We are integrating SailPoint ISC with ServiceNow Catalog. As per the documentation, users need to have the ServiceNow role x_sap_intidn.user assigned in order to submit access requests through the catalog.
The documentation provides a script to assign this role to all existing users. However, I am trying to understand how this should be handled for newly onboarded users going forward.
My questions are:
What is the recommended approach to automatically assign the x_sap_intidn.user role to new users in ServiceNow?
Is it possible to aggregate this role into SailPoint ISC as an entitlement and manage it through SailPoint?
If so, can this role be assigned as birthright access from SailPoint to ServiceNow, and what configuration would be required to achieve this?
Are there any best practices or alternative approaches that others have used in production environments?
Thanks. So, does that mean we need to have a group created in the sys_user_group table? We currently have ServiceNow integrated with SailPoint, but we don’t see the entitlement being aggregated into SailPoint.
You can, but you don’t have to. It depends on how your servicenow team prefers to manage access. Some are fine with assigning roles directly, some always want to use groups. There is no right answer.
Are you not seeing that specific role or are you not seeing any roles at all?
The specific ServiceNow catalog group—I assume that, out of the box, the role won’t be present in the sys_user_group table unless a group has been explicitly created. Is that correct?