Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

The EmpowerID Orchestration Pack for ServiceNow

...

is a comprehensive suite of tools that helps process designers enhance ServiceNow business processes. It includes workflow activities, web services,

...

example workflows

...

, and flows that work seamlessly with EmpowerID capabilities within

...

ServiceNow

...

environments. One of the key features of this integration is the synchronization job from EmpowerID, which maintains an up-to-date list of

...

groups and roles from the EmpowerID Identity Warehouse

...

in custom tables

...

within ServiceNow tenants.

...

With the

...

EmpowerID workflow activities embedded in

...

ServiceNow

...

, users can easily request access to entitlements

...

across various systems connected to EmpowerID directly from the

...

ServiceNow Service Catalog.

...

This integration provides a unified access point for all user entitlement needs, streamlining the process and enhancing user experience.

The orchestration pack also introduces the EmpowerID Bot, an AI-powered

...

virtual assistant, into the

...

ServiceNow

...

platform. This chatbot enhances ServiceNow's self-service capabilities, enabling users to perform secure tasks such as password resets autonomously within the portal.

In addition, the orchestration pack includes EmpowerID's Compliant Access Delivery platform, which augments existing business processes with robust end-to-end security

...

and ensures that only authorized users

...

can initiate

...

critical business processes. These processes are configured to route through necessary approval workflows, leading to immediate fulfillment in ServiceNow and any

...

integrated target systems. EmpowerID

...

keeps a record of all processes within ServiceNow using the flow or workflow activities in the orchestration pack. This audit log contains information on the "who, what, where, and when

...

" of the activity, and it is permanently stored in the Identity Warehouse, providing complete visibility over any activity

...

in ServiceNow

...

.

Example Workflows

Example workflows included in the orchestration pack include those listed below. While these example workflows can be used in production without modification, they are intended to be leveraged by ServiceNow process designers in existing and future workflows. For an example of using an EmpowerID workflow as a subflow for another workflow, see Extend ServiceNow with the Orchestration Pack.

EID – New Hire

This workflow is built to create a new user using the EmpowerID APIs.

...

Here’s a detailed overview of each step in the workflow:

  1. Admin Approval Activity: When a new hire request is submitted

...

  1. , the workflow triggers the "Admin Approval" activity. This step currently serves as a placeholder for sending an approval request to the system administrator. Its purpose is to demonstrate how approvals

...

  1. are managed within the workflow.

  2. Approval Outcome Handling:

    • If Approved: If the system administrator approves the request, the workflow advances to the next step.

    • If Rejected: If the request is rejected, the workflow marks the request as "Closed Incomplete," and the process terminates here. This ensures that no further action is taken on an unapproved request.

  3. Run Script Block Execution: Following approval, the workflow executes the "Run Script" block. This script block is crucial as it receives input parameters from the submitted request form

...

  1. . These parameters are essential for making the correct API call to EmpowerID

...

  1. .

  2. API Call and User Creation: Utilizing the parameters obtained from the request form, the workflow calls the EmpowerID API to create a new user account. The specifics of this API call, including the necessary parameters and the API endpoint, are detailed in this document's "Integrations" section.

  3. Completion of the Workflow: Once the API call is successfully made and the new user account is created, the workflow updates the status of the request to "Closed Complete," signaling the end of the process.

Image Added

EID – Add User to Group

This workflow is built to add users to a group within EmpowerID. When a request is submitted using this workflow, it runs a script block named “Subflow variable mapping”. This is an important step in case we want to use the EmpowerID workflow as a subflow in an existing customer workflow. The second step is the Approval activity, which is currently approved by the system administrator. Once approved (if rejected, the workflow sets the state of the request as “closed incomplete” and ends here), the workflow continues to the third step, which is where the actual API call to EmpowerID is made with all required parameters. Please refer to this article's Integrations section to know the API's details. After a successful call, the workflow marks the state of the RITM as “Closed Complete” and ends.

...

EID – Request Management Role

This workflow is built to associate a management role to a user within EmpowerID for a specified duration of time. At the very beginning, the workflow runs a script block that deals with variable mapping in the case when this workflow is being used as a subflow. The second step is the approval activity, which is currently approved by the system administrator. Once approved (if rejected, the workflow sets the state of the request as “closed incomplete” and ends here), the workflow continues to the third step, which is where the actual API call to EmpowerID is made with all required parameters. Please refer to this document's Integrations section to know more about the API's details. After the successful call, workflow marks the state of the RITM as “Closed Complete” and ends.

