Azure AD roles in ServiceNow

aryanjain25
Giga Guru

‎10-01-2024 06:14 AM

Hi,

Is there a way to transfer or connect Azure AD user roles and groups to ServiceNow? Also is there a way to automate this process?

 

Thanks,

Aryan Jain

0 Helpfuls
  • 1,124 Views
3 REPLIES 3

Rajesh Chopade1
Mega Sage

‎10-01-2024 06:27 AM

hi @aryanjain25 

 

You can use Azure AD as an identity provider for ServiceNow. This can be done using OAuth or SAML for authentication, which allows you to manage users in Azure AD and have those users provisioned in ServiceNow.

 

ServiceNow provides connectors for Azure AD through the IntegrationHub. This allows you to integrate various Azure services with ServiceNow and can include user and group provisioning.

 

You can create a custom integration using Azure's Microsoft Graph API to extract user roles and groups, and then use ServiceNow’s REST API to create or update users and their roles/groups.

 

To automate the process, you can register an application in Azure AD to get the necessary permissions for accessing the Microsoft Graph API. Use the Graph API to fetch users and their roles/groups. 

 

Create a scheduled job in ServiceNow that will run a script at defined intervals (e.g., daily or weekly) to fetch data from Azure AD. Use the ServiceNow REST API to create or update users and roles based on the data fetched from Azure AD.

 

Example script for scheduled job - This script could use the HTTPClient class to make requests to the Azure Graph API and process the results:

var client = new sn_ws.RESTMessageV2();
client.setEndpoint('https://graph.microsoft.com/v1.0/users');
client.setHttpMethod('GET');
client.setAuthentication('OAuth', 'YOUR_ACCESS_TOKEN');

var response = client.execute();
var responseBody = response.getBody();
var jsonResponse = JSON.parse(responseBody);

// Loop through users and update ServiceNow records accordingly
jsonResponse.value.forEach(function(user) {
    var gr = new GlideRecord('sys_user');
    gr.get('email', user.mail); // Assuming you're using email to match
    if (gr.isValidRecord()) {
        // Update user roles or any other information
        gr.setValue('your_field', user.someProperty);
        gr.update();
    } else {
        // Create new user if not found
        gr.initialize();
        gr.setValue('email', user.mail);
        gr.setValue('name', user.displayName);
        gr.insert();
    }
});

 

i hope my answer helps you to resolve your issue, if yes please mark my answer helpful and correct.

thank you

rajesh

 

Avaneesh Pandey
Tera Contributor

‎10-01-2024 06:36 AM

Yes

You can integrate Azure Active Directory (Azure AD) with ServiceNow to transfer or connect Azure AD user roles and groups. This integration allows you to control access to ServiceNow from Azure AD, enable automatic sign-in with Azure AD accounts, and manage accounts centrally in the Azure portal
To set up the Azure AD integration, follow these steps available in this KB Article (https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0960680)


*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting "Accept as Solution" and " Helpful." This action benefits both the community and me.

0 Helpfuls

AndersBGS
Tera Patron
Tera Patron

‎10-01-2024 07:09 AM

Hi @aryanjain25 ,

 

Can you try to give some more context to your question? What issue is it that needs to be solved? 

 

f my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.

 

best regards

Anders 

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

0 Helpfuls