Autoapprove Servicenow request

so in this LCM workflow i am trying to auto approve if request is coming from servicenow else gor to manager,owner for approval… i am trying to do it this way but issue is even if request is not from servicenow it is getting autoapprove so what modification do i need to do here

<Variable name="approvalScheme">
  <Script>
    <Source>
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.object.Application;
import sailpoint.api.IdentityService;
import sailpoint.tools.GeneralException;
import java.util.List;

// Define constants
String serviceNowAppType = "ServiceNow";  // Application type for ServiceNow
String approvalScheme = "manager, owner";  // Default approval scheme
String userIdAttribute = "sys_id";  // User ID attribute for ServiceNow

// Fetch the identity object based on identityName
Identity identity = context.getObjectByName(Identity.class, identityName);
if (identity == null) {
    throw new GeneralException("Identity not found for identityName: " + identityName);
}

// Check if the request is from ServiceNow
boolean isServiceNowRequest = false;
List links = identity.getLinks();

// Check each link to determine if it's associated with ServiceNow
if (links != null) {
    for (Link link : links) {
        String appType = link.getApplication().getType();
        String appName = link.getApplication().getName();

        // Check for both application type and name to confirm it's a ServiceNow request
        if ((appType != null &amp;&amp; appType.equals(serviceNowAppType)) ||
            (appName != null &amp;&amp; appName.equals("ServiceNow"))) {
            isServiceNowRequest = true;
            break;  // Stop checking if we've confirmed it's a ServiceNow request
        }
    }
}

// Set the approval scheme based on whether the request is from ServiceNow
if (isServiceNowRequest) {
    approvalScheme = "none";  // Auto-approve for ServiceNow requests
} else {
    approvalScheme = "manager, owner";  // Require approval for all other requests
}

return approvalScheme;  // Return the final approval scheme




    </Source>
  </Script>
</Variable>

Hi @autorun6464,

You need to identify the workflow that runs during the request submission and add the logic for the approval scheme. First, verify whether the flow variable is defined in that workflow. if it is, you can then create logic based on that flow variable.

  if(flow.equalsIgnoreCase("ServiceNow Request") ){
      
      return "none";
    }
    else{
      return "manager, owner";
    }

The flow variable is indeed defined, but it can take one of these three values:

1. AccountsRequest
2. EntitlementsRequest
3. RolesRequest

these all three can be from both sailpoint and service now .so how do i identify if it is servicenow or not.

i also do have if that can be use for this

@autorun6464
How are you calling this workflow from Servicenow , are you using the SCIM API of SailPoint calling LaucnhWorkflows?
If so, you have add a unique key and value in the pay load being passed there which will determine the request is from servicenow and use that variable in the workfllow to set the approvalscheme to none

Hi @autorun6464,

When you submit a request in ServiceNow, the process initiates a series of actions that integrate with SailPoint using the SCIM API. This integration facilitates the transfer of all relevant details from ServiceNow to SailPoint, effectively launching a workflow based on the specific type of request you submitted.

Within this workflow in SailPoint, you need to set the flow variable to reference the ServiceNow request. Based on the flow varaible, you can add the logic in approval scheme.

If you require additional assistance, please submit a request in ServiceNow and provide the workflow trace.

i tried this

<Variable name="approvalScheme">
    <Script>
        <Source>
            if (flow != null &amp;&amp; flow.equalsIgnoreCase("ServiceNow")) {
                return "none";  // Auto-approve for ServiceNow requests
            } else {
                return "manager, owner";  // Require approval for other requests
            }
        </Source>
    </Script>
</Variable>

but its going for approval for even servicenow request. as of source and flow i got tgwo of these variable defined if you think i should be changing based on these?

  <Variable input="true" name="flow">
    <Description>The name of the LCM flow that launched this workflow.

        This is one of these three values:

        AccountsRequest
        EntitlementsRequest
        RolesRequest</Description>
  </Variable>
<Variable initializer="LCM" input="true" name="source">

Hi @autorun6464,

Could you please share the accessRequest screenshot from sailpoint and workflow trace?

@autorun6464
Dont approve anything and once the request is created, share the workflow case, also do you have the payload being passed from Servicenow for this workflow invocation

ServiceNow.txt (36.3 KB)
ok this is my entire workflow

Hi @autorun6464,

This is an out-of-the-box (OOTB) LCM Provisioning workflow. It will be triggered when you submit a request from SailPoint. When you raise a request in ServiceNow, it will send the necessary information to SailPoint to execute the defined workflow.

this is my workflow case .but strange thing i notice was in flow.equals(“ServiceNow”) i had this but some how it showing workflow cas ("UnlockAccount
servicenow request.txt (82.9 KB)
")

@autorun6464
I dont see any attribute in your workflow case that can be distinguished as the request is from Servicenow, Please get the payload that is being used at servicenow end to create request in Sailpoint , you have to modify the payload from thier accordingly and add condition in workflow.

this is my payload after submitting request from servicenow

{
    "msgs": {
        "renameSuccessMsg": "Attachment renamed successfully",
        "largeAttachmentMsg": "Attached files must be smaller than 250MB - please try again",
        "delete_attachment": "Delete Attachment?",
        "deleteSuccessMsg": "Attachment deleted successfully",
        "dialogMessage": "Are you sure?",
        "dialogTitle": "Delete attachment",
        "dialogCancel": "Cancel",
        "dialogOK": "Ok",
        "requestSubmitted": "Thank you, your request has been submitted."
    },
    "disable_req_for": true,
    "maxAttachmentSize": 250,
    "action": "checkout",
    "reqForQuery": "active=true^u_employee_typeISNOTEMPTY^managerISNOTEMPTY^nameISNOTEMPTY^user_nameISNOTEMPTY^emailISNOTEMPTY",
    "cart": {
        "sys_id": "decd44551be5961025cca642b24bcb65",
        "delivery_address": "New Zealand",
        "special_instructions": "",
        "name": "DEFAULT",
        "requested_for_display_name": "Testing Snow",
        "requested_for": "f84209091b295610f47153d2604bcbe3"
    },
    "catalogSysId": null,
    "reqForDispCols": "name, user_name",
    "delivery_address": "New Zealand",
    "special_instructions": "",
    "requested_for": "f84209091b295610f47153d2604bcbe3",
    "sessionRotationTrigger": false
}

@autorun6464

Not this payload, payload being used from Servicenow to call Sailpoint workflow which will have plan, request attributes etc.

saipoint request.txt (170.7 KB)

can we do anything with this workflowcase ?

@autorun6464
I dont think we can do much here with workflowcase as mentioned earlier because there is no specific attribute you are passing from Servicenow , usually people will set either flow or atleast comments in the plan with RITM details, in your case, I dont see anything to distinguish the request is coming from servicenow, thats the reason if you can get the payload being used by Servicenow team to call the launch workflow , will check that and see if there is anything that you can use in your workflow

how can i get that payload??like how do i check it . i also wanted to check what payload servicenow is passing to sailpoint while triggering theworkflow.

@autorun6464
You have to check with servicenow team who is invoking the SailPoint workflow