...

Data Model

The Orchestration Pack data model includes custom Groups and Management Roles data required for the EmpowerID workflows. In order to keep customer namespace uncluttered, EmpowerID does not use the default out-of-the-box tables for groups and roles, as many EmpowerID-specific attributes need to be maintained. The data for these custom tables is updated by EmpowerID via inbound API.

Tables

...

Groups (x_36687_eid_groups)

...

Management Roles (x_36687_eid_management_roles)

...

Column Label

...

Column Name

...

Type

...

Column Label

...

Column Name

...

Type

...

Group GUID (PK)

...

group_guid

...

String

...

Management Role GUID (PK)

...

management_role_guid

...

String

...

Name

...

name

...

String

...

Name

...

name

...

String

...

Distinguished Name

...

distinguished_name

...

String

The "EID – Add User to Group" workflow facilitates adding users to specific groups within EmpowerID, enhancing group management and access control. This workflow interfaces directly with EmpowerID's API, allowing for seamless integration and execution of group membership changes. Below is a step-by-step explanation of the workflow:

  1. Subflow Variable Mapping: Initially, when a request is submitted, the workflow executes a script block titled “Subflow variable mapping.” This step is critical, especially if the workflow is intended as a subflow within an existing customer workflow. It ensures that all variables and parameters from the main flow are accurately mapped and available for the subflow, maintaining consistency and accuracy in data handling.

  2. Approval Process: The subsequent step involves an approval activity, typically overseen by the system administrator. This step validates the request before proceeding with modifications to user group assignments.

    • If Approved: The workflow moves to the next stage, proceeding with the necessary API call to EmpowerID.

    • If Rejected: If the approval is not granted, the workflow marks the request as “Closed Incomplete,” and the process is terminated immediately. This ensures that no unauthorized changes are made.

  3. API Integration and Execution: Upon receiving approval, the workflow executes an API call to EmpowerID. This call is crafted with all the required parameters directly submitted with the request or derived from the initial script block. The specifics of this API call, such as the endpoint and the parameters needed, are detailed in the "Integrations" section of the accompanying documentation.

  4. Workflow Completion: Following a successful API call that adds the user to the designated group, the workflow updates the status of the Request Item (RITM) to “Closed Complete.” At this point, the process concludes, marking the successful addition of a user to a group.

Image Added

EID – Request Management Role

The "EID – Request Management Role" workflow associates a management role with a user within EmpowerID for a designated period. This workflow ensures a streamlined role assignment process through several structured steps:

  1. Initialization and Variable Mapping: At the beginning of the workflow, a script block is executed to handle variable mapping. This step is crucial, especially when the workflow is utilized as a subflow within another process, as it ensures that all variables are accurately aligned for subsequent steps.

  2. Approval Process: The next step involves the approval activity, typically managed by the system administrator. This step determines the continuation of the workflow:

    • If Approved: The workflow moves to the API interaction phase.

    • If Rejected: The workflow sets the request status to “Closed Incomplete” and ends the process immediately.

  3. API Interaction: Following approval, the workflow executes an API call to EmpowerID, using all the required parameters to assign the specified management role to the user. Detailed parameters and configuration for this API call can be found in the document's Integrations section.

  4. Completion of the Workflow: After the successful API call, the workflow updates the Request Item (RITM) status to “Closed Complete,” marking the successful conclusion of the process.

Image Added

Example Flows

EmpowerID provides custom flows within the orchestration package to automate specific tasks within the ServiceNow platform. These flows offer functionalities similar to those covered in EmpowerID workflows. The flows can be seamlessly integrated into your existing processes or modified to meet your unique requirements.

