Anybody leveraging CMDB & certifications for service account management at your organization?

Josh Baumann
Tera Contributor

We are looking to provide a solution to our IT security team to help manage service accounts.  We've got thousands of service accounts created over years with limited, legacy information.  The security group is working on a highly manual process to get updated information (owner, validate use/need).  We'd like to help leverage CMDB by importing this information into the cmdb_ci_service_account class with attributes (either available from import or added in SN) that define owners, related servers and setup a data certification process to ensure owners are reviewing and updating the information on a regular basis.  

This seems like a pretty common use case others may have but I haven't found information on community or knowledge conference presentations about others leveraging the tool in this way.  Has anyone else done this?  Anyone else interested leveraging the platform for this need?  

2 REPLIES 2

CMDB Whisperer
Mega Sage
Mega Sage

In a prior company we had Service Account CIs in our CMDB, which was used for managing information about access to cloud accounts for use in automation.  In general I would say that the fields available on that class were not adequate so it required a lot of customization, and it also begged the question of whether the data stored in those fields should have special access controls to maintain security policies.  So as a CMDB owner I did not find either of those conditions to be ideal, but it was certainly doable.


The opinions expressed here are the opinions of the author, and are not endorsed by ServiceNow or any other employer, company, or entity.

Appli
Mega Sage
Mega Sage

Hi, probably you can consider using PAM type of the solutions (like CyberArk) as setting up a custom data certification process for records in SN CMDB may not be that obvious task.  Just adding required fields and manually populating those with owners, server relationships etc should not be that complex indeed.

Hope it helps

Hope it helps