I am working on the ServiceNow Service Catalog Integration, we have completed the integration in sandbox and requested a role from ServiceNow Catalog. After the approval the request was created in SailPoint and Provisioning was completed too and no errors. However, when we test the same flow from the production it gives us “Failed creating access request. IDN User session is expired” error. We are using the OAuth 2.0 (ClientID and ClientSecret) for authentication, so not sure what went wrong, anyone come across such issue?
The test connection to Governance connector is working and we are able to get the user and AP/Role information in ServiceNow Catalog connector with out any issues. Moreover we are able to submit the request too, it’s failing after the approval completion in ServiceNow side (screenshot attached).
I have checked the link already, there the issue was related to the refresh token type used in the grant flow. But in our case we are using the Client Credentials, so this issue seems to be something different.
You are right, all those was taken care while the integration itself. The main problem is the same implementation is working in Dev and not working in Production.
Thinking out loud, during selection of identities and the selecting the accesses (AP/role/entitlement) via SNOW UI, SNOW is doing the GET call to ISC. The only time you are doing a POST request is when SNOW submits the access request to ISC post approval and it is failing.
Thanks for the directions.
The Integration account we are using has the Admin privilege in IDN and the PAT created with scope set to all. Even we have used those PAT credentials in Postman to create Access Request and we see access request was getting created successfully. So, we don’t see any issue with the Integration account and it’s privileges.
I suspect there is some issue with ServiceNow side, but still looking for root cause.