ServiceNow ServiceDesk Connector for Incident Request

Hi All,

We have successfully implemented ServiceDesk connector for Servicenow “Service Request”, but unable to create an “Incident Request” for failures.

How to map provisioning failures on Service Desk application.

There are no documents that contain “Incident Request” information.

Waiting for the response, Thanks in advance.

Thanks,
Suresh

Hi Suresh,

Please refer to the chapter “IdentityIQ for Service Desk
in doc for IIQ 8.2https://community.sailpoint.com/t5/IdentityIQ-Connectors/8-2-IT-Service-Management-Infrastructure-Modules/ta-p/196547 ServiceNow Service Desk Connector (ServiceNow SDIM) supports Service Request or Change Request or Incident tickets types.
One SDIM application in IdentityIQ will create the same ticket type for all the configured applications defined in ManagedResource.
In the SDIM configuration file, you can only set one ticket type at a time, it will cater to all the managed resources /applications for all provisioning types of operation.

~Regards,
Murali Dhar

Hi @murali_kundu ,

Thanks for your input, For one SDIM application we can generate only one type of request at a time, then Can we create another SIDM application with another ticket type?

Is it the correct understanding?

Can you explain how to configure the “incident request” here

<entry key="incident">
        <value>
          <Map>
            <entry key="provision">
              <value>
                <Map>
                  <entry key="resource" value="/api/now/import/x_sap_sdim_incident"/>
                  <entry key="responseElement" value="result[0].display_value"/>
                  <entry key="request">
                    <value>
                      <Map>
                        <entry key="u_description" value="#foreach($req in $plan.requests) #if($req.operation == 'Create') Create Account on application $req.resource #else For $req.id in application $req.resource #end #if($req.items) $newline  #foreach($item in $req.items) #if ($item.name == '*disabled*' &amp;&amp; $item.value == 'true') Disable Account. $newline #elseif ($item.name == '*disabled*' &amp;&amp; $item.value == 'false') Enable Account. $newline #elseif ($item.name == '*locked*' &amp;&amp; $item.value == 'false') Unlock Account. $newline #else $!item.Operation $item.name: $item.value $newline #end #end #else $newline $!req.Operation Account #end #end" />
                        <entry key="u_short_description" value="IdentityIQ Access Request $!plan.arguments.identityRequestId" />
                        <entry key="u_opened_by" value="$!plan.arguments.opened_by" />
                        <entry key="u_caller_id" value="$!plan.arguments.requested_for" />
                        <entry key="u_impact" value="3" />
                        <entry key="u_urgency" value="3" />
                        <entry key="u_assignment_group" value="Service Desk" />
                        <entry key="u_contact_type" value="email" />
                      </Map>
                    </value>
                  </entry>
                </Map>
              </value>
            </entry>
            <entry key="checkStatus">
              <value>
                <Map>
                  <entry key="resource" value="/api/now/table/incident" />
                  <entry key="responseElement" value="$.result[0].incident_state"/>
                  <entry key="closureCodeResponseElement" value="$.result[0].close_code"/>
                  <entry key="checkStatusQueryParam">
                    <value>
                      <Map>
                        <entry key="sysparm_query" value="number=$ticketId" />
                        <entry key="sysparm_fields" value="incident_state,close_code" />
                      </Map>
                    </value>
                  </entry>
				</Map>
              </value>
            </entry>
          </Map>
        </value>
      </entry>

HI Suresh,

Yes, you can create another SIDM application with another ticket type, but ensure that you donot configured the same applications under ManagedResource mapping else it will cause issue to resolve the SDIM application for which the IdentityRequest / provisioning plans needs to be submitted.

In short you can have as below:
ServiceNow SDIM1 ==> Creates Service Request tickets for applications A, B, C
ServiceNow SDIM2 ==> Creates Incident tickets for applications P,Q,R
ServiceNow SDIM3 ==> Creates Change Request tickets for applications X,Y,Z.

As, I have shared the IdenitiyIQ 8.2 DOC link Sign In to Compass - Compass, you can see on that how to configure different (select) ticket type for an ServiceNow SDIM.

In the iiqHome/WEB-INF/config/connector/IdentityIQforServiceNowServiceDesk.xml , you need to update the “ticketType” entry key as directed:

  <entry key="templateApplication" value="ServiceNow Service Desk"/>
  <!-- 'ticketType' can be serviceRequest or incident or changeRequest -->
  <entry key="ticketType" value="serviceRequest" />

~Regards,
MuraliDhar

Thanks for your answer @murali_kundu ,

I will check this and let you know the status.

Thanks,
Suresh

hi @murali_kundu ,
related to your statement -
ServiceNow SDIM2 ==> Creates Incident tickets for applications P,Q,R

the documentation does’t seem to have specific details for incident type (and only specific sections for service request). Few questions for incident type -
a) can a single servicenow app using IdentityIQforServiceNowServiceDesk be used for creating incidents for multiple apps ?
b) How do i specify u_cmdb_ci , u_description and u_assignment_group for multiple apps in this scenario (using planinitializer rule)?
c) ManagedResource will have a references of all apps in this scenario ?

HI @aditya_pathak,

a) Yes a single ServiceNow Service Desk application can be used for creating incidents for multiple IdentityIQ applications.
You can also configure multiple ServiceNow Service Desk applications into the IdentityIQ, where each can cater to specifically one or distinct groups of IIQ applications, as per organizational need.

b) If you have configured multiple applications under tag for Incident ticket type, which will create only a single Incident. So these fields which are referenced one can have only one value, but for string type fields like Description can have multi-line info.
For customizing planinitializer rule you need to get in touch with SailPoint Services / Expert Services team for doing it.

c) Yes the list of applications that are mentioned under tag in the specific IdentityIQforServiceNowServiceDesk application instance will be served by that particular instance of Service Desk application (ServiceNow SDIM).

Hi All

I have no problem creating and checking on the incidents I am creating on ServiceNow. However, the u_short_description seems to have a 40-character limit. Is this a limit set by servicenow or sailpoint on x_sap_sdim_incident table?
Previous versions with SOAP interface don’t seem to have that limitation.

Thanks.
Pasha

I am facing an issue with servicenow assignment group. it is works fine when provisioning plan contains single account request and assignment group is getting updated based on the custom mapping file values which is configured in plan initializer rule. But whenever the provisioning plan contains more than one account request for servicenow integration, same assignment group is assigned to all the applications. does anyone came across similar situation like this?. Suggestions or inputs or any code snippets to resolve this issue will be really helpful.

Hi Murali,

We are currently using just the serviceRequest ticketType in the IdentityIQforServiceNowServiceDesk.xml file. But now, we have got a requirement to create incident automatically in ServiceNow.
So, I have a doubt regarding changing the ticketType from serviceRequest to incident. Should we include another entry key of ticketType for incident and include the dummy applications that use incident ticketType in the managedResources section.
And also, I have to include the managedResources section for serviceRequest ticketType as well right so that IIQ knows for which application which ticketType is used.

Is my understanding correct?

Thanks,
Uma