EID – New Hire

This EID - New Hire is designed to create a new user using the EmpowerID APIs. The flow triggers the Admin Approval activity whenever a new hire request is submitted. This activity sends an approval request to the system administrator to decide on the approval process. If the admin rejects the request, it is marked as "closed incomplete," and the flow ends. Once the system admin approves the request, the flow proceeds, and the input parameters from the submitted request form are used to trigger the API call to EmpowerID. You can find more information about this API call in the Integrations section of this document. Once the API call is made successfully, the request is marked as "closed complete," and the flow ends.

image-20240408-142256.pngImage Added

EID – Add User to Group

This flow is designed to add users to a group in EmpowerID. When a request is submitted, the flow retrieves the catalog item variable. The next step is the Approval activity, which the manager currently approves. Once approved, the flow moves to the third step, where an API call to EmpowerID is made with all required parameters. The details of the API can be found in the Integrations section of this article. If the request is rejected, the flow sets the state of the request as “closed incomplete” and stops. After a successful call, the flow marks the state of the RITM as “Closed Complete” and ends.

image-20240408-142123.pngImage Added

EID – Request Management Role

This flow is designed to assign a management role to a user in EmpowerID for a specific period of time. Initially, the flow retrieves the catalog variables from EID by requesting the management role. The second step involves an approval activity, which is approved by the approver designated to the management role or the default approver. If the request is rejected, the flow will set the request's state to "closed incomplete" and end. After approval, the flow proceeds to the third step, where the necessary parameters are used to make an API call to EmpowerID. For more information on the API's specifics, please refer to the Integrations section of this document. The flow marks the RITM's state as "Closed Complete" upon a successful call and ends.

image-20240408-143018.pngImage Added

Data Model

The Orchestration Pack data model includes custom Groups and Management Roles data required for the EmpowerID workflows. To keep the customer namespace uncluttered, EmpowerID does not use the default out-of-the-box tables for groups and roles, as many EmpowerID-specific attributes need to be maintained. EmpowerID updates the data for these custom tables via inbound API.

Tables

Groups (x_36687_eid_groups)

Management Roles (x_36687_eid_management_roles)

Column Label

Column Name

Type

Column Label

Column Name

Type

Group GUID (PK)

group_guid

String

Management Role GUID (PK)

management_role_guid

String

Name

name

String

Name

name

String

Distinguished Name

distinguished_name

String

Friendly Name

friendly_name

String

Is High Security Group

is_high_security_goup

Boolean

Email

email

String

Auto Accept Join Leave Request

auto_accept_join_leave_requests

Boolean

Is High Security

is_high_security

Boolean

Group Usage Type Friendly Name

group_usage_type_friendly_name

String

Auto Accept Join Leave Request

auto_accept_join_leave_requests

Boolean

Friendly Name

friendly_name

String

Requestable

requestable

Boolean

Logon Name

logon_name

String

Risk Factor Total

risk_factor_total

Integer

Account Store Friendly Name

account_store_friendly_name

String

Valid From

valid_from

Date/Time

Allow Join Requests

allow_join_requests

Boolean

Valid Until

valid_until

Date/Time

Email

email

String

Description

description

String

Valid From

valid_from

Date/Time

Instructions

instructions

String

Valid Until

valid_until

Date/Time

Owner Assignee ID

owner_assignee_id

String

Description

description

String

Owner Login Name

owner_login_name

String

Notes

notes

String

Owner Friendly Name

owner_friendly_name

String

Owner Assignee ID

owner_assignee_id

String

Owner Email

owner_email

String

Owner Login Name

owner_login_name

String

Extension Attribute 1

extension_attribute_1

String

Owner Friendly Name

owner_friendly_name

String

Extension Attribute 2

extension_atrtibute_2

String

Owner Email

owner_email

String

Extension Attribute 3

extension_attribute_3

String

Extension Attribute 1

extension_attribute_1

String

Extension Attribute 4

extension_attribute_4

String

Extension Attribute 2

extension_attribute_2

String

Extension Attribute 5

extension_attribute_5

String

Extension Attribute 3

extension_attribute_3

String

Extension Attribute 6

extension_attribute_6

String

Extension Attribute 4

extension_attribute_4

String

Extension Attribute 7

extension_attribute_7

String

Extension Attribute 5

extension_attribute_5

String

Extension Attribute 8

extension_attribute_8

String

Extension Attribute 6

extension_attribute_6

String

Extension Attribute 9

extension_attribute_9

String

Extension Attribute 7

extension_attribute_7

String

Extension Attribute 10

extension_attribute_10

String

Extension Attribute 8

extension_attribute_8

String

Extension Attribute 11

extension_attribute_11

String

Extension Attribute 9

extension_attribute_9

String

Extension Attribute 12

extension_attribute_12

String

Extension Attribute 10

extension_attribute_10

String

Extension Attribute 13

extension_attribute_13

String

Extension Attribute 11

extension_attribute_11

String

Extension Attribute 14

extension_attribute_14

String

Extension Attribute 12

extension_attribute_12

String

Extension Attribute 15

extension_attribute_15

String

Extension Attribute 13

extension_attribute_13

String

Sys ID

sys_id

Sys ID (GUID)

