Share all details about your problem, including any error messages you may have received.
ServiceNow ticket management is configured through IdentityIQ for ServiceNow Service Desk. In case of entitlement revoke through access request, servicenow ticket is created and it is updated in respective access request and its status is also fetched correctly from ServiceNow.
When a entitlement revoke action is performed from a certification in IIQ, no access request is created but it has created ServiceNow ticket. So where this ticket information is stored and how status is tracked for this type of ServiceNow tickets created for entitlement revoke operations from certification?
Hi @ksheetij_thorat
when entitlement revocation is triggered from a certification, no Access Request is created, so ServiceNow does not use Access Request related tables.
From where ServiceNow gets the data:
The certification revocation decision is stored in spt_certification_item.
Certification remediation generates a provisioning transaction, which is stored in spt_provisioning_transaction.
The ServiceNow ticket is created from the provisioning workflow/integration step, using the data present in the provisioning transaction.
Ticket status updates are also synchronized back to spt_provisioning_transaction, not to Access Request tables.
In general certification-based revocations, ServiceNow ticket creation and tracking flow is: spt_certification_item - >remediation provisioning - >spt_provisioning_transaction ->ServiceNow ticket & status sync
Thank you @saiprashanth88 for sharing inputs. Actually, this ServiceNow ticket information is stored in Provisioning transaction as you mentioned but its status is set as âqueuedâ as mentioned below.
Even after ServiceNow ticket is marked âClosed Completeâ in ServiceNow. But at SailPoint side status remains same as âqueuedâ. It should change to âCommitedâ as per statusMap. Perform Maintenance task is scheduled and its getting executed.
Please let me know if you have any pointers on this. Thank you.
Hi @ksheetij_thorat
The status will change from queued to committed only when IdentityIQ receives a successful completion response back from ServiceNow. Verify statusMap configuration in ServiceNow application, make sure Closed Complete is mapped to committed correctly in statusMap.
Check ServiceNow Provisioning Rule or After Operation Rule
Confirm that rule updates ProvisioningResult status to committed after ticket closure.
Actually, status is correctly mapped in statusMap. And thatâs why it is able to correctly fetch status of closed ticket which is created for access request revoke operations. It is not able to fetch status for certification revoke operations even though ticket id and its initial status is added in provisioning transaction. We have enabled logs as well but no errors observed while invoking API calls.
There is no access request is created, you can track it from Admin console, by filtering the source as certification or other filtering information. If there is any failure, you will see it there.