Service Desk integration Deep Dive

Hello Community!

I am implementing a Service Desk integration and, after checking the documentation, I still have some questions.

VARIABLES

1. We know about $plan, $plan.requests and $request.items variables. For both the requester and the requestee, we need to recover additional information like Center of Cost, Org Unit, OU Description, … and write them automatically in the ticket. Is this possible and how?

2. If not possible, what alternatives do we have?

3. Is it possible to include in the tickets the Requestor comments? How?

4. Is it possible to include in the tickets the Approvers comments? How?

5. Does anyone have the entire list of variables at our disposal in Service Desk intergrations?

ACCESS ITEM REQUESTS

1. When requesting an Access Profile, is it possible to retrieve all its Entitlement data (name, description, id, …) and write it in the ticket?

2. When requesting a Role, is it possible to retrieve all its Entitlement data (name, description, id, …) and all its Access Profiles (name, description, id, its entitlements, …) and write all this in the ticket?

3. When requesting a Role linked to 2 different disconnected sources (i.e. one of its Entitlement is on DiscSource1 and another Entitlement is on DiscSource2), how many tickets get opened?

4. When requesting a Role linked to both Disconnected and Connected sources (i.e. one of its Entitlement is on DiscSource1 and another Entitlement is on ActiveDirectory), how many tickets get opened?

5. How is the provisioning handled?

6. Is it possible to open one single ticket when requesting multiple Access Items at the same time on Request Center for the same user on one single Sources?

7. Is it possible to open one single ticket when requesting multiple Access Items at the same time on Request Center for the same user on different Sources?

8. Is it possible to open one single ticket when requesting multiple Access Items at the same time on Request Center for different users on one single Sources?

9. Is it possible to open one single ticket when requesting multiple Access Items at the same time on Request Center for different users on different Sources?

PROVISIONING

1. When a ticket is closed on ServiceNow and SailPoint reads the new state, does the provisioning occour automatically?

2. The requested Access Items are automatically provisioned on SailPoint accounts, on the Disconnected Sources?

3. Does it apply to Access Items requests?

4. Does it apply to personal data change requests?

5. If the automatic provisioning does not occour, how can we handle it? This is critical for audit reasons.

6. ServiceNow comments left on the ticket can be retrieved and added as Request comments?

7. In general, is it possible and how is it possible to retrieve ServiceNow comments for a ticket?

ATTRIBUTE SYNC

1. For a Disconnected Source we may want to enable the Attribute Sync. For example, we integrate ActiveDirectory in ServiceDesk too.
2. In this case how would the Attribute Sync work? When a synced attribute changes, does it open a new ticket?
3. Would the attribute change trigger a new ticket creation?
4. How would the provisioning work?

SOURCES

1. If I select a Connected Source and set it in the Service Desk integration, what does happen to the source? Does it stop all provisioning actions?

2. Is it possible to have a set a Connected Source in the Service Desk integration and keep both the automatic provisioning and the tickets?

3. If our Disconnected Source do not have the possibility to create a file or any input for the SailPoint Source, how is it possible to integrate them?

4. Is there any restriction on Source types that can be integrated as Service Desk?

5. Which types of Sources can be both Disconnected and perform aggregations?

EMAILS

1. Does SailPoint send emails when a ticket is created?
2. Does SailPoint send emails when a ticket changes state?
3. Does SailPoint send emails when a ticket is closed?
4. Does SailPoint send emails when a ticket is closed and the provisioning has been completed?

VARIABLES

1. We know about $plan, $plan.requests and $request.items variables. For both the requester and the requestee, we need to recover additional information like Center of Cost, Org Unit, OU Description, … and write them automatically in the ticket. Is this possible and how? ==> It is possible via but you have to use a before provisioning rule. Service Desk Configuration have a default provisioning roles and it can be customized

2. If not possible, what alternatives do we have?

3. Is it possible to include in the tickets the Requestor comments? How?

4. Is it possible to include in the tickets the Approvers comments? How?

5. Does anyone have the entire list of variables at our disposal in Service Desk intergrations? ==> This can help you : Working with Velocity Template Language in ITSM Ticketing - Compass

ACCESS ITEM REQUESTS

1. When requesting an Access Profile, is it possible to retrieve all its Entitlement data (name, description, id, …) and write it in the ticket? ====> Yes it is possible through Before provisioning rule
   3. When requesting a Role, is it possible to retrieve all its Entitlement data (name, description, id, …) and all its Access Profiles (name, description, id, its entitlements, …) and write all this in the ticket? ====> At ticket level we didn’t have any information regarding requested access profile or Role . We have only the entitlements to add or remove

2. When requesting a Role linked to 2 different disconnected sources (i.e. one of its Entitlement is on DiscSource1 and another Entitlement is on DiscSource2), how many tickets get opened? ==> It depends off service desk type that you use. If it is servicenow for example for requested roles together you have one ReQ and multiple RITM. For generic connector, you have two differents ticket.

