connection between servicenow and azure
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2024 07:23 AM
Guys ,
how do i make a connection between Servicenow and Azure to Pull Azure Security Groups to SNOW?
much appreciated your help in this .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2024 11:02 PM
Hello @pramn,
Please refer to the links below:
https://www.servicenow.com/community/servicenow-impact-forum/integrate-azure-ad-with-servicenow/td-p...
https://www.servicenow.com/community/member-feedback-forum/linking-ad-azure-ad-groups-to-servicenow-...
If it is helpful, please mark it as helpful and accept the correct solution. In future, it might be helpful for someone to refer to this solution.
Thanks & Regards,
Abbas Shaik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2024 11:07 PM
Hi @pramn,
Please follow these below steps:
To pull Azure Security Groups into ServiceNow using a Business Rule, you would typically set up a Business Rule that triggers based on specific conditions (like record creation or updates). Here's how to achieve this:
### 1. **Set Up Azure AD Application**
Follow the steps outlined previously to register an application in Azure AD, create a client secret, and set permissions to read groups.
### 2. **Create a Business Rule in ServiceNow**
1. **Navigate to Business Rules**:
- Go to **System Definition** > **Business Rules** in ServiceNow.
- Click on **New** to create a new Business Rule.
2. **Define Business Rule Properties**:
- **Name**: Provide a name for your Business Rule (e.g., "Pull Azure Security Groups").
- **Table**: Select a table to trigger this Business Rule (e.g., `sys_user` if you want to pull groups when a user is created).
- **When**: Choose when to run the rule (e.g., after).
- **Insert**: Check this if you want it to trigger on record insert.
### 3. **Write the Business Rule Script**
In the **Script** section of the Business Rule, you can write a script similar to the following:
```javascript
(function execute(current, previous /*null when async*/) {
var client_id = 'YOUR_CLIENT_ID';
var client_secret = 'YOUR_CLIENT_SECRET';
var tenant_id = 'YOUR_TENANT_ID';
var token_url = 'https://login.microsoftonline.com/' + tenant_id + '/oauth2/v2.0/token';
var resource = 'https://graph.microsoft.com/.default';
// Request to get the access token
var tokenRequest = new sn_ws.RESTMessageV2();
tokenRequest.setEndpoint(token_url);
tokenRequest.setHttpMethod('POST');
tokenRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
tokenRequest.setRequestBody('client_id=' + client_id +
'&scope=' + resource +
'&client_secret=' + client_secret +
'&grant_type=client_credentials');
var tokenResponse = tokenRequest.execute();
var responseBody = tokenResponse.getBody();
var jsonResponse = JSON.parse(responseBody);
var accessToken = jsonResponse.access_token;
// Request to get the Azure Security Groups
var groupRequest = new sn_ws.RESTMessageV2();
groupRequest.setEndpoint('https://graph.microsoft.com/v1.0/groups');
groupRequest.setHttpMethod('GET');
groupRequest.setRequestHeader('Authorization', 'Bearer ' + accessToken);
var groupResponse = groupRequest.execute();
var groupBody = groupResponse.getBody();
// Parse the groupBody and insert into ServiceNow
var groups = JSON.parse(groupBody).value;
for (var i = 0; i < groups.length; i++) {
var group = groups[i];
// Create a record in a table (e.g., custom table for Azure groups)
var azureGroup = new GlideRecord('u_azure_security_group');
azureGroup.initialize();
azureGroup.u_group_id = group.id; // Map Azure group ID
azureGroup.u_group_name = group.displayName; // Map Azure group name
azureGroup.insert();
}
})(current, previous);
```
### 4. **Test Your Business Rule**
1. **Create or Update a Record**: Perform the action that triggers your Business Rule.
2. **Check the Target Table**: Verify that Azure Security Groups are being inserted into the designated table in ServiceNow.
### 5. **Error Handling and Logging**
Ensure to add error handling and logging to capture any issues. For example, you can log errors using `gs.error()`.
### 6. **Schedule or Optimize Triggering (Optional)**
If pulling all Azure Security Groups on every insert is too intensive, consider using a scheduled job instead of a Business Rule, or refine the conditions for triggering.
By following these steps, you can effectively pull Azure Security Groups into ServiceNow using a Business Rule. Make sure to customize the script and table names as needed for your environment!
Please accept my resolution if it resolves your problem.
Thanks
Jitendra
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2024 11:22 PM