Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
The EmpowerID Orchestration Pack for ServiceNow provides ServiceNow process designers with is a comprehensive suite of tools that helps process designers enhance ServiceNow business processes. It includes workflow activities, web services, example workflows, and flows to embed that work seamlessly with EmpowerID capabilities within their ServiceNow business processes. EmpowerID includes a job that synchronizes and environments. One of the key features of this integration is the synchronization job from EmpowerID, which maintains an up-to-date list of requestable groups and roles from the EmpowerID Identity Warehouse to in custom tables in your within ServiceNow tenants. Using
With the embedded EmpowerID workflow activities embedded in your ServiceNow workflows, users can easily request access to entitlements in any EmpowerID-connected system across various systems connected to EmpowerID directly from the familiar ServiceNow Service Catalog. In addition, the Orchestration Pack can integrate This integration provides a unified access point for all user entitlement needs, streamlining the process and enhancing user experience.
The orchestration pack also introduces the EmpowerID Bot, an AI-powered chatbot virtual assistant, into the EmpowerID Bot, into ServiceNow . With the bot, users can perform secure self-service, such as resetting their passwords, at any time within the ServiceNow portal.
The orchestration pack allows you to incorporate the power of platform. This chatbot enhances ServiceNow's self-service capabilities, enabling users to perform secure tasks such as password resets autonomously within the portal.
In addition, the orchestration pack includes EmpowerID's Compliant Access Delivery platform into your business processes, enhancing those processes with EmpowerID's , which augments existing business processes with robust end-to-end security . This and ensures that only authorized users with the necessary access level can initiate any ServiceNow business process that uses the activities within the pack, routing those processes for further approval where required. Upon approval, immediate fulfillment occurs critical business processes. These processes are configured to route through necessary approval workflows, leading to immediate fulfillment in ServiceNow and any other integrated target systems. EmpowerID maintains an audit log of these processes that is permanently stored in the Identity Warehouse with the details of keeps a record of all processes within ServiceNow using the flow or workflow activities in the orchestration pack. This audit log contains information on the "who, what, where, and when." This gives you " of the activity, and it is permanently stored in the Identity Warehouse, providing complete visibility over any activity occurring in ServiceNow that uses the flow or workflow activities in the orchestration pack.
Example Workflows
Example workflows included in the orchestration pack include those listed below. While these example workflows can be used in production without modification, they are intended to be leveraged by ServiceNow process designers in existing and future workflows. For an example of using an EmpowerID workflow as a subflow for another workflow, see Extend ServiceNow with the Orchestration Pack.
EID – New Hire
This workflow is built to create a new user using the EmpowerID APIs. The workflow invokes the Admin Approval activity when Here’s a detailed overview of each step in the workflow:
Admin Approval Activity: When a new hire request is submitted
, the workflow triggers the "Admin Approval" activity. This step currently serves as a placeholder for sending an approval request to the system administrator. Its purpose is to demonstrate how approvals
are managed within the workflow.
Approval Outcome Handling:
If Approved: If the system administrator approves the request, the workflow advances to the next step.
If Rejected: If the request is rejected, the workflow marks the request as "Closed Incomplete," and the process terminates here. This ensures that no further action is taken on an unapproved request.
Run Script Block Execution: Following approval, the workflow executes the "Run Script" block. This script block is crucial as it receives input parameters from the submitted request form
. These parameters are essential for making the correct API call to EmpowerID
.
API Call and User Creation: Utilizing the parameters obtained from the request form, the workflow calls the EmpowerID API to create a new user account. The specifics of this API call, including the necessary parameters and the API endpoint, are detailed in this document's "Integrations" section.
Completion of the Workflow: Once the API call is successfully made and the new user account is created, the workflow updates the status of the request to "Closed Complete," signaling the end of the process.
EID – Add User to Group
This workflow is built to add users to a group within EmpowerID. When a request is submitted using this workflow, it runs a script block named The "EID – Add User to Group" workflow facilitates adding users to specific groups within EmpowerID, enhancing group management and access control. This workflow interfaces directly with EmpowerID's API, allowing for seamless integration and execution of group membership changes. Below is a step-by-step explanation of the workflow:
Subflow Variable Mapping: Initially, when a request is submitted, the workflow executes a script block titled “Subflow variable mapping.” This
step is critical, especially if the workflow is intended as a subflow
within an existing customer workflow. It ensures that all variables and parameters from the main flow are accurately mapped and available for the subflow, maintaining consistency and accuracy in data handling.
Approval Process: The
subsequent step involves an approval activity, typically overseen by the system administrator.
This step validates the request before proceeding with modifications to user group assignments.
