Create Joiner/Leaver Tickets into an ITSM from SailPoint ISC

Identity Security Cloud (ISC) ISC Discussion and Questions
1

We have already integrated an ITSM system for provisioning certain application categories in SailPoint.

Now, we have a new use case: we need to create Joiner and Leaver tickets. These tickets have different content from the generic application-related tickets and belong to a separate catalog.

For this use case, we are considering two possible solutions :

  1. Using Existing SDIM configuration :
  • Leveraging the existing integration, we would create a delimited file source with a generic entitlement.
  • We would then attempt to customize the ticket content for that source using Velocity script logic.
  1. Using Custom Workflows:
  • Instead of relying on the existing ITSM integration, we are considering directly calling the API to create the Joiner and Leaver tickets when needed via Workflow

Has anyone had experience with similar use cases? Any insights or recommendations would be appreciated.

2

SDIM is to create tickets for Disconnected applications or if a business application is not ready to give you write permission.

For Joiner, Leaver once the Provisioning process is completed, you would like to create ticket then you should use Workflows.

By any chance are you think of not Automated Provisioning for Joiner and Leaver ?

– Krish

3

We used workflows to accomplish this, especially since each source required its own criteria/trigger/etc.

4

@KRM7 In our already implemented Joiner, Mover, Leaver process, we have several functionalities, such as notifications to different teams and provisioning access to various targets.

We have already integrated SDIM to manage certain categories of applications.

However, an additional requirement is to create a separate ticket in an ITSM system to announce a user’s arrival or departure, independently of any specific application.

We would like to know whether it is better to adapt the SDIM configuration to meet this requirement or to use a workflow instead.

5

@vkashat, did you create multiple workflows? Is your workflow dependent on a specific target system?

I have another question: Is your ITSM hosted locally or in the cloud?

In our case, the ITSM is hosted locally, and I’m unsure whether using a workflow would allow communication with our ITSM.

With SDIM, we can select VAs Clusters, but this option is not available in workflows.

Thanks.

6

@sharvari any idea ? I see some of usecases that you already implemented by using ServiceNow

7

As I mentioned, SDIM is to create tickets to provision disconnected sources.

You need to use workflows if you would like to create ticket after a provisioning operation is completed through Joiner/Mover/Leaver.

Workflows (HTTP Request Action) is in cloud, so if you have your ITSM in cloud, you can just use it by making API calls. If your ITSM is in your org network then you need to rely on VAs.

1 Like
8

@KRM7

Thanks for your feedback.

Yes, I understand the main idea of SDIM. However, we have already used them before the integration of the workflow to handle similar cases.

Our approach involved:

  1. Creating a delimited file
  2. Assigning a generic entitlement to it
  3. Including this entitlement in a role
  4. Customizing the ticket accordingly

But as suggested we will continue this process with the workflow.

As you mentioned, “if your ITSM is in your org network, then you need to rely on VAs.”
Is there any existing workflow option (specifically within the HTTP Request Action option) that can help us integrate with VAs?

  • Is this reliance on VAs automatic ?
  • How can we establish this connection to VAs ?
9

We did create multiple workflows, per source and per operation (joiner/leaver/mover). Our ITSM is in the cloud, but some ITSMs still have API’s you can use even if hosted locally, you’d have to check on that though.

10

After investigatin, we validate that in our use case we cannot use Workflows because our ITSM in hosted in onpremise.

So, we used a generic source to manager thisJoiner and Leaver tickets.

11

Hello Everyone,

I have a similar request where I need to create a ticket in the ITSM application, but ITSM application here is in cloud. and current configuration of JML is done by Rapid Setup, where it need to create the ticket only for joiner and leaver.

and ITSM application have API to create request the ticket.

in my case should I go with the generic SDIM connector
or should I have to use the post joiner or leaver rule to achieve the requirement.

what will be the best approach, in my condition.

Any suggestion will be helpful.

Thanks,
Md Riyazuddin