Page Comparison

The EmpowerID Orchestration Pack for ServiceNow provides ServiceNow process designers with workflow activities, web services, example workflows, and flows to embed EmpowerID capabilities within their ServiceNow business processes. EmpowerID includes a job that synchronizes and maintains an up-to-date list of requestable groups and roles from the EmpowerID Identity Warehouse to custom tables in your ServiceNow tenants. Using the embedded EmpowerID workflow activities in your ServiceNow workflows, users can request access to entitlements in any EmpowerID-connected system from the familiar ServiceNow Service Catalog. In addition, the Orchestration Pack can integrate an AI-powered chatbot virtual assistant, the EmpowerID Bot, into ServiceNow. With the bot, users can perform secure self-service, such as resetting their passwords, at any time within the ServiceNow portal.
The orchestration pack allows you to incorporate the power of EmpowerID's Compliant Access Delivery platform into your business processes, enhancing those processes with EmpowerID's end-to-end security. This ensures that only users with the necessary access level can initiate any ServiceNow business process that uses the activities within the pack, routing those processes for further approval where required. Upon approval, immediate fulfillment occurs in ServiceNow and any other target systems. EmpowerID maintains an audit log of these processes that is permanently stored in the Identity Warehouse with the details of "who, what, where, and when." This gives you visibility over any activity occurring in ServiceNow that uses the flow or workflow activities in the orchestration pack.

Example Workflows

Example workflows included in the orchestration pack include those listed below. While these example workflows can be used in production without modification, they are intended to be leveraged by ServiceNow process designers in existing and future workflows. For an example of using an EmpowerID workflow as a subflow for another workflow, see Extend ServiceNow with the Orchestration Pack.

EID – New Hire

This workflow is built to create a new user using the EmpowerID APIs. The workflow invokes the Admin Approval activity when a new hire request is submitted. Currently, this is a placeholder activity that sends an approval request to the system administrator to demonstrate approvals. Once approved by the system admin (If rejected, the request is marked as “closed incomplete,” and the workflow ends.), the workflow proceeds to execute the Run Script block. This block receives the input parameters from the submitted request form and triggers the API call to EmpowerID using these details. The details about the API call can be found in the Integrations section of this document. Once the call is made, the request is marked as “closed complete,” and the workflow ends.

EID – Add User to Group

This workflow is built to add users to a group within EmpowerID. When a request is submitted using this workflow, it runs a script block named “Subflow variable mapping.” This is an important step in case we want to use the EmpowerID workflow as a subflow in an existing customer workflow. The second step is the Approval activity, which is currently approved by the system administrator. Once approved (if rejected, the workflow sets the state of the request as “closed incomplete” and ends here), the workflow continues to the third step, which is where the actual API call to EmpowerID is made with all required parameters. Please refer to this article's Integrations section to know the API's details. After a successful call, the workflow marks the state of the RITM as “Closed Complete” and ends.

EID – Request Management Role

This workflow is built to associate a management role to a user within EmpowerID for a specified duration of time. At the very beginning, the workflow runs a script block that deals with variable mapping in the case when this workflow is being used as a subflow. The second step is the approval activity, which is currently approved by the system administrator. Once approved (if rejected, the workflow sets the state of the request as “closed incomplete” and ends here), the workflow continues to the third step, which is where the actual API call to EmpowerID is made with all required parameters. Please refer to this document's Integrations section to know more about the API's details. After the successful call, workflow marks the state of the RITM as “Closed Complete” and ends.

Example Flows

EmpowerID provides custom flows within the orchestration package to automate specific tasks within the ServiceNow platform. These flows offer functionalities similar to those covered in EmpowerID workflows. The flows can be seamlessly integrated into your existing processes or modified to meet your unique requirements.