If Approved: The workflow moves to the next stage, proceeding with the necessary API call to EmpowerID.
If Rejected: If the approval is not granted, the workflow marks the
request as “Closed
EID – Request Management Role
This workflow is built to associate a management role to a user within EmpowerID for a specified duration of time. At the very beginning, the workflow runs a script block that deals with variable mapping in the case when this workflow is being used as a subflow. The second step is the approval activity, which is currently approved by the system administrator. Once approved (if rejected, the workflow sets the state of the request as “closed incomplete” and ends here), the workflow continues to the third step, which is where the actual API call to EmpowerID is made with all required parameters. Please refer to this document's Integrations section to know more about the API's details. After the successful call, workflow marks the state of the RITM as “Closed Complete” and ends.
Image RemovedExample Flows
EmpowerID provides custom flows within the orchestration package to automate specific tasks within the ServiceNow platform. These flows offer functionalities similar to those covered in EmpowerID workflows. The flows can be seamlessly integrated into your existing processes or modified to meet your unique requirements.
EID – New Hire Flow
This EID - New Hire is designed to create a new user by utilizing the EmpowerID APIs. Whenever a new hire request is submitted, the flow triggers the Admin Approval activity. This activity sends an approval request to the system administrator to decide on the approval process. If the admin rejects the request, it is marked as "closed incomplete," and the flow ends. Once the system admin approves the request, the flow proceeds, and the input parameters from the submitted request form are used to trigger the API call to EmpowerID. You can find more information about this API call in the Integrations section of this document. Once the API call is made successfully, the request is marked as "closed complete," and the flow ends.
Image Removed
EID – Add User to Group Flow
This flow is designed to add users to a group in EmpowerID. When a request is submitted, the flow retrieves the catalog item variable. The next step is the Approval activity, which the manager currently approves. Once approved, the flow moves to the third step, where an API call to EmpowerID is made with all required parameters. The details of the API can be found in the Integrations section of this article. If the request is rejected, the flow sets the state of the request as “closed incomplete” and stops. After a successful call, the flow marks the state of the RITM as “Closed Complete” and ends.
Image RemovedEID – Request Management Role
This flow is designed to assign a management role to a user in EmpowerID for a specific period of time. Initially, the flow retrieves the catalog variables from EID by requesting the management role. The second step involves an approval activity, which is approved by the approver designated to the management role or the default approver. If the request is rejected, the flow will set the request's state to "closed incomplete" and end. After approval, the flow proceeds to the third step, where the necessary parameters are used to make an API call to EmpowerID. For more information on the API's specifics, please refer to the Integrations section of this document. The flow marks the RITM's state as "Closed Complete" upon a successful call and ends.
Image RemovedData Model
The Orchestration Pack data model includes custom Groups and Management Roles data required for the EmpowerID workflows. In order to keep the customer namespace uncluttered, EmpowerID does not use the default out-of-the-box tables for groups and roles, as many EmpowerID-specific attributes need to be maintained. The data for these custom tables is updated by EmpowerID via inbound API.
Tables
Groups (x_36687_eid_groups)
Management Roles (x_36687_eid_management_roles)
Column Label
Column Name
Type
Column Label
Column Name
Type
Group GUID (PK)
group_guid
String
Management Role GUID (PK)
management_role_guid
String
Name
name
String
Name
name
String
Incomplete,” and the process is terminated immediately. This ensures that no unauthorized changes are made.
API Integration and Execution: Upon receiving approval, the workflow executes an API call to EmpowerID. This call is crafted with all the required parameters directly submitted with the request or derived from the initial script block. The specifics of this API call, such as the endpoint and the parameters needed, are detailed in the "Integrations" section of the accompanying documentation.
Workflow Completion: Following a successful API call that adds the user to the designated group, the workflow updates the status of the Request Item (RITM) to “Closed Complete.” At this point, the process concludes, marking the successful addition of a user to a group.
EID – Request Management Role
The "EID – Request Management Role" workflow associates a management role with a user within EmpowerID for a designated period. This workflow ensures a streamlined role assignment process through several structured steps:
Initialization and Variable Mapping: At the beginning of the workflow, a script block is executed to handle variable mapping. This step is crucial, especially when the workflow is utilized as a subflow within another process, as it ensures that all variables are accurately aligned for subsequent steps.
Approval Process: The next step involves the approval activity, typically managed by the system administrator. This step determines the continuation of the workflow:
If Approved: The workflow moves to the API interaction phase.
If Rejected: The workflow sets the request status to “Closed Incomplete” and ends the process immediately.
