Walk-up Experience - sn_walkup.walkup_login issues

Lela Miller · ‎07-20-2022

My team has inherited support of a project surrounding the Walk-up Experience product that was initially set up by a contracted team almost two years ago. Thankfully the product is, for the most part, fully built and ready for use, but the agency it was built for ended up not wanting it, and a new agency is now interested in using it - which means that we've had basically no experience with supporting Walk-up Experience since it was implemented for us.

We are trying to test the scheduling/check-in functionality to get a better idea of the changes that a walk-up ticket undergoes over the life of an appointment so that we can try to meet some of the requirements of this new agency, but we are having trouble accessing the "kiosk view" of the walk-up portal that was built - the page that has the option to queue in line, check in from a previously-booked appointment, or participate in a survey. We're receiving an error like "Sorry, you are not authorized to access the walk-up pages. For security reasons, walk-up pages are limited to users with the sn_walkup.walkup_login role only." when we try to queue, and nothing at all when we try checking in for a booked appointment.

So I looked into that, and the remedy is simple - use a user account that only has sn_walkup.walkup_login and snc_internal. Easy. The only problem is, adding sn_walkup.walkup_login to a user is automatically adding snc_external to any user we try, and I'm not sure how in the world this is being determined. I have almost no experience with this application, so any insight that you can provide would be wonderful.

TL;DR: Adding sn_walkup.walkup_login is also adding snc_external and is subsequently blocking my ability to access and use the on-site portal

Community Alums · ‎07-20-2022

Hi @Lela Miller ,

This is expected behavior. Only users with the sn_walkup.walkup_login role can access these portal pages. This was done for security purposes as the portal pages are exposed on a device like tablet. It was an engineering decision to restrict the access given to the walkup login users only.

Resolution

There are two ways to access these portal pages:

Create an ESS user and assign 'sn_walkup.walkup_login' role; impersonate ESS user to access the portal. (NOTE: There is logic in place that will prevent assigning this role if the user already has some other role assigned), or
A new user, 'Walkup User', is included with the Walk-up plugin. Admin/Maint can impersonate this user to access the portal pages.

Additional Information

The sn_walkup.walkup_login role cannot be added to a user who already has a role.

Refer: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0694562

Mark my answer correct & Helpful, if Applicable.

Thanks,
Sandeep

Lela Miller · ‎07-21-2022

Hi, thanks for the reply.

Unfortunately this doesn't help. I already understand the info you posted. I have tried both of the steps that you have mentioned. Our 'Walkup User' has snc_external applied along with the walkup_login role, and I have no idea of how to make it go away because, as I stated in my initial post, ServiceNow is bundling the snc_external role to apply automatically when sn_walkup.walkup_login is applied.

I tried making a new user and applying only the walkup role as well, but again, snc_external was automatically added as well.

I understand what SHOULD be happening, I understand the logic behind 'I can only have this role to access this page.' The problem is that it is currently impossible with the way the instance is handling this particular role.

Community Alums · ‎07-22-2022

Hi @Lela Miller ,

As i mentioned in my answer above, this is designed to work like how it's working with the access, we cannot do anything.

Also, if you try creating a custom role using "sn_walkup.walkup_login ", you are not allowed to create so as well.

Hence, Unfortunately we will have to live with it.

Mark my answer correct & Helpful, if Applicable.

Thanks,
Sandeep

Lela Miller · ‎07-23-2022

Hi Sandeep,

I feel like maybe we're not on the same page. I'm FINE with how the rules are supposed to work regarding this sn_walkup.walkup_login role, I'm not trying to change how it operates, nor do I want to.

Let me put it this way: the included Walk-up User that is OOB on the instance should have NO problem accessing pages on the walk-up experience, right? However, when I impersonate this Walkup User and try, say, accessing the queue of a location, here is the message I receive.

Reminder: This is using the OUT OF BOX, INCLUDED USER that should be allowed to access these portal pages, no problem. I am not accessing as myself, but as Walkup User.

So let's check the roles on the Walkup User, who has not been edited at all since we started this plugin:

They have snc_external, and sn_walkup.walkup_login. My current experience with our instance is that I cannot have one of these without the other, as I am UNABLE to remove only snc_external, and this is actively preventing this user from accessing walkup pages.

I apologize for repeating my points over and over, but the info I'm being provided with is not answering my specific questions or providing any info I do not already know.