Asset Management - End user devices

Imran Shad
Mega Expert

Hello,

We are currently discovering assets through SCCM, Tanium and ServiceNow Discovery in ServiceNow. It does not populate the "Assigned to" field to show who that asset is assigned to. I wanted to know if this can be automated. If yes, we can check our SCCM source.

Thank you.

4 REPLIES 4

Ken Neikirk1
Tera Guru

What SCCM integration are you using?  SCCM 2012 or SCCM 2016?  If you use Service Graph Connector for SCCM, it will automatically populate Assigned To.  

C_N-L
Tera Contributor

Hi Imran,

This is possible and something we have set up however SCCM reports back the last logged on user, which may be different from the actual assignee i.e. if an IT Technician has logged on to build the device or fix an issue, or shared devices.

We're considering swapping this to have 'Assigned To' as a manual entry field and instead use SCCM to populate a 'Last Logged On User' field - this may also help us to identify any breaches in policy whereby a device has been handed over to another user instead of being returned to base.

Joe Ryder
Tera Expert

The real question here is if SCCM, Tanium, or the ServiceNow MID servers create a data point that matches the User profiles in ServiceNow when looking at the device. It's not a universal answer.

There is also good reason not to automate Assigned To from discovery. There is a difference between "Last Logged In User", "Most Frequently Logged In User", and "Assigned Owner" of a hardware asset. Especially for assets where either multiple users might log in over time (including IT technicians doing system maintenance), auto-populating the Assigned To with the discovered user could mean that the person who "controls" the asset is not actually the one listed as the Assigned To delegate. This happens when the last logged in user changes over time and the automation ends up changing the Assigned To field to match. This could be less frequent if using "Most Frequently Logged In User", but even that could change if IT logs in more often than the controller of the asset. Tanium is notorious for listing a local admin profile as the most logged in user instead of the end user, especially if the end user hardly ever logs out.

Even more problematic is creating this for servers. There's not much you can do from discovery to identify who owns an asset. So many people could log into a server with no simple discovery context that it's better to pull in access logs with roles in some sort of transform to a custom table, assuming a connector is not bringing that into a special table.

Rather, it would be best to create a full workflow for device assignment. Example: if a new hire needs a laptop, the request could be initiated in Service Catalog as a New Hire Setup Request, which gets populated with the new hire's ServiceNow User profile once built by HR intake. Then, based on tasks and the flows supporting those tasks, the Assigned To field is populated automatically with the new hire's name. You ensure the Assigned To remains the controller of the asset regardless of who they might let use their asset.

If you want to log all users on an asset, there are other ways to do that in ServiceNow, but it requires customization. I have looked for ways to track logged-in users in an out-of-the-box table and have not found it yet (someone else could correct me here if needed).

Daniel Slocum
ServiceNow Employee
ServiceNow Employee

Hi Imran,

The other responses have correctly identified that you can do this using the Last Logged In User value but I'd like to suggest you mature your Hardware Asset Management practices to include population of the Assigned To value at the time of asset delivery to the end-user. In the base Asset plugin, this is a manual function. In the Hardware Asset Management application, the out of box request flow will set the Assigned To, to the Requested For value when using the out of box asset request catalog item.