API Interaction: Following approval, the workflow executes an API call to EmpowerID, using all the required parameters to assign the specified management role to the user. Detailed parameters and configuration for this API call can be found in the document's Integrations section.
Completion of the Workflow: After the successful API call, the workflow updates the Request Item (RITM) status to “Closed Complete,” marking the successful conclusion of the process.
Example Flows
EmpowerID provides custom flows within the orchestration package to automate specific tasks within the ServiceNow platform. These flows offer functionalities similar to those covered in EmpowerID workflows. The flows can be seamlessly integrated into your existing processes or modified to meet your unique requirements.
EID – New Hire
This EID - New Hire is designed to create a new user using the EmpowerID APIs. The flow triggers the Admin Approval activity whenever a new hire request is submitted. This activity sends an approval request to the system administrator to decide on the approval process. If the admin rejects the request, it is marked as "closed incomplete," and the flow ends. Once the system admin approves the request, the flow proceeds, and the input parameters from the submitted request form are used to trigger the API call to EmpowerID. You can find more information about this API call in the Integrations section of this document. Once the API call is made successfully, the request is marked as "closed complete," and the flow ends.
Image Added
EID – Add User to Group
This flow is designed to add users to a group in EmpowerID. When a request is submitted, the flow retrieves the catalog item variable. The next step is the Approval activity, which the manager currently approves. Once approved, the flow moves to the third step, where an API call to EmpowerID is made with all required parameters. The details of the API can be found in the Integrations section of this article. If the request is rejected, the flow sets the state of the request as “closed incomplete” and stops. After a successful call, the flow marks the state of the RITM as “Closed Complete” and ends.
Image AddedEID – Request Management Role
This flow is designed to assign a management role to a user in EmpowerID for a specific period of time. Initially, the flow retrieves the catalog variables from EID by requesting the management role. The second step involves an approval activity, which is approved by the approver designated to the management role or the default approver. If the request is rejected, the flow will set the request's state to "closed incomplete" and end. After approval, the flow proceeds to the third step, where the necessary parameters are used to make an API call to EmpowerID. For more information on the API's specifics, please refer to the Integrations section of this document. The flow marks the RITM's state as "Closed Complete" upon a successful call and ends.
Image AddedData Model
The Orchestration Pack data model includes custom Groups and Management Roles data required for the EmpowerID workflows. To keep the customer namespace uncluttered, EmpowerID does not use the default out-of-the-box tables for groups and roles, as many EmpowerID-specific attributes need to be maintained. EmpowerID updates the data for these custom tables via inbound API.
Tables
Groups (x_36687_eid_groups) | Management Roles (x_36687_eid_management_roles) | ||||
---|---|---|---|---|---|
Column Label | Column Name | Type | Column Label | Column Name | Type |
Group GUID (PK) | group_guid | String | Management Role GUID (PK) | management_role_guid | String |
Name | name | String | Name | name | String |
Distinguished Name | distinguished_name | String | Friendly Name | friendly_name | String |
Is High Security Group | is_high_security_goup | Boolean | String | ||
Auto Accept Join Leave Request | auto_accept_join_leave_requests | Boolean | Is High Security | is_high_security | Boolean |
Group Usage Type Friendly Name | group_usage_type_friendly_name | String | Auto Accept Join Leave Request | auto_accept_join_leave_requests | Boolean |
Friendly Name | friendly_name | String | Requestable | requestable | Boolean |
Logon Name | logon_name | String | Risk Factor Total | risk_factor_total | Integer |
Account Store Friendly Name | account_store_friendly_name | String | Valid From | valid_from | Date/Time |
Allow Join Requests | allow_join_requests | Boolean | Valid Until | valid_until | Date/Time |
String | Description | description | String | ||
Valid From | valid_from | Date/Time | Instructions | instructions | String |
Valid Until | valid_until | Date/Time | Owner Assignee ID | owner_assignee_id | String |
Description | description | String | Owner Login Name | owner_login_name | String |
Notes | notes | String | Owner Friendly Name | owner_friendly_name | String |
Owner Assignee ID | owner_assignee_id | String | Owner Email | owner_email | String |
Owner Login Name | owner_login_name | String | Extension Attribute 1 | extension_attribute_1 | String |
