ServiceNow Service Desk - Self Service Request for Certification Campaigns

Hi Team,

I have a question: Is there a way to create a mechanism in ServiceNow that allows users to select specific access from a predefined table and triggers the creation of a certification campaign in IdentityNow upon submission. I am curious if anyone has been successful in executing this use case:

Example Flow

1. User Interaction: A user logs into ServiceNow and navigates to the Self-Service Request form.
2. Access Selection: They select their desired access (e.g., “Sales Application Access”) from the dropdown populated by the predefined access table.
3. Submission: Upon submitting the request, the workflow kicks in, validating the request against access policies.
4. Approval Process: The request goes through the necessary approval stages.
5. Triggering IdentityNow: After approval, the ServiceNow workflow makes an API call to IdentityNow, triggering the creation of a certification campaign that includes the requested access.
6. Campaign Generation: IdentityNow generates the certification campaign, which can then be reviewed and certified

Yes, this is possible using ServiceNow workflows and SailPoint APIs. Create a ServiceNow form where users select access from a predefined table. After submission and approval, use IntegrationHub or a scripted REST API call to trigger a SailPoint certification campaign. The API payload should include campaign type, access details, and reviewers. Ensure secure authentication between ServiceNow and SailPoint using an integration token.

Hi @mgrant

it’s a great use case that aligns with the ongoing integration trends between ServiceNow and SailPoint IdentityNow.

To answer your query: yes, it is technically possible to build a mechanism in ServiceNow to trigger a certification campaign in IdentityNow, but it requires custom development and careful coordination between both platforms.

How This Can Be Achieved

Here’s how your described flow can be implemented:

1. Predefined Access Table in ServiceNow

• Populate a table with entitlements, access profiles, or application-specific access types.
• Allow users to select from this list via a ServiceNow catalog item or form.

2. ServiceNow Workflow Configuration

• After the user submits the request and it’s approved through standard ServiceNow approval flows, add a workflow step that performs an HTTP Request (REST API call) to IdentityNow.

3. API Call to IdentityNow – Campaign Creation

• Use the SailPoint IdentityNow /campaigns API to create a campaign.
• The API supports creating manager, application, or entitlement-based campaigns.
• You must ensure the access selected in ServiceNow maps accurately to the entitlement/application in IdentityNow.Example Endpoint (simplified):

4. Payload Construction

• You will need to dynamically construct the JSON body in ServiceNow based on user selections.
• Ensure it includes required parameters like name, type, reviewers, applications, or entitlements.

5. Error Handling & Logging

• Implement error handling in ServiceNow to catch API failures or invalid mappings.
• Optionally log the campaign creation status back to the ServiceNow request.

I am currently working on implementing entitlement, access profile, and role provisioning based on requests submitted through ServiceNow. Once the request is approved in ServiceNow, access will be granted via a REST API call. Below is an example of the workflow configured in ServiceNow to achieve this integration.

image2332×1168 293 KB

Did you create this ServiceNow workflow?

This workflow is in reference to the last topic you mentioned.

Step-by-Step Guide for ServiceNow Service Catalog Integration with SailPoint IDN - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community

We are actively working on this to ensure the client’s requirements are fully met.

I appreciate your valuable input on the last topic, @mcheek.

Awesome this is great news.! Thanks for chiming in Mavitha

Thanks Harsh, These steps require a SNOW Team that is well versed in configuring workflows in SNOW correct?

Yes Exactly @mgrant, They can help to build workflow, you just need to provide end point API to them.

Awesome! WOuld it be this API create-campaign | SailPoint Developer Community?

Also, the use case requires the person submitting the Self Service Request to upload a CSV with the access items in it - into the request. It would be for a disconnected application. Can the Workflows from both platforms handle this data ingestion?

I personally wouldn’t recommend allowing users to upload a csv because frankly, most users are bad at forms in general, and you want them to give them as little control over variables as possible.

If you want to pull in access items from a specific source for a user to select, you can do that using a catalog client script that populates a select box. This limits the user to requesting a single access item at a time.

If you wish to allow multiple item selection, that requires a list collector, which requires that the data be in a ServiceNow table. I’ve certainly had use cases that call for this, but custom tables in ServiceNow can be a non-starter for some orgs.

This makes sense my friend. Strick adherence to completing the form correctly would need to be done to ensure the campaign is created properly. The catalog client script would be part of the SNOW Workflow correct? Sounds like it will take some careful planning and communication to make this as effortless as possible.

The catalog client script is what runs in the portal when the user opens the form.

I hadn’t realized you were talking about this in the scope of a campaign review instead of an access request, but the suggestions still broadly align.

Sounds doable - a bit complex - but doable. This is good information. Thanks Mark.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.