Hi All,
Is it possible to pass the Reviewer comments given during to Certification Campaign to the ServiceNow ServiceDesk tickets.
Hi All,
Can anyone please help with this? Is it possible or not?
Short answer - No
Longer answer -
The ticket that gets created in ServiceNow has a reference to the account activity
However, the account activity itself does not have a direct reference to the campaign.
{
"completed": null,
"completionStatus": "PENDING",
"type": "AccountAttributeUpdate",
"requesterIdentitySummary": {
"id": "2c91808673a17dd60173baacbdd651d3",
"name": "Mark Cheek"
},
"targetIdentitySummary": {
"id": "2c91808673a17cd50173baa1511c4218",
"name": "Amanda R"
},
"errors": null,
"warnings": null,
"items": [
{
"id": "150c5e765ad24c5293087b73396d80e5",
"name": "150c5e765ad24c5293087b73396d80e5",
"requested": "2024-02-07T15:50:54.543Z",
"approvalStatus": null,
"provisioningStatus": "PENDING",
"requesterComment": {
"commenterId": "2c91808673a17dd60173baacbdd651d3",
"commenterName": "Mark Cheek",
"body": "Certification remediation for Identity: 358781 Certification: a4e008d905834db288ccc22d96c7759e (Identity Access Review for Mark Cheek - Test Revoke)",
"date": "2024-02-07T15:50:54.545Z"
},
"reviewerIdentitySummary": null,
"reviewerComment": null,
"operation": "REMOVE",
"attribute": "Role",
"value": "DJ BASIN",
"nativeIdentity": "arod",
"sourceId": "2c91808681a6c2b30181b5dd7491309c",
"accountRequestInfo": null,
"clientMetadata": null,
"removeDate": null
}
],
"executionStatus": "EXECUTING",
"clientMetadata": null,
"id": "8415191bf2a748d0bbbd9a543b4a0c60",
"name": "8415191bf2a748d0bbbd9a543b4a0c60",
"created": "2024-02-07T15:50:54.545Z",
"modified": "2024-02-07T15:51:01.770Z"
}
Note that I said there is no direct reference. You can see in the items[0].requestorComment.body property, the value does have the Id of the certification campaign, but it would require a little bit of parsing, and you never know when that template might change.
But for sake of example, let’s continue.
If you use the list-access-review-items API endpoint, you can plug in the following parameters to the filters query parameter to get the task you need
GET /v3/certifications/a4e008d905834db288ccc22d96c7759e/access-review-items?filters=identitySummary.name eq “Amanda R” and access.name eq “DJ BASIN”
All the parameters above are available in the account activity
From there, the comments are in the comments property value
[
{
"id": "1a2e1084b3e64083a1364ea2f8e71910",
"completed": true,
"newAccess": true,
"decision": "REVOKE",
"comments": "Here is my comment - they no longer need access",
"accessSummary": {
"access": {
"type": "ENTITLEMENT",
"id": "2c918083818c1d510181b5e29d1f50c7",
"name": "DJ BASIN"
},
"entitlement": {
"id": "2c918083818c1d510181b5e29d1f50c7",
"name": "DJ BASIN",
"description": null,
"privileged": false,
"owner": null,
"attributeName": "Role",
"attributeValue": "DJ BASIN",
"sourceSchemaObjectType": "group",
"sourceId": "2c91808681a6c2b30181b5dd7491309c",
"sourceName": "WellReadiness DB",
"sourceType": "JDBC",
"hasPermissions": false,
"isPermission": false,
"revocable": true,
"cloudGoverned": false,
"account": {
"nativeIdentity": "arodriguez3",
"disabled": false,
"locked": false,
"type": "ACCOUNT",
"activityInsights": null,
"id": "4c4a1deb27e243c6b4851e74e3377c59",
"name": "arodr",
"created": "2023-09-19T14:00:30.043Z",
"modified": "2023-09-19T14:00:30.953Z"
},
"dataAccess": null,
"containsDataAccess": false
},
"accessProfile": null,
"role": null
},
"identitySummary": {
"id": "0ddf8875654642918de3a642420d188a",
"name": "Amanda R",
"identityId": "2c91808673a17cd50173baa1511c4218",
"completed": true
}
}
]
Even with all that, it’s really not easy or in my opinion reliable to do this. I’m curious to hear from @developer_advocates on the following
-
Account activities spawned from Certification campaigns do not contain a direct reference to the certification campaign, it must be parsed from the middle of a sentence that we don’t know will ever change or not. Is the requestor comment fed from the certification and thus controlled by that side?
-
The filterable attributes for list-identity-access-review-items mentions identitySummary.id, which one would assume is the identityId of the identity being reviewed. However, that’s not the case as you can see here, so you have to rely on display name, which is not reliable. Can you explain the difference?
"identitySummary": {
"id": "0ddf8875654642918de3a642420d188a",
"name": "Amanda R",
"identityId": "2c91808673a17cd50173baa1511c4218",
"completed": true
}
Curious if anyone on the devrel team has heard of this use case. I’ve seen an idea before on requests from Request Center that create a ServiceNow ticket, but not on Certifications.
ETA: There is an idea out there for this, GOV-I-1343
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.