Owner Friendly Name | owner_friendly_name | String | Extension Attribute 2 | extension_atrtibute_2 | String |
Owner Email | owner_email | String | Extension Attribute 3 | extension_attribute_3 | String |
Extension Attribute 1 | extension_attribute_1 | String | Extension Attribute 4 | extension_attribute_4 | String |
Extension Attribute 2 | extension_attribute_2 | String | Extension Attribute 5 | extension_attribute_5 | String |
Extension Attribute 3 | extension_attribute_3 | String | Extension Attribute 6 | extension_attribute_6 | String |
Extension Attribute 4 | extension_attribute_4 | String | Extension Attribute 7 | extension_attribute_7 | String |
Extension Attribute 5 | extension_attribute_5 | String | Extension Attribute 8 | extension_attribute_8 | String |
Extension Attribute 6 | extension_attribute_6 | String | Extension Attribute 9 | extension_attribute_9 | String |
Extension Attribute 7 | extension_attribute_7 | String | Extension Attribute 10 | extension_attribute_10 | String |
Extension Attribute 8 | extension_attribute_8 | String | Extension Attribute 11 | extension_attribute_11 | String |
Extension Attribute 9 | extension_attribute_9 | String | Extension Attribute 12 | extension_attribute_12 | String |
Extension Attribute 10 | extension_attribute_10 | String | Extension Attribute 13 | extension_attribute_13 | String |
Extension Attribute 11 | extension_attribute_11 | String | Extension Attribute 14 | extension_attribute_14 | String |
Extension Attribute 12 | extension_attribute_12 | String | Extension Attribute 15 | extension_attribute_15 | String |
Extension Attribute 13 | extension_attribute_13 | String | Sys ID | sys_id | Sys ID (GUID) |
Extension Attribute 14 | extension_attribute_14 | String | Updates | sys_mod_count | Integer |
Extension Attribute 15 | extension_attribute_15 | String | Updated By | sys_updated_by | String |
Sys ID | sys_id | Sys ID (GUID) | Updated | sys_updated_by | String |
Updates | sys_mod_count | Integer | |||
Updated By | sys_updated_by | String | |||
Updated | sys_updated_by | String |
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
The EmpowerID Orchestration Pack has a number of several defined inbound and outbound integration APIs defined. These integrations form the core of communication between ServiceNow and EmpowerID. The API includes the following HTTP methods for the EmpowerID components affected by the Orchestration Pack's activities and workflows of the Orchestration Pack. This information is included as reference material. To view it, expand the headings.
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
AuthenticationUse basic authentication and admin user’s credentials Read Management RolesGetMgmtRolesGUIDThis endpoint retrieves a list of Management Roles currently present in ServiceNow. HTTP RequestMethod: GET
Header Key/Value Pairs
ResponseStatus Code 200 OK Header Key/Value Pairs
Response Body JSON object containing a list of Management Role GUIDs. cURL Example
Read Management GroupsGetMgmtGroupsGUIDThis endpoint retrieves a list of Management Groups currently present in ServiceNow. HTTP RequestMethod: GET
Header Key/Value Pairs
ResponseStatus Code 200 OK Header Key/Value Pairs
Response Body JSON object containing a list of Management Group GUIDs cURL Example
Create Management RolesMgmtRolesThis endpoint is used to create / push Management Roles from EmpowerID to ServiceNow HTTP RequestMethod: POST
Request DataRequest data is sent to the API in JSON format.
Create Management GroupsMgmtGroupsThis endpoint is used to create / push Management Groups from EmpowerID to ServiceNow HTTP RequestMethod: POST
Request DataRequest data is sent to the API in JSON format.
Delete Management RolesdeleteMgmtRolesUse this endpoint to delete EmpowerID Management Roles currently present in ServiceNow. HTTP RequestMethod: POST
Header Key/Value Pairs
ResponseStatus Code 200 OK Header Key/Value Pairs
cURL Example
Delete Management GroupsdeleteMgmtGroupsUse this endpoint to delete EmpowerID Groups currently present in ServiceNow. HTTP RequestMethod: POST
Header Key/Value Pairs
ResponseStatus Code 200 OK Header Key/Value Pairs
cURL Example
|
Expand | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||
There are 3 main tasks performed in EmpowerID workflows within ServiceNow that are accomplished by making an API call to EmpowerID application. These tasks are as below:
To invoke the above API calls, the identity making the call must have a valid token. For information on getting a token, see Getting an Access Token. Create EmployeeHTTP Method: POSTEndpoint
Header Key/Value Pairs
Request DataRequest data is sent to the API in JSON format. Code Block |
Assign GroupHTTP Method: POSTEndpoint
Header Key/Value Pairs
Request DataRequest data is sent to the API in JSON format.
Assign Management RoleHTTP Method: POSTEndpoint
Header Key/Value Pairs
Request DataRequest data is sent to the API in JSON format.
|
Macrosuite divider macro | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Deploy the Orchestration Pack to ServiceNow
Div | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
IN THIS ARTICLE
|