Extension Attribute 14

extension_attribute_14

String

Updates

sys_mod_count

Integer

Extension Attribute 15

extension_attribute_15

String

Updated By

sys_updated_by

String

Sys ID

sys_id

Sys ID (GUID)

Updated

sys_updated_by

String

Updates

sys_mod_count

Integer

Updated By

sys_updated_by

String

Updated

sys_updated_by

String

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue
Integrations
Anchor
integrations
integrations

The EmpowerID Orchestration Pack has

...

several defined inbound and outbound integration APIs

...

. These integrations form the core of communication between ServiceNow and EmpowerID. The API includes the following HTTP methods for the EmpowerID components affected by the Orchestration Pack's activities and workflows

...

. This information is included as reference material. To view it, expand the headings.

Expand
titleAPIs Exposed by ServiceNow

Authentication

Use basic authentication and admin user’s credentials

Read Management Roles

GetMgmtRolesGUID

This endpoint retrieves a list of Management Roles currently present in ServiceNow.

HTTP Request

Method: GET

Code Block
GET https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/getMgmtRolesGuid 

Header Key/Value Pairs

Key

Value

X-UserToken

Your access token

Accept

application/json

Content-Type

application/json

Response

Status Code 200 OK

Header Key/Value Pairs

Key

Value

Cache-Control

Your access token

Content-Encoding

gzip

Content-Type

application/json;charsetUTF-8

Date

Date / Time GMT

Expires

0

Pragma

no-store,no-cache

Server

ServiceNow

Strict-Transport-Security

max-age63072000; includeSubDomains

Transfer-Encoding

chunked

X-Is-Logged-In

true

X-Transaction-Id

85d3c5addb2u8

Response Body

JSON object containing a list of Management Role GUIDs.

cURL Example

Code Block
languagetext
curl "https://YourServiceNowInstance/api/x_36687_eid/eid/getMgmtRolesGuid" \
--request GET \
--header "Accept:application/json" \
--user 'admin':'admin'

Read Management Groups

GetMgmtGroupsGUID

This endpoint retrieves a list of Management Groups currently present in ServiceNow.

HTTP Request

Method: GET

Code Block
GET https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/getMgmtGroupsGuid 

Header Key/Value Pairs

Key

Value

X-UserToken

Your access token

Accept

application/json

Content-Type

application/json

Response

Status Code 200 OK

Header Key/Value Pairs

Key

Value

Cache-Control

Your access token

Content-Encoding

gzip

Content-Type

application/json;charsetUTF-8

Date

Date / Time GMT

Expires

0

Pragma

no-store,no-cache

Server

ServiceNow

Strict-Transport-Security

max-age63072000; includeSubDomains

Transfer-Encoding

chunked

X-Is-Logged-In

true

X-Transaction-Id

85d3c5addb2u8

Response Body

JSON object containing a list of Management Group GUIDs

cURL Example

Code Block
languagetext
curl "https://YourServiceNowInstance/api/x_36687_eid/eid/getMgmtGroupsGuid" \
--request GET \
--header "Accept:application/json" \
--user 'admin':'admin'

Create Management Roles

MgmtRoles

This endpoint is used to create / push Management Roles from EmpowerID to ServiceNow

HTTP Request

Method: POST

Code Block
POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/mgmtroles 

Request Data

Request data is sent to the API in JSON format.

