Flow and Workflow to create incident when a user is added to a group after a LDAP Scheduled Load

Nathan Okh
Mega Sage

‎03-22-2024 04:34 PM

I am having trouble with these simple flows to create an incident after a LDAP Scheduled Load adds a user to a Group. I'm assuming a new record in sys_user_grmember.list will be a Trigger but it will not work. I have built a Workflow that works best so far. 

NathanOkh_0-1711149946195.png

 

NathanOkh_1-1711150500746.png

 


This will create an incident in 3 different ways, however it will not kick off a ticket after a Scheduled LDAP Load of our Group memberships adds a new record to the sys_user_grmembership.list table which is should... 

Any help?

 

0 Helpfuls
  • 629 Views
1 REPLY 1

Deepak Shaerma
Kilo Sage

‎03-22-2024 09:07 PM

Hi @Nathan Okh 

Creating an incident whenever a user is added to a group after an LDAP scheduled load in ServiceNow can be accomplished by utilizing either the Legacy Workflow Editor or the newer Flow Designer. Both methods involve listening for an event or a condition that indicates a user has been successfully added to a group during the LDAP sync process.

### Using Flow Designer

1. Trigger: The Flow Designer does not directly integrate with LDAP events, so you will need to design a workaround. One approach is to trigger the flow based on an update to the User [sys_user] or Group Member [sys_user_grmember] table. You can use a condition that checks for a recent update timestamp or a specific group sys_id that matches the LDAP-loaded group.

2. Conditions: Check that the operation is an “insert” operation, meaning a new group member has been added, and not just an update to an existing member. You might need to use a script or advanced conditions for this. If you’re specifically looking for changes due to LDAP imports, you might also add date-time conditions to match your LDAP import schedule closely.

3. Actions: If the condition is met (a user is added to your specified group), create an Incident using the “Create Record” action in the ServiceNow Flow Designer. Populate the necessary fields of the Incident form, such as Short Description, Caller, Assignment Group, etc. You may use dynamic data from the trigger event, like the user name or group name, in the incident description or other fields.

### Using Workflow Editor (Legacy)

1. Start Condition: Similar to the Flow Designer, Workflow does not have a direct trigger for LDAP load events. You can set the workflow to start when a record is inserted into the Group Member [sys_user_grmember] table. Carefully craft the conditions to filter group additions that come from LDAP syncs, perhaps using similar logic regarding timestamps or specific groups.

2. Activities: Use the “Create Record” activity within the workflow to create an incident. Configure the activity to populate the incident’s fields based on the user/group information from the trigger record.

3. LDAP Sync Considerations: To specifically tie this action to an LDAP sync operation, you may have to implement custom logic or a custom field that flags users/groups updated via LDAP. ServiceNow’s LDAP integration does not, by default, flag changes made specifically during an LDAP sync, so distinguishing these from other updates can be challenging.
Note: Please Mark this Helpful and Accepted Solution. If this Helps you to understand. This will help us a lot.
Thanks & Regards 
Deepak Sharma


0 Helpfuls