Policy Change Request - ServiceNow Integration
Note that this feature does not currently support SSO for Service Now clients. If using SSO, a full Service Now user account must be made available for users to be able to submit the Policy Change Request to Service Now.
ServiceNow and Application Control integration enables optimized and fully audited request handling. This functionality has been available from the 2022.1 release and later.
Prior to working in Application Control, a new ServiceNow instance needs to be created.
The configuration tasks - and the functionality available to end users as a result - are summarized in the following table:
|Application Control - Administrator Tasks||ServiceNow - Administrator Tasks||Application Control - Endpoint User Functionality|
Configure access to the ServiceNow server and the options available to end users when they raise a change request.
Manually configure the request offering and request form in ServiceNow. Ensure the workflow performs as expected.
Create and submit Policy Change Requests, monitor the status of requests as required.
The status of all service requests is changed according to its processing within the ServiceNow workflow. The number of different stages used in the process - and name used to describe each status - is configured within the ServiceNow system.
Typically, when a service request is first raised, it is in the Submitted state, and only when it has been reviewed and analyzed against a set of criteria will it be Approved or Denied.
Only service requests in the Approved state are fulfilled by Application Control.
Policy Change Request Options - ServiceNow Integration
Policy Change Request options allow you to enable or disable end user access to the Policy Change request feature, and determine the request template available to them. The options determine how requests are communicated to the Ivanti Neurons for ITSM system and also what selection choices end users have when creating change requests.
Authentication accounts must be configured in ServiceNow before the Application Control integration.
From the Menu ribbon select Global Settings > Policy Change Request Options, then select the ServiceNow Integration tab:
Specify details needed for ServiceNow (instructions on where to find these details are below):
URL – which server you want to point at
Client ID – credentials
Client Secret – password
Next, Login to ServiceNow as an authenticated user. The authentication in ServiceNow must be configured prior to this step so that the correct permissions are assigned when logging in through Application Control.
Now, Browse for Catalog Items (lower left), and find the Application Control Catalog Item, select it and click OK.
The end user needs to login before they can connect to ServiceNow. When the user has successfully logged in, Application Control stores the username and refresh token encrypted in %programdata%. The end users's password is not stored. This means on each subsequent login, the refresh token can be used so the end user does not need to login each time.
This refresh token has a default lifespan of 100 days. That can be changed when the Application Control OAuth token is created.
Each end users' refresh token is visible in the System OAuth > Manage Tokens menu item. The admin can choose to revoke the token at any time, although the tokens do not have a username associated with them:
On returning to the ServiceNow tab, the Application Control Catalog Item has been added to the list and can be assigned to one or more devices:
Configure ServiceNow to be compatible with Application Control
The steps for configuring ServiceNow are listed in Creating a new Catalog Item in ServiceNow.
Once these steps are accomplished, the ServiceNow catalog will show an item for Application Control.
Select the Application Control Catalog Item and Edit.
Create the Application Control workflow per the ServiceNow documentation.
Set up anything else that you need, then Save.
ServiceNow is configured for endpoint user requests, see Next Steps for instructions on the requests themselves.
Endpoint User Approval Requests
When a request is made by an endpoint user, an instance can be set up for them and then found in the ServiceNow Open Records > Items list:
For each item, the variables have been pre-populated. The relevant authorizer will log in and approve or deny as required:
To finish setting up the configuration, set the Policy Change Request options for the endpoint.