Once you connect EmpowerID to ServiceNow, your ServiceNow developers can configure ServiceNow to create EmpowerID objects via service catalog requests. This topic demonstrates how to configure ServiceNow to add an EmpowerID group service catalog request.
To configure ServiceNow to create EmpowerID groups, you need the following values from EmpowerID.
These values authenticate EmpowerID to ServiceNow. You also need an admin account in EmpowerID to supply ServiceNow with the credentials to create groups in EmpowerID. |
In ServiceNow, you need to create the following, all of which are covered in this topic.
The OAuth provider contains the information needed to connect with EmpowerID so that REST messages can be passed.
Client ID - The GUID from your EmpowerID OAuth application Client ID (Key)
To find your EmpowerID OAuth settings in the web UI, expand Admin, then SSO Connections, and click OAuth. You can find all of the client settings in the DefaultEmpowerIDOauthApplication. |
Add two columns to the ServiceNow Request table to use in the Resume HTTP method parameters. The Resume method collects these values, along with the IsApproved value, via the HTTP query parameter script to pass to EmpowerID.
The REST message is what passes information between ServiceNow and the EmpowerID REST API. It uses three methods to communicate via EmpowerID's anonymous endpoints. One method passes access tokens, another responds to group requests created in EmpowerID with approval or rejection, and the third notifies EmpowerID to create a group from a request in the ServiceNow services catalog.
Value - your EmpowerID OAuth application API key
You can find your OAuth application API key in EmpowerID by expanding Admin, then SSO Connections,and selecting OAuth. Click to open the DefaultSystemOAuthApplication (not the same as the one with the OAuth client keys), then click the Display Name to open it for editing. There you can copy the API Key for use in ServiceNow. |
Click the link, supply your EmpowerID admin username and password, and click Get OAuth Token.
If you are testing this in a lab setting, be sure to make your machine URL public so that ServiceNow can find it, and be sure that the same FQDN is in EmpowerID configurator for the web server and CDN server. |
Next to HTTP Methods, click the New button to create a new POST method. Create three in total, with the following settings. (Click Submit after each to return to the main REST Message page where you can add the next.)
|
|
|
The Approval table, where ServiceNow tracks EmpowerID group approval requests and their results, needs a business rule to pass values to the REST message.
On the Advanced tab, paste this script to replace the default stub.
(function executeRule(current, previous /*null when async*/) { // Code to create response for EmpowerID and update the Approval table try { var r = new sn_ws.RESTMessageV2("EmpowerID API", "Access Token"); var response = r.execute(); var responseBody = response.getBody(); var parser = new JSONParser(); var parsed = parser.parse(responseBody); var t = parsed.access_token; var regRecord = current.document_id.getRefRecord(); if(regRecord.getValue('u_workflow_instance_id') != null) { var r1 = new sn_ws.RESTMessageV2("EmpowerID API", "Resume"); r1.setStringParameterNoEscape("Token", t); r1.setStringParameterNoEscape("WorkflowInstanceID", regRecord.getValue('u_workflow_instance_id')); r1.setStringParameterNoEscape("CorrelationId", regRecord.getValue('u_correlation_id')); r1.setStringParameterNoEscape("IsApproved", current.state); var response1 = r1.execute(); var responseBody1 = response1.getBody(); var httpStatus1 = response1.getStatusCode(); } else { var req_item = new GlideRecord('sc_req_item'); req_item.addQuery('request', regRecord.sys_id); req_item.query(); if(req_item.next()) { var r2 = new sn_ws.RESTMessageV2("EmpowerID API", "Default POST"); r2.setStringParameterNoEscape("Token", t); r2.setStringParameterNoEscape("Name", req_item.variables["group_name"].toString()); r2.setStringParameterNoEscape("Description", req_item.variables["group_description"].toString()); r2.setStringParameterNoEscape("Decision", current.state); var response2= r2.execute(); var responseBody2= response2.getBody(); var httpStatus2 = response2.getStatusCode(); } } } catch(ex) { var message = ex.getMessage(); } })(current, previous); |
This is where you set up the workflow to run when a user requests an EmpowerID group from the service catalog.
In the window that pops up when you drag each activity from a folder under Core Activities onto the workflow, use the settings in the boxes below the image.
From the Utilities folder, drag the Set Values activity onto the form and set it up with these values.
|
From the Conditions folder, drag the If activity onto the form and set it up with these values.
|
From the Approvals folder, drag the Approval - User activity onto the form and set it up with these values.
|
From the Approvals folder, drag the Approval Action activity onto the form and set it up with these values.
|
From the Approvals folder, drag the Approval Action activity onto the form and set it up with these values.
|
The service catalog request provides a page in the ServiceNow service catalog where users can request a new EmpowerID group.
On the Approved By tab at the bottom of the page, click Edit to add an approver for EmpowerID group requests.
In the London version of ServiceNow, System Administrator is set by default, so you can skip this step. |
Once you have connected EmpowerID to ServiceNow, you can view and manage the users and groups associated with it from the ServiceNow Manager page in EmpowerID, located at "https://YourEmpowerIDServer/UI/#Common/Find/ServiceNowManager." |
|