we have a requirement for AD related group provisioning request. These requests are submitted in ServiceNow portal and provisioning be handled by SailPoint ISC. In short, SailPoint ISC should be reading the service now request to create a plan and be processed by custom workflow in SailPoint. Once the request is provisioned, ISC should update the service now ticket and close it.
I have come up with a rough roadmap to achieve this integration as follows:
Identify integration requirements
Configure ServiceNow outbound integration
Configure SailPoint inbound integration
Define mappings, transformations and provisioning
Implement request item creation in SailPoint
Implement fulfillment and update in ServiceNow
Test and monitor the integration
Handle error scenarios and exceptions
As this would make bidirectional api calls, would anyone help me with the available api information ?
Also, I would appreciate the suggestion on this kind of implementation and design flow?
Just curious, but what is leading you to create a custom workflow in sailpoint instead of just submitting requests to the /v3/access-requests API endpoint? You can then just monitor the request status from the servicenow workflow
have you considered the ServiceNow Service Catalog integration? Users can make requests directly within ServiceNow for access objects marked as requestable, and then you can handle approvals and whatnot in SailPoint.
the requirement has a case where anytime the provisioning fails, SailPoint ISC should add comment on the SNOW ticket and send notification to a AD team. Hence, I was curious if we have to create a custom workflow in ISC. I ll be glad to hear your suggestion into this.
My end to end development approach is as follows:
AD related catalog item request in ServiceNow should create a request in SailPoint after all approvals are completed in SNOW.
Based on the request, SailPoint ISC will handle the provisioning of the request. A plan will be provisioned to user AD account. Question here would be can the provisioning plan be customized if required?
Add notifications for completion of the provisioning. Incase of failure, notify AD team and add comment in to the SNOW ticket.
Update and close the SNOW tickets based on the request provisioning completion in SailPoint ISC.
Please suggest me if my holistic implementation needs a correction.
Hi Mark I will check this approach too. Would you enlighten me from SailPoint ISC perspective if we can implement customizations like approval, notification and error handling for the requests created. Is the ServiceNow Service Catalog integration bidirectional meaning the request statuses are always synched? Please guide me with prerequisite for ServiceNow Service Catalog integration?
The catalog integration (in my opinion) is intended for orgs who don’t have a ton of needs for customization and need something off-the-shelf they can implement quickly.
The most flexibility you will get is with the approvals, which you can watch my live stream on that topic to find out more
You don’t really have any control over the notifications, but you can always modify the workflow it comes with to fire events to send specific notifications if you want.
The /v3/access-request-status endpoint will show any errors that occurred during provisioning.
When I wrote my own custom ServiceNow workflows to use ISC for provisioning, I had the workflow periodically poll this endpoint. If the access request failed, then I had a condition on that activity (activity.result == ‘failed’) catch that and create a catalog task for the team to investigate the root cause. This eliminates the requirements for a bi-directional integration