EID – New Hire Flow

This EID - New Hire is designed to create a new user by utilizing the EmpowerID APIs. Whenever a new hire request is submitted, the flow triggers the Admin Approval activity. This activity sends an approval request to the system administrator to decide on the approval process. If the admin rejects the request, it is marked as "closed incomplete," and the flow ends. Once the system admin approves the request, the flow proceeds, and the input parameters from the submitted request form are used to trigger the API call to EmpowerID. You can find more information about this API call in the Integrations section of this document. Once the API call is made successfully, the request is marked as "closed complete," and the flow ends.

EID – Add User to Group Flow

This flow is designed to add users to a group in EmpowerID. When a request is submitted, the flow retrieves the catalog item variable. The next step is the Approval activity, which the manager currently approves. Once approved, the flow moves to the third step, where an API call to EmpowerID is made with all required parameters. The details of the API can be found in the Integrations section of this article. If the request is rejected, the flow sets the state of the request as “closed incomplete” and stops. After a successful call, the flow marks the state of the RITM as “Closed Complete” and ends.

EID – Request Management Role

This flow is designed to assign a management role to a user in EmpowerID for a specific period of time. Initially, the flow retrieves the catalog variables from EID by requesting the management role. The second step involves an approval activity, which is approved by the approver designated to the management role or the default approver. If the request is rejected, the flow will set the request's state to "closed incomplete" and end. After approval, the flow proceeds to the third step, where the necessary parameters are used to make an API call to EmpowerID. For more information on the API's specifics, please refer to the Integrations section of this document. The flow marks the RITM's state as "Closed Complete" upon a successful call and ends.

Data Model

The Orchestration Pack data model includes custom Groups and Management Roles data required for the EmpowerID workflows. In order to keep the customer namespace uncluttered, EmpowerID does not use the default out-of-the-box tables for groups and roles, as many EmpowerID-specific attributes need to be maintained. The data for these custom tables is updated by EmpowerID via inbound API.

Tables

Insert excerpt
IL:External Stylesheet IL:External Stylesheet nopanel true

Integrations

Anchor
integrations integrations

The EmpowerID Orchestration Pack has a number of inbound and outbound integration APIs defined. These integrations form the core of communication between ServiceNow and EmpowerID. The API includes the following HTTP methods for the EmpowerID components affected by the activities and workflows of the Orchestration Pack. This information is included as reference material. To view it, expand the headings.

GET https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/getMgmtRolesGuid 

curl "https://YourServiceNowInstance/api/x_36687_eid/eid/getMgmtRolesGuid" \
--request GET \
--header "Accept:application/json" \
--user 'admin':'admin'

GET https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/getMgmtGroupsGuid 

curl "https://YourServiceNowInstance/api/x_36687_eid/eid/getMgmtGroupsGuid" \
--request GET \
--header "Accept:application/json" \
--user 'admin':'admin'

POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/mgmtroles 

[ //Array of records
  {
    ‘<column name>’: ‘<value>’
    'management_role_guid': 'd9896948-b708-420e-ae6c-4cb038180159',
    'friendly_name':'Friendly Name Five',
    'valid_from': '2018-07-31 21:43:11',
    'valid_until': '2018-08-22 21:43:11',
    'description': 'Test Description Five',
    'name': 'Five Management Role',
    .
    .
    .
  },
  {
    'management_role_guid': 'd9896948-b908-420e-ae6c-4cb038180159',
    'friendly_name':'Friendly Name Six',
    'valid_from': '2018-07-31 21:43:11',
    'valid_until': '2018-08-22 21:43:11',
    'description': 'Test Description Six'
  },
  .
  .
  .
]

POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/mgmtgroups 

[ //Array of records
  {
    ‘<column name>’: ‘<value>’
    'group_guid': 'd9896948-b708-420e-ae6c-4cb038180159',
    'friendly_name':'Friendly Name Five',
    'valid_from': '2018-07-31 21:43:11',
    'valid_until': '2018-08-22 21:43:11',
    'description': 'Test Description Five',
    'name': 'Five Group',
    .
    .
    .
  },
  {
    'management_role_guid': 'd9896948-b908-420e-ae6c-4cb038180159',
    'friendly_name':'Friendly Name Six',
    'valid_from': '2018-07-31 21:43:11',
    'valid_until': '2018-08-22 21:43:11',
    'description': 'Test Description Six'
  },
  .
  .
  .
]

POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/deleteMgmtRoles 

curl "https://YourServiceNowInstance/api/x_36687_eid/eid/deleteMgmtRoles" \
--request POST \
--header "Accept:application/json" \
--user 'admin':'admin'

POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/deleteMgmtGroups 

curl "https://YourServiceNowInstance/api/x_36687_eid/eid/deleteMgmtGroups" \
--request POST \
--header "Accept:application/json" \
--user 'admin':'admin'

https://{FQDN_OF_Your_EmpowerID_Web_Server}/api/services/v1/workflow/start

{
    "Name": "SNOWCreatePersonAdvanced",
    "InputParameters": {
 {       "TargetPerson": {
:     {       "LastName": "${FirstName}",
            "FirstName": "${LastName}",
            "Password": "${Password}",
            "Email": "${Email}",
            "Login": "${Username}",
            "Company": "${Company}",
            "Department": "${Department}",
            "Title": "${Title}",
            "Telephone": "${PhoneNumber}",
        },
	        "GroupsToAddGuids" : "${MgmtGroupsToAdd}",
	
        "GroupRequestInitiator" : "${GroupRequestInitiator}",
	        "GroupRequestApprover" : "${GroupRequestApprover}",
	
        "GroupStartAccess" : "${GroupStartAccess}",
	
        "GroupEndAccess" : "${GroupEndAccess}",
        "ManagementRoleToJoinGuids" : "${MgmtRolesToAdd}",
	        "ManagementRoleRequestInitiator" : "${RolesRequestInitiator}",
	
        "ManagementRoleRequestApprover" : "${RolesRequestApprover}",
	        "ManagementRoleStartAccess" : "${RoleStartAccess}",
	
        "ManagementRoleEndAccess" : "${RoleEndAccess}",
        "RequestID": "${RequestID}",
        "Manager": "${Manager}",
	
        "AccountStoreGUID" : "${AccountStoreGUID}"F4047F57-0AFE-478D-BB2B-2E5F6E8C50FE"
    },
    "OutputParameters": [
        "BusinessProcessTaskID"
    ]
}

https://{FQDN_OF_Your_EmpowerID_Web_Server}/api/services/v1/workflow/start

{
  "Name": "SnowUpdatePersonDirectAssignment",
  "InputParameters": {
    "TargetPersonLogonName": "${TargetPersonLogin}",
    "GroupsToAddGuids": "${GroupToAssign}",
    "GroupsToRemoveGuids": "${GroupsToRemove}",
    "RequestInitiator": "${Requester}",
    "RequestApprover": "${Approver}",
    "AccountStoreGUID": "F4047F57-0AFE-478D-BB2B-2E5F6E8C50FE"
  },
  "OutputParameters": [
    "BusinessProcessTaskID"
  ]
}

https://{FQDN_OF_Your_EmpowerID_Web_Server}/api/services/v1/workflow/start

{
    "Name": "SNOWUpdatePersonMgmtRole",
    "InputParameters": {
        "TargetPersonLogonName": "${TargetPersonLogin}",
        "ManagementRoleToJoinGuids": "${ManagementRoleToJoin}",
        "ManagementRoleToLeaveGuids": "${ManagementRoleToLeave}",
        "RequestInitiator": "${Requester}",
        "RequestApprover": "${Approver}",
        "AccountStoreGUID": "F4047F57-0AFE-478D-BB2B-2E5F6E8C50FE",
        "StartAccess": "${StartDate}",
        "EndAccess": "${EndDate}"
    },
    "OutputParameters": [
        "BusinessProcessTaskID"
    ]
}

Deploy the Orchestration Pack to ServiceNow

Extend ServiceNow with the Orchestration Pack

Configure Service Catalog Requests