Code Block
[ //Array of records
  {
    ‘<column name>’: ‘<value>’
    'management_role_guid': 'd9896948-b708-420e-ae6c-4cb038180159',
    'friendly_name':'Friendly Name Five',
    'valid_from': '2018-07-31 21:43:11',
    'valid_until': '2018-08-22 21:43:11',
    'description': 'Test Description Five',
    'name': 'Five Management Role',
    .
    .
    .
  },
  {
    'management_role_guid': 'd9896948-b908-420e-ae6c-4cb038180159',
    'friendly_name':'Friendly Name Six',
    'valid_from': '2018-07-31 21:43:11',
    'valid_until': '2018-08-22 21:43:11',
    'description': 'Test Description Six'
  },
  .
  .
  .
]

Element

Description

Type

Required

management_role_guid

GUID of the Management Role

String

Yes

friendly_name

Display Name of the Management Role

String

Yes

valid_from

Beginning date and time the Management Role is valid

Date/Time

Yes

valid_until

Ending date and time the Management Role is valid

Date/Time

Yes

description

Description of the Management Role

String

Yes

name

Name of the Management Role

String

Yes

auto_accept_join_leave_requests

Accept join and leave requests without requiring approval

Boolean

Yes

email

Email address for the Management Role

String

Yes

instructions

Instructions about the Management Role

String

Yes

is_high_security

Is the role high security?

Boolean

Yes

owner_assignee_id

ID of the EmpowerID Person owning the Management Role

Integer

Yes

owner_email

Email address of the EmpowerID Person owning the Management Role

String

Yes

owner_friendly_name

Friendly Name of the EmpowerID Person owning the Management Role

String

Yes

owner_logon_name

Logon Name of the EmpowerID Person owning the Management Role

String

Yes

requestable

Can users request access to the

...

Boolean

...

Yes

...

risk_factor_total

...

Risk factor of the role

...

role?

Boolean

Yes

risk_factor_total

Risk factor of the role

Integer

Yes

extension_attribute_1

Extension attribute

String

Yes

extension_attribute_2

Extension attribute

String

Yes

extension_attribute_3

Extension attribute

String

Yes

extension_attribute_4

Extension attribute

String

Yes

extension_attribute_

...

5

Extension attribute

String

Yes

extension_attribute_

...

6

Extension attribute

String

Yes

extension_attribute_

...

7

Extension attribute

String

Yes

extension_attribute_

...

8

Extension attribute

String

Yes

extension_attribute_

...

9

Extension attribute

String

Yes

extension_attribute_

...

10

Extension attribute

String

Yes

extension_attribute_

...

11

Extension attribute

String

Yes

extension_attribute_

...

12

Extension attribute

String

Yes

extension_attribute_

...

13

Extension attribute

String

Yes

extension_attribute_

...

14

Extension attribute

String

Yes

extension_attribute_

...

15

Extension attribute

String

...

Yes

...

extension_attribute_12

...

Extension attribute

...

String

...

Yes

...

extension_attribute_13

...

Extension attribute

...

String

...

Yes

...

extension_attribute_14

...

Extension attribute

...

String

...

Yes

...

extension_attribute_15

...

Extension attribute

...

String

...

Yes

Create Management Groups

MgmtGroups

This endpoint is used to create / push Management Groups from EmpowerID to ServiceNow

HTTP Request

Method: POST

Code Block
POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/mgmtgroups 

Request Data

Request data is sent to the API in JSON format.

...

Yes

Create Management Groups

MgmtGroups

This endpoint is used to create / push Management Groups from EmpowerID to ServiceNow

HTTP Request

Method: POST

Code Block
POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/mgmtgroups 

Request Data

Request data is sent to the API in JSON format.

Code Block
[ //Array of records
  {
    ‘<column name>’: ‘<value>’
    'group_guid': 'd9896948-b708-420e-ae6c-4cb038180159',
    'friendly_name':'Friendly Name Five',
    'valid_from': '2018-07-31 21:43:11',
    'valid_until': '2018-08-22 21:43:11',
    'description': 'Test Description Five',
    'name': 'Five Group',
    .
    .
    .
  },
  {
    'management_role_guid': 'd9896948-

...

b908-420e-ae6c-4cb038180159',
    'friendly_name':'Friendly Name 

...

Six',
    'valid_from': '2018-07-31 21:43:11',
    'valid_until': '2018-08-22 21:43:11',
    'description': 'Test Description 

...

Six'

...


  

...

},
  

...

.

...


...

 

...

 .
  

...

Element

...

Description

...

Type

...

Required

...

group_guid

...

GUID of the group

...

