Creating ServiceNow Tickets on Access Review Revoke Decision for Disconnected Applications

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

We have a disconnected application in SailPoint IIQ test environment. One of the schema attributes, “Report Access,” represents application access. This attribute type is configured as “group” with properties set to “Managed, Entitlement, and Multi-Valued.”
We also created an IT role named “Motor Order To Delivery IT” and a business role named “Motor Order To Delivery BR”. The value “Motor Order To Delivery” in the “Report Access” attribute is associated with the IT role as entitlement, which is further associated with the business role.
We have integrated SailPoint with the ServiceNow Service Desk for disconnected applications to create tickets for provisioning and deprovisioning operations. However, when we initiate a review process (Targeted Certification) for a business role, SailPoint doesn’t create tickets in ServiceNow for revoke access.
During the entitlements access review, if managers decide to revoke entitlements, SailPoint creates a ticket in ServiceNow.
Is there a workaround where, if a manager decides to revoke access for a disconnected application role, SailPoint would create a ticket in ServiceNow?

Can you share more details on how the ServiceNow is integrated for the disconnected applications provisioning ?

One way to do it is by configuring an IntegrationConfig object and handling all the provisioning requests in a java class deployed in iiq. This will trigger all the provisioning operations to the java class where you could call the ServiceNow (either by creating a provisioning plan if SNOW is connected or calling a SNOW web service call)

Hi Abhishek,

“SailPoint IdentityIQ for Service Catalog V2” and “SailPoint Identity Governance Connector” ServiceNow applications are installed at the ServiceNow system.

IdentityIQforServiceNowServiceDesk.xml application has been imported in SailPoint and configuration entries have been updated as per client.

Thanks
Hemant

Hi @nailwalnavistar, have u included the type -Access Review and operation- Revoke in the code?

Can you try to just add entitlements instead of roles in the targeted certification and validate if the ServiceNow ticket is generated or not. It seems that the role revocation is not triggering the entitlement removal.

Hi Abhishek,

Yes, ticket get created in case of entitlements. I’m looking workaround for role in targeted certification.

Thanks,
Hemant

Can you try to run identity refresh task after the certification removes the roles from the user.

Please make sure Refresh assigned, detected roles and promote additional entitlements is checked in the Refresh Identity Cube task

@Hemant-Nailwal Were you able to resolve the issue?
If yes, please mention the solution as it will help me also for my situation?