I am aware that IdentityNow does not have a concept of user input forms which are highly useful for access requests like IIQ has. So what are some innovative ways everyone has worked around this limitation?
One option we were thinking is, if the access request originates in SNOW (via custom forms) then makes an API call to update an identity attribute that holds the value from the form and post which it submits the access request via API as well. So this way, the identity attribute can be fetched in the provisioning plan and thus used for provisioning.
This is at a super high level but would appreciate any new ideas or feedback on this approach.
Can you give an example of this use case? I’m having a hard time following. I don’t have any use cases in my head where someone would need to update an identity attribute at the same time as an access request.
Hey Mark, thanks for your response, we don’t have a use case to update an identity attribute at the same time as an access request. However, to overcome the limitation of no user input forms, we are brainstorming that if the form is hosted in an external system like SNOW, can the data collected in that form anyway be used in the provisioning plan? The first idea that came to mind was since identity attributes are accessible in the provisioning plan, what if we store the data collected in the form in an identity attribute and then update the plan to use the identity attribute.
Hope this makes sense. Again, we are open to ideas about in general what kind of solutions has the community used for overcoming the limitation of no user input forms for access request.
Admittedly I’m not super familiar with provisioning plans, so I’m not sure I can help there. What I will say is ServiceNow is very capable as a front-end, especially if you have someone well-versed at creating catalog items.
You can even go as far as dynamically query IDN for requestable items (be that roles, access profiles, entitlements, etc) on the ServiceNow form when it loads so you don’t have to hard-code them into the ServiceNow variable.