User access provisioning

sudeepta_jana
Tera Contributor

Hello,

I have a requirement to automate user access provision between SailPoint and ServiceNow.

For any new user access, user has to raise a SailPoint request, when approved there, it creates REQ/RITM/SCtask at SN end. In one of the variables of RITM, called 'Request description' will have the value of role approved in the format of "Add ServiceNow Role1;" if one role is requested from the user.

If two roles requested together in SailPoint, after approval, Request description' will contain "Add [ ServiceNow Role1, ServiceNow Role2];" and for 3, Add [ role1, role2, role3]; 

Based on the role mentioned inside Add [ ], we manually add the users to the respective group.
If we need to automate it, how can we automate it?

One user with multiple roles, how can we achieve it? please share your best possible way and let me know for any further questions.

1 ACCEPTED SOLUTION

Bhuvan
Kilo Patron

@sudeepta_jana 

 

This can be automated via Flow Designer Flow. We have done something similar for SailPoint IIQ integration and you can define the process and automate the steps by using out of box integration hub actions and creating an additional custom action.

 

High level process is as below,

 

1. User raises a SailPoint request and once approved, it sends a API request to create REQ/RITM/Task(s)

2. Create a custom action to process the payload and fetch list of roles to be added to the user

3. Do a lookup record action and find the user for which roles are to be mapped

4. Use Create record action in sys_user_has_role table to map user to role using foreach loop

5. Do a validation check to confirm update is successful and create error handling and notifications

 

Above is only for reference and high level guidance. Fine tune the process as per your requirements.

 

Please  note, providing roles at group level is optimal & best practices compared to providing at user level. Create a strategy on how you would like to handle the role mapping and design the solution accordingly.

 

I hope you appreciate the efforts to provide you with detailed information. If my response helped to guide you or answer your query, please mark it helpful & accept the solution.

 

Thanks,

Bhuvan

View solution in original post

3 REPLIES 3

Nehal Dhuri
Mega Sage

hello @sudeepta_jana ,
Could you please confirm whether the groups you want to add the user to already exist in ServiceNow?

Please hit like and mark my response as correct if that helps

yes Nehal, they already present.

Bhuvan
Kilo Patron

@sudeepta_jana 

 

This can be automated via Flow Designer Flow. We have done something similar for SailPoint IIQ integration and you can define the process and automate the steps by using out of box integration hub actions and creating an additional custom action.

 

High level process is as below,

 

1. User raises a SailPoint request and once approved, it sends a API request to create REQ/RITM/Task(s)

2. Create a custom action to process the payload and fetch list of roles to be added to the user

3. Do a lookup record action and find the user for which roles are to be mapped

4. Use Create record action in sys_user_has_role table to map user to role using foreach loop

5. Do a validation check to confirm update is successful and create error handling and notifications

 

Above is only for reference and high level guidance. Fine tune the process as per your requirements.

 

Please  note, providing roles at group level is optimal & best practices compared to providing at user level. Create a strategy on how you would like to handle the role mapping and design the solution accordingly.

 

I hope you appreciate the efforts to provide you with detailed information. If my response helped to guide you or answer your query, please mark it helpful & accept the solution.

 

Thanks,

Bhuvan