- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-24-2018 07:34 AM
We are using azure integration to create users, groups and group members.
Upon configuring the system, we found that if the cmn_department table was populated with same values as what are in azure, the department field on the user record populated properly, however if the value on the user record in azure does not exist in cmn_department, the user record would not be updated.
On a typical transform map, you can set "choice actions" to create, ignore and reject. If "create" is chosen, the transform map will create the necessary values in your table (much like discover creates new core_company records). However, i cannot seem to find where to set up ServiceNow to "create" new departments that come over on a user record from azure.
Can anyone point me to a resource or explain what needs to be done (and if it should be done on the IDP transform map).
Thanks
John
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-10-2019 10:59 AM
Hi John,
I've stumbled on your question here a year later with (I think) the same goal in mind: use Azure AD User Provisioning to add/create Departments that don't exist within your ServiceNow instance.
ServiceNow posted a Knowledge Base article that says that the Azure AD User Provisioning service is able to update sys_user or sys_group tables, but NOT cmn_ tables (such as cmn_department). Here's a link to the article that includes more information: https://hi.service-now.com/kb_view.do?sysparm_article=KB0655991
Another point I'd like to touch on was when you said "however if the value on the user record in azure does not exist in cmn_department, the user record would not be updated" - I believe this might be due to your setup in Azure AD. If you navigate to the ServiceNow integration from Azure AD, go to Manage > Provisioning > Mapping and click the name of the attributes mapping (ours is "Synchronize Azure Active Directory Users to ServiceNow"). Find Department on the list and click on it. If "Match objects using this attribute" is set to Yes, then I believe it will cause the behavior of skipping the update on the entire user record. I have this toggled to No and all of our users profiles are updated, albeit with many errors where the Department field doesn't align with what's available in ServiceNow (due to a bigger issue with how our HR system tracks and feeds Departments and Business Units into AD).
Given the amount of time that has passed, I'm not sure that this response will prove useful to you, but I hope it will benefit others such as myself who stumble upon your question in the future. Did you ever resolve this?
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-20-2021 10:35 AM
Thank you:)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-07-2022 12:08 PM
I know this was posted over a year ago, but our solution has been map the azure department and location attribute to the user table in two custom string fields. For example, Azure Department and Azure Location. Then, have business rules check the location/department from those string fields, and update the location/department field. Below is a business rule I use for department.
(function executeRule(current, previous /*null when async*/) {
//Condition Azure Department changes and Azure department is not empty
var oktaDepartment = current.u_okta_department;
var dep = new GlideRecord("cmn_department");
if(dep.get("name", oktaDepartment)){
current.department = dep.sys_id;
} else {
dep.initialize();
dep.name = oktaDepartment;
var newDep = dep.insert();
current.department = newDep;
}
})(current, previous);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-10-2024 01:55 PM
Did you consider leveraging Dynamic creation for reference fields?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2022 02:15 PM
Hi, did you find something?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-26-2022 12:55 AM
Hi All,
I am in 2022 and still there is no correct way to do this . Lookups or choices cannot be transformed.
Additionally i have another problem. For the Aziure User Provisioning , Azure requires a ServiceAccount with System Admin Roles to be created in ServiceNOW.
Ours is a MSP ( domain seperated ) instance , provising a ServiceAccount with Admin access for User Provisioning is restricted by Design ( as it can modify accounts in all domains) .
We tried with Highest possible roles inside the Domain but Azure conector fails and gives error message.
Anyone faced this ? Any solution ?
MS has replied they dont have any plans to change the Pre requisite on Integration Account .
LINK to AZURE DOC.
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/servicenow-provisioning-tutorial#prerequisites