String

...

Yes

...

friendly_name

...

.
]

Element

Description

Type

Required

group_guid

GUID of the group

String

Yes

friendly_name

Display Name of the group

String

Yes

distinguished_name

Distinguished name of the group

String

Yes

account_store_distinguished_name

Distinguished name of the account store the group belongs to

String

Yes

valid_from

Beginning date and time the group is valid

Date/Time

Yes

valid_until

Ending date and time the group is valid

Date/Time

Yes

description

Description of the group

String

Yes

name

Name of the group

String

Yes

allow_join_requests

Can users request to join the group?

Boolean

Yes

auto_accept_join_leave_requests

Accept join and leave requests without requiring approval

Boolean

Yes

email

Email address of the group

String

Yes

...

distinguished_name

notes

Notes about the group

String

Yes

...

is_

...

high_

...

security_

...

Distinguished name of the account store the group belongs to

...

group

Is the group high security?

Boolean

Yes

...

owner_assignee_

...

id

ID of the EmpowerID Person owning the group

...

...

Integer

Yes

...

owner_

...

Ending date and time the group is valid

...

Date/Time

...

Yes

...

description

...

email

Email address of the EmpowerID Person owning the group

String

Yes

owner_friendly_name

Friendly Name of the EmpowerID Person owning the group

String

Yes

owner_logon_name

Logon Name of the EmpowerID Person owning the group

String

Yes

...

extension_

...

attribute_

...

Can users request to join the group?

...

1

Extension attribute

String

Yes

...

extension_

...

Accept join and leave requests without requiring approval

...

Boolean

...

Yes

...

email

...

attribute_2

Extension attribute

String

Yes

extension_attribute_3

Extension attribute

String

Yes

...

notes

extension_attribute_4

Extension attribute

String

Yes

...

extension_

...

attribute_

...

Is the group high security?

...

5

Extension attribute

String

Yes

...

extension_

...

attribute_

...

ID of the EmpowerID Person owning the group

...

6

Extension attribute

String

Yes

...

extension_attribute_

...

7

Extension attribute

String

Yes

...

extension_

...

attribute_

...

8

Extension attribute

String

Yes

...

extension_

...

attribute_

...

9

Extension attribute

String

Yes

extension_attribute_

...

10

Extension attribute

String

Yes

extension_attribute_

...

11

Extension attribute

String

Yes

extension_attribute_

...

12

Extension attribute

String

Yes

extension_attribute_

...

13

Extension attribute

String

Yes

extension_attribute_

...

14

Extension attribute

String

Yes

extension_attribute_

...

Extension attribute

...

String

...

Yes

...

extension_attribute_7

...

Extension attribute

...

String

...

Yes

...

extension_attribute_8

...

Extension attribute

...

String

...

Yes

...

extension_attribute_9

...

Extension attribute

...

String

...

Yes

...

extension_attribute_10

...

Extension attribute

...

String

...

Yes

...

extension_attribute_11

...

Extension attribute

...

String

...

Yes

...

extension_attribute_12

...

Extension attribute

...

String

...

Yes

...

extension_attribute_13

...

Extension attribute

...

String

...

Yes

...

extension_attribute_14

...

Extension attribute

...

String

...

Yes

...

extension_attribute_15

...

Extension attribute

...

String

...

Yes

Delete Management Roles

...

15

Extension attribute

String

Yes

Delete Management Roles

deleteMgmtRoles

Use this endpoint to delete EmpowerID Management Roles currently present in ServiceNow.

HTTP Request

Method: POST

Code Block
POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/deleteMgmtRoles 

Header Key/Value Pairs

Key

Value

X-UserToken

Your access token

Accept

application/json

Content-Type

application/json

Response

Status Code 200 OK

Header Key/Value Pairs

Key

Value

Content-Encoding

gzip

Date

Date / Time GMT

Server

ServiceNow

Strict-Transport-Security

max-age63072000; includeSubDomains

Transfer-Encoding

chunked

X-Is-Logged-In

true

X-Transaction-Id

85d3c5addb2u8

cURL Example

Code Block
languagetext
curl "https://YourServiceNowInstance/api/x_36687_eid/eid/deleteMgmtRoles" \
--request POST \
--header "Accept:application/json" \
--user 'admin':'admin'

Delete Management Groups

deleteMgmtGroups

Use this endpoint to delete EmpowerID

...

