- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello,
I have a requirement to automate user access provision between SailPoint and ServiceNow.
For any new user access, user has to raise a SailPoint request, when approved there, it creates REQ/RITM/SCtask at SN end. In one of the variables of RITM, called 'Request description' will have the value of role approved in the format of "Add ServiceNow Role1;" if one role is requested from the user.
If two roles requested together in SailPoint, after approval, Request description' will contain "Add [ ServiceNow Role1, ServiceNow Role2];" and for 3, Add [ role1, role2, role3];
Based on the role mentioned inside Add [ ], we manually add the users to the respective group.
If we need to automate it, how can we automate it?
One user with multiple roles, how can we achieve it? please share your best possible way and let me know for any further questions.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
This can be automated via Flow Designer Flow. We have done something similar for SailPoint IIQ integration and you can define the process and automate the steps by using out of box integration hub actions and creating an additional custom action.
High level process is as below,
1. User raises a SailPoint request and once approved, it sends a API request to create REQ/RITM/Task(s)
2. Create a custom action to process the payload and fetch list of roles to be added to the user
3. Do a lookup record action and find the user for which roles are to be mapped
4. Use Create record action in sys_user_has_role table to map user to role using foreach loop
5. Do a validation check to confirm update is successful and create error handling and notifications
Above is only for reference and high level guidance. Fine tune the process as per your requirements.
Please note, providing roles at group level is optimal & best practices compared to providing at user level. Create a strategy on how you would like to handle the role mapping and design the solution accordingly.
I hope you appreciate the efforts to provide you with detailed information. If my response helped to guide you or answer your query, please mark it helpful & accept the solution.
Thanks,
Bhuvan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
hello @sudeepta_jana ,
Could you please confirm whether the groups you want to add the user to already exist in ServiceNow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
yes Nehal, they already present.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
This can be automated via Flow Designer Flow. We have done something similar for SailPoint IIQ integration and you can define the process and automate the steps by using out of box integration hub actions and creating an additional custom action.
High level process is as below,
1. User raises a SailPoint request and once approved, it sends a API request to create REQ/RITM/Task(s)
2. Create a custom action to process the payload and fetch list of roles to be added to the user
3. Do a lookup record action and find the user for which roles are to be mapped
4. Use Create record action in sys_user_has_role table to map user to role using foreach loop
5. Do a validation check to confirm update is successful and create error handling and notifications
Above is only for reference and high level guidance. Fine tune the process as per your requirements.
Please note, providing roles at group level is optimal & best practices compared to providing at user level. Create a strategy on how you would like to handle the role mapping and design the solution accordingly.
I hope you appreciate the efforts to provide you with detailed information. If my response helped to guide you or answer your query, please mark it helpful & accept the solution.
Thanks,
Bhuvan
