Pass attribute to workflow and use it for provisioning

Hi Everyone,

We are using workflow with some criteria to create application account. The request is coming from ServiceNow.
We need to pass some attribute from Service Now to Workflow and use those attributes for provisioning.
Let me know if anyone came across this requirement.

Thanks

Hi @Shikha_123 ,

can you let us know more on what data you will be fetching from service now for provisioning and which connector you are using to provision the accounts.

Thank you.

1 Like

we are using Salesforce OOTB connector.

Hey Shikha, a quick question which operation are you going to use for creation of the source account? As far as I’m aware we can only provision to a disconnected source not a direct connected source. Also, regarding the service now attribute which you need to get in the workflow, you can make that attribute as an identity attribute and then get that in the workflow.

Hi Are you talking of ServiceNow Catalog Integration. If you have to get information about the requested access in ServiceNow initially user should be already present. Here ServiceNow acts as request center and ISC acts as provisioning engine. So, you would not need a workflow here. If the user does not have an account on Salesforce then ISC would look at create profile to create and account and assign the requested access in ServiceNow. For more details regarding the catalog you make check here.

1 Like

You may not be able to provision such attributes directly as there are no such actions available in workflows. However, here are a few work arounds that I could think of.

In all of the below cases, you need to call execute workflow API call from ServiceNow when ServiceNow form is submitted.

Case 1: Set non entitlement attribute on sources.

  1. Have an identity attribute which will be populated using a delimited file source account attribute. Have the identity attribute configured in attribute sync for the sources where it needs to sync to.,
  2. ServiceNow should call delimited file APIs to create an account record with required attribute value. This will result in identity attribute update which in turn results in attribute sync.

Case 2: Entitlement attribute on sources.

  1. Use get access action with the input received from workflow.
  2. Use manage access action to provision the access returned in step 1.

If this is not a one off use-case but a strategic thing, @udayputta 's approach works great here.

1 Like

I’m part of the OP’s team: we are already working on the case 1 as we could only think of this solution but wanted to see if there is any other better and easy way to implement the solution.
Thanks for the response!

1 Like

Thanks for the response.
Unfortunately, client is not in favor of Sailpoint - SNOW Catalog interface!