3. When requesting a Role linked to both Disconnected and Connected sources (i.e. one of its Entitlement is on DiscSource1 and another Entitlement is on ActiveDirectory), how many tickets get opened? ==> Automatic entitlement wil be provision automatically and ticket will be created for disconnected sources entitlements

4. How is the provisioning handled?

5. Is it possible to open one single ticket when requesting multiple Access Items at the same time on Request Center for the same user on one single Sources? ==> For single sources entitlements are always grouped

6. Is it possible to open one single ticket when requesting multiple Access Items at the same time on Request Center for the same user on different Sources?

7. Is it possible to open one single ticket when requesting multiple Access Items at the same time on Request Center for different users on one single Sources?

8. Is it possible to open one single ticket when requesting multiple Access Items at the same time on Request Center for different users on different Sources?

*=> this is the default behavior depending on Service desk connector type

Regarding all of other mentionned points, if you have Professionnal service in your project it will better to request they help for desining.

Hello @baoussounda,
thank you for your information!

Regarding the Before Provisioning Rule there’s one thing that I am missing. Since the Rule has fixed inputs and no outputs, how can I leverage it to retrieve additional information like Identity Attributes, Account Attributes and so on?

Finally, since it’s a Cloud Rule when and how do I explicitly call the Before Provisioning Rule?

Hi @Markharoll , inside rules it is possible to call functions to retrieve identity attributes and add them in provisioning plan arguments and then after in your ticket they can be used.

I know that I can retrieve Identity and Account attributes, my question is “When I am writing the ticket description, how do I call the Rule and extract the computed data (e.g. the Cost Center of the Identity)?”

hi Marco,
Here when the user makes a request before it reaches the SDIM your BPR gets triggered if you have attached to the source properly. So all the computed values will be in the plan and you have to use the correct keywords in the ticket to populate the values.

Hello @udayputta,

to make an example, in the Rule I update the $plan variable by setting new attributes like:

String plan.identity.costCenter = identity.getAttribute("CDC");

and then in the ticket description I can retrieve the costCenter with:

#if ($plan.identity.costCenter) User Cost Center: $plan.identity.costCenter #end

Would this be correct?

You have to do this way. Set the costCenter in Attributes and access it.

String costCenter = (String) plan.getIdentity().getAttribute("Cost Center");
sailpoint.object.Attributes attributes = plan.getArguments();
attributes.put("costCenter", costCenter);

Then in the ticket desc if you use this it should work
$plan.arguments.costCenter

Thank you @udayputta,

At this point I should be able to retrieve the requestee data (its Identity Attributes).

Once implemented the Rule, since it’s a Cloud Rule, do I have to open a ticket to Expert Services to get it deployed?
Moreover, how do I link the Rule to the Service Desk integration?

Hi @Markharoll

Service Desk Configuration as default rule with an existing logic :

image488×102 4.74 KB

So if you need to customize it, you have get this default rule (by asking your project profesionnal services for example), rename it and customize.

As other cloud rule this deployment required support ticket.

Once your new rule is deployed, you can get the id and update your SDIM config by using vscode plugin or patch-before-provisioning-rule | SailPoint Developer Community

Thank you @baoussounda and @udayputta! I managed to get this to work thank s to your examples.

Now I am left with 2 main doubts about the Service Desk integration:

1. If I select a Connected Source and set it in the Service Desk integration, what does happen to the source? Does it stop all provisioning actions? Is it possible to have a set a Connected Source in the Service Desk integration and keep both the automatic provisioning and the tickets?
2. Is it possible to retrieve approver comments (for all approval steps) and provide them in the ticket? I tried several variables but none worked. How could I retrieve approvers comments?

Hello @Markharoll

automatic provisioning and the tickets? ==> You can test that but only one provisioning channel will be selected and i think it will be the ticket. And service integration is used mainly for flat file source.

You can try, but i’m not sure also :

$!{request.comments}

Sadly no, it doesn’t work.
I tried with the following but none has worked:

• $request.arguments.comments
• $request.comments

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.