ServiceNow Service Catalog Integration Testing Error

Hi all,

I am working on the ServiceNow Service Catalog Integration, we have completed the integration in sandbox and requested a role from ServiceNow Catalog. After the approval the request was created in SailPoint and Provisioning was completed too and no errors. However, when we test the same flow from the production it gives us “Failed creating access request. IDN User session is expired” error. We are using the OAuth 2.0 (ClientID and ClientSecret) for authentication, so not sure what went wrong, anyone come across such issue?

Thanks,
Karthi

Is the test connection functioning, and is the user active on ServiceNow? see if this helps, Troubleshooting (sailpoint.com)

Hi Sunny,

The test connection to Governance connector is working and we are able to get the user and AP/Role information in ServiceNow Catalog connector with out any issues. Moreover we are able to submit the request too, it’s failing after the approval completion in ServiceNow side (screenshot attached).

Thanks,
Karthi

Please check out this post for solution

Hi Anshu,

I have checked the link already, there the issue was related to the refresh token type used in the grant flow. But in our case we are using the Client Credentials, so this issue seems to be something different.

Thanks,
Karthi

@Karthikeyan_U

Are you using PAT token? And also ensure that besides granting the scope:all permission, the user has the admin org permission on ISC.

Thanks

Hi Anshu,

You are right, all those was taken care while the integration itself. The main problem is the same implementation is working in Dev and not working in Production.

Thanks,
Karthi

@Karthikeyan_U

Thinking out loud, during selection of identities and the selecting the accesses (AP/role/entitlement) via SNOW UI, SNOW is doing the GET call to ISC. The only time you are doing a POST request is when SNOW submits the access request to ISC post approval and it is failing.

Not sure if you have seen this post:

Thanks

Hi Anshu,

Thanks for the directions.
The Integration account we are using has the Admin privilege in IDN and the PAT created with scope set to all. Even we have used those PAT credentials in Postman to create Access Request and we see access request was getting created successfully. So, we don’t see any issue with the Integration account and it’s privileges.

I suspect there is some issue with ServiceNow side, but still looking for root cause.

Thanks,
Karthi

I would recommend checking the ticket workflow on ServiceNow side and identify the step that is failing. This should help you get to the root cause.