Groups currently present in ServiceNow.

HTTP Request

Method: POST

Code Block
POST https://{FQDN_Of_Your_ServiceNow_Instance}/api/x_36687_eid/eid/

...

deleteMgmtGroups 

Header Key/Value Pairs

Key

Value

X-UserToken

Your access token

Accept

application/json

Content-Type

application/json

Response

Status Code 200 OK

Header Key/Value Pairs

Key

Value

Content-Encoding

gzip

Date

Date / Time GMT

Server

ServiceNow

Strict-Transport-Security

max-age63072000; includeSubDomains

Transfer-Encoding

chunked

X-Is-Logged-In

true

X-Transaction-Id

85d3c5addb2u8

cURL Example

Code Block
languagetext
curl "https://YourServiceNowInstance/api/x_36687_eid/eid/

...

deleteMgmtGroups" \
--request POST \
--header "Accept:application/json" \
--user 'admin':'admin'

Delete Management Groups

deleteMgmtGroups

Use this endpoint to delete EmpowerID Groups currently present in ServiceNow.

HTTP Request

Method: POST

Expand
titleEmpowerID APIs Consumed by ServiceNow

There are 3 main tasks performed in EmpowerID workflows within ServiceNow that are accomplished by making an API call to EmpowerID application. These tasks are as below:

  1. Create Employee

  2. Assign Group

  3. Assign Management Role

To invoke the above API calls, the identity making the call must have a valid token. For information on getting a token, see Getting an Access Token.

Create Employee

HTTP Method: POST

Endpoint

Code Block
https://{FQDN_

...

OF_Your_

...

EmpowerID_Web_

...

Server}/api/

...

Header Key/Value Pairs

...

Key

...

Value

...

X-UserToken

...

Your access token

...

Accept

...

application/json

...

Content-Type

...

application/json

Response

...

services/v1/workflow/start

Header Key/Value Pairs

Key

Value

...

Content-Encoding

...

gzip

...

Date

...

Date / Time GMT

...

Server

...

ServiceNow

...

Strict-Transport-Security

...

max-age63072000; includeSubDomains

...

Transfer-Encoding

...

chunked

...

X-Is-Logged-In

...

true

...

X-Transaction-Id

...

85d3c5addb2u8

Authorization

Bearer ${token}

X-EmpowerID-API-Key

f0f46cce-7cd1-4c34-8f7e-d54e96a2ab41

Content-Type

application/json

Request Data

Request data is sent to the API in JSON format.

Code Block
language

...

curl "https://YourServiceNowInstance/api/x_36687_eid/eid/deleteMgmtGroups" \
--request POST \
--header "Accept:application/json" \
--user 'admin':'admin'

...

titleEmpowerID APIs Consumed by ServiceNow

There are 3 main tasks performed in EmpowerID workflows within ServiceNow that are accomplished by making an API call to EmpowerID application. These tasks are as below:

  1. Create Employee

  2. Assign Group

  3. Assign Management Role

To invoke the above API calls, the identity making the call must have a valid token. For information on getting a token, see Getting an Access Token.

Create Employee

HTTP Method: POST

Endpoint

Code Block
https://{FQDN_OF_Your_EmpowerID_Web_Server}/api/services/v1/ExecuteWorkflow/start

Header Key/Value Pairs

...

Key

...

Value

...

Authorization

...

Bearer ${token}

...

X-EmpowerID-API-Key

...

f0f46cce-7cd1-4c34-8f7e-d54e96a2ab41

...

Content-Type

...

application/json

Request Data

Request data is sent to the API in JSON format.

...

json
{
    "Name": "SNOWCreatePersonAdvanced",
    "InputParameters": {
        "TargetPerson": {
            "LastName": "${FirstName}",
            "FirstName": "${LastName}",
            "Password": "${Password}",
            "Email": "${Email}",
            "Login": "${Username}",
            "Company": "${Company}",
            "Department": "${Department}",
            "Title": "${Title}",
            "Telephone": "${PhoneNumber}"
        },
        "GroupsToAddGuids": "${MgmtGroupsToAdd}",
        "GroupRequestInitiator": "${GroupRequestInitiator}",
        "

...

