Configuring Trusted Agent with PowerShell

Role: Administrators.

Minimum Version: Ivanti Neurons for ITSM 2024.2.

You can configure an agent to automate specific tasks or workflows by executing external PowerShell scripts. Using PowerShell script an agent can receive and process requests to execute.

Create a policy

Create a policy to run or configure an agent with PowerShell.

1.Log in to Neurons for ITSM as an Administrator.

2.Open the Configuration console and select Extend > Integration Tools > Trusted Agent Connection.

3.Select New trusted agent connection.

The New trusted agent connection button is enabled only at the first use.

4.Enter a Settings Name and select Policy type as Script.

5.Upload a validation certificate in the Upload validation certificate field. Only .cer file type is accepted.

6.Select Push Policy Settings.

7.Once the policy is created, download these two files - IvantiCloudAgent.exe and IvantiCloudAgent.exe.options to Install the agent.

Keep both the files - IvantiCloudAgent.exe and IvantiCloudAgent.exe.options in the same location to Install the agent.

Upload PowerShell Script

Upload the PowerShell script to execute an agent with PowerShell script.

1.From the Configuration console, select Extend > Integration Tools > Trusted Agent Connection.

2.Select the New PowerShell Execution button.

3.Enter a Settings Name and select a policy from the Trusted Agent dropdown.

4.Upload a signed PowerShell script file for the agent. Only .ps1 file type is accepted.

5.Click Save.

Now you have both Policy and Script for the Agent.

Install the agent

To install an agent:

1.Execute the IvantiCloudAgent.exe file you downloaded after Create a policy .

2.Click Register in the prompt dialog box.

This execution connects the agent engine with the associated policy.

3.Verify the status of the agent from the PowerShell terminal using ".\STAgentCti.exe status" command.

4.Download the settings of the agent policy by parsing the settings using ".\STAgentCti.exe update --checkin".

This downloads the policy settings, changes the Registration State to Registered, and fetches the policy name.

Invoke a PowerShell operation with Trusted Agent

Invoke an agent that executes with PowerShell script to update a business object.

1.Log in to Neurons for ITSM as an Administrator.

2.From the Service Desk console, open the Incident workspace.

3.Open an incident, select More > Edit Actions.

4.Create a quick action using Graphical Action Designer.

By default, Start Block is selected.

5.Enter the Settings details such as Name, Description, Enter Category, Publish To, and UI Options in the Graphical Action Designer.

If the Trusted Agent category is not present in the Enter Category option, add it by typing in Trusted Agent.

6.Drag the Run Program from the Common Actions to the block.

Enter the Block Label.

Select the PowerShell script in the Connection dropdown.

In the Arguments field, specify the argument that needs to be parsed through the Powershell script.

Declare Arguments in the $a, $b format. For example: declare a 10, b 5 variables where the arguments are $a, $b.

Select the Output Field to show the result of the action triggered by the PowerShell script.

7.Link the Start block to the Run Program block and click Save.

8.Go back to the Incident page, click More > TrustedAgent, and select the action you created.

The agent is triggered and the associated incident is updated as per the PowerShell script actions.

Verify Execution

To verify the execution of the agent:

1.From the Configuration console select Extend > Integration Tools > Trusted Agent Monitoring.

2.In the Operational Logs, select a PowerShell executed operation and verify the Log Entry for the associated operation.

The Log Entry displays if the script was successfully executed with the expected result or not.

Upgrade to Hybrid

You can create or upgrade a policy to hybrid with both PowerShell and LDAP features.

1.From the Configuration console, select Extend > Integration Tools > Trusted Agent Connection.

2.Select an existing policy or Create a policy .

3.Select Hybrid from the Policy Type dropdown list.

4.Enter the following information related to LDAP and click Update Policy Settings.

Field Description

Server

The LDAP domain controller host IP address.

Base DN

Optional. The distinguished name for the LDAP object in the LDAP server. This value is not case sensitive.

User Name

If the server requires authentication, enter the LDAP domain server name.

Password

If the server requires authentication, enter the LDAP domain server password.
Encryption Method

Select an encryption method:

No encryption

Use SSL encryption (ldaps://)

Use StartTLS extension

Authentication Type

Select an authentication type:

For No encryption method, select Ntlm.

For SSL or TLS method, select Simple (Basic) authentication.

Api Key

Optional: The SignalR API key required to enable external authentication.

The SignalR API key is required if you want to enable users to login externally, if you do not want to enable external authentication this key is not required. For information on SignalR, see https://learn.microsoft.com/en-us/aspnet/signalr/overview/getting-started/introduction-to-signalr.

1.Generate the API key. See Add a New Connection.

2.Paste the generated API key into this field.

When the key is provided, and the LDAP settings are pushed successfully, the Enable Authentication switch is displayed.

screenshot of the external authentication selector

This switch can be toggled ON after the Trusted Agent is installed. If you toggle the switch ON before the Trusted Agent is installed a warning is displayed. See Enable External Authentication.