- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-10-2024 06:58 AM
Hi All,
Currently in our environment ServiceNow is fetching the User information from AD, and AD is feeded by Sailpoint IdentityNow. Can you please share the insights, if we can skip and point Sailpoint IdentityNow to sync the User records on ServiceNow? What are the drawbacks about skipping AD? Is it really make sense? Thank you !
Solved! Go to Solution.
- Labels:
-
Architect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-10-2024 02:43 PM
Assume you are not using Single Sign On(SSO) using something like ADFS or Azure AD etc
If you are using only local ServiceNow accounts with passwords stored in ServiceNow, then your approach may work. Typically one will have a SSO tool such as ADFS(AD federated services) or Azure AD etc that in turn talks to a LDAP or Active Directory for user data. The master source of user records are usually the LDAP or AD or Sailpoint. In this case the passwords are not on ServiceNow, only other attributes that are necessary for ServiceNow to function. In our case we have a daily user feed coming from the Sailpoint equivalent.
The benefit of using the LDAP is that it makes your user management in the case of user access re-certificaton of users(joiners, movers, leavers etc) much simpler. If the data changes in LDAP, since the SSO is based on LDAP, the user will have the most updated privileges. For eg: if a user changes their AD password, it does not need to be pushed to ServiceNow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-10-2024 02:43 PM
Assume you are not using Single Sign On(SSO) using something like ADFS or Azure AD etc
If you are using only local ServiceNow accounts with passwords stored in ServiceNow, then your approach may work. Typically one will have a SSO tool such as ADFS(AD federated services) or Azure AD etc that in turn talks to a LDAP or Active Directory for user data. The master source of user records are usually the LDAP or AD or Sailpoint. In this case the passwords are not on ServiceNow, only other attributes that are necessary for ServiceNow to function. In our case we have a daily user feed coming from the Sailpoint equivalent.
The benefit of using the LDAP is that it makes your user management in the case of user access re-certificaton of users(joiners, movers, leavers etc) much simpler. If the data changes in LDAP, since the SSO is based on LDAP, the user will have the most updated privileges. For eg: if a user changes their AD password, it does not need to be pushed to ServiceNow.