GroupRequestApprover": "${

...

GroupRequestApprover}",
        "

...

GroupStartAccess": "${

...

GroupStartAccess}",
        "

...

GroupEndAccess": "${

...

GroupEndAccess}",
        "

...

ManagementRoleToJoinGuids": "${

...

MgmtRolesToAdd}",
        "

...

ManagementRoleRequestInitiator": "${

...

RolesRequestInitiator}",
      

...

  

...

"

...

ManagementRoleRequestApprover"

...

: "${

...

RolesRequestApprover}",

...

        "ManagementRoleStartAccess": "${

...

RoleStartAccess}",
  

...

 

...

 

...

 

...

 

...

 

...

 

...

"

...

ManagementRoleEndAccess"

...

: "${

...

RoleEndAccess}",
        "

...

RequestID"

...

: "${

...

RequestID}",

...


        "Manager": "${

...

Manager}",

...


        "AccountStoreGUID": "F4047F57-0AFE-478D-BB2B-2E5F6E8C50FE"
    },
    "OutputParameters": [
        "BusinessProcessTaskID"
    ]
}

Assign Group

HTTP Method: POST

Endpoint

Code Block
https://{FQDN_OF_Your_EmpowerID_Web_Server}/api/services/v1/

...

workflow/start

Header Key/Value Pairs

Key

Value

Authorization

Bearer ${token}

X-EmpowerID-API-Key

f0f46cce-7cd1-4c34-8f7e-d54e96a2ab41

Content-Type

application/json

Request Data

Request data is sent to the API in JSON format.

Code Block
languagejson
{
  "Name": "SnowUpdatePersonDirectAssignment",
  "InputParameters":

...

 {
    "TargetPersonLogonName"

...

: "${TargetPersonLogin}",
    "GroupsToAddGuids"

...

: "${GroupToAssign}",
    "GroupsToRemoveGuids"

...

: "${GroupsToRemove}",
  

...

  "RequestInitiator"

...

: "${Requester}",

...

    "RequestApprover"

...

: "${Approver}",
    

...

"AccountStoreGUID"

...

: "F4047F57-0AFE-478D-BB2B-2E5F6E8C50FE"
  },
  "OutputParameters": [
    "BusinessProcessTaskID"
  ]
}

Assign Management Role

HTTP Method: POST

Endpoint

Code Block
https://{FQDN_OF_Your_EmpowerID_Web_Server}/api/services/v1/

...

workflow/start

Header Key/Value Pairs

Key

Value

Authorization

Bearer ${token}

X-EmpowerID-API-Key

f0f46cce-7cd1-4c34-8f7e-d54e96a2ab41

Content-Type

application/json

Request Data

Request data is sent to the API in JSON format.

Code Block
language

...

json
{
    "Name": "SNOWUpdatePersonMgmtRole",
    "InputParameters": {
 

...

       "TargetPersonLogonName"

...

: "${TargetPersonLogin}",
        "ManagementRoleToJoinGuids"

...

: "${ManagementRoleToJoin}",
        "ManagementRoleToLeaveGuids"

...

: "${ManagementRoleToLeave}",

...

        "RequestInitiator"

...

: "${Requester}",

...


        "RequestApprover"

...

: "${Approver}",

...

        "AccountStoreGUID": "F4047F57-0AFE-478D-BB2B-2E5F6E8C50FE",
        "StartAccess": "${

...

StartDate}",
        "

...

EndAccess"

...

: "${

...

EndDate}"
    },
    

...

"

...

OutputParameters"

...

: [
        "BusinessProcessTaskID"
    

...

]
}

Macrosuite divider macro
dividerWidth80
dividerTypetext-with-icon
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight3
labelPositionmiddle
textAlignmentcenter
iconColor#0052CC
iconSize25
fontSizemedium
textNext Steps
emojiEnabledfalse
dividerIconbootstrap/BarChartSteps
dividerColor#DFE1E6

Deploy the Orchestration Pack to ServiceNow

Extend ServiceNow with the Orchestration Pack

Configure Service Catalog Requests

Div
stylefloat:left; position:fixed;
idarticleNav

IN THIS ARTICLE

Table of Contents
minLevel2
maxLevel2
outlinefalse
stylenone
typelist
printablefalse