tailored to your specific requirements.
Conclusion: The Power of Tailored Solutions
The combination of JDBC source, provisioning rule, workflow, and SNOW API integration will streamline the process and improve the overall efficiency of your SailPoint IdentityNow implementation.
In the realm of identity and access management, the ability to customize and adapt is paramount. The collaboration between ServiceNow and SailPoint, as showcased by IDMWORKS, exemplifies the power of tailored solutions in meeting unique operational demands. By leveraging the right tools and strategies, organizations can not only address specific challenges but also elevate their overall operational efficiency and productivity.
Author: Prasad Uplenchwar, IDMWORKS, Senior IAM Consultant