We are using SailPoint IdentityIQ (IIQ) integrated with ServiceNow via ServiceDesk Integration. Currently, ServiceNow tickets are being generated for all provisioning activities. Our requirement is to skip or avoid ServiceNow ticket creation for all provisioning activities except revocation.
For non-revocation provisioning (such as access requests, batch requests, joiner/mover/leaver events), instead of creating ServiceNow tickets, we want IdentityIQ to create manual WorkItems for processing. ServiceNow ticketing should be triggered only for revocation actions.
If anyone has implemented a similar use case or has guidance on the best approach (workflow customization, ServiceNowServiceIntegration rule, provisioning plan manipulation, or any other supported method), please share your inputs.
You can do this cleanly in PlanInitializerScript for the ServiceNow ServiceDesk integration.
Approach
In the ServiceNow SDIM config, add/modify the PlanInitializerScript. SailPoint explicitly supports using this script in the ServiceNow ServiceDesk configuration.
In that script, filter the plan so the ServiceDesk integration only receives revocation operations (REMOVE/DELETE/DISABLE depending on how your revokes are represented). Everything else you either:
remove from the plan (so no ServiceNow ticket is created), and
handle via a separate workflow path that creates a manual WorkItem for fulfillment.
This aligns with the guidance already posted in the thread (“manage it in PlanInitializerScript… clear plan for specific Operation”).
In short
Iterate plan.getAccountRequests()
Keep only requests where operation is revoke-type
Drop the rest (or route them to manual WorkItem flow)
Is that satisfying your request please let is know