/
Configuring Service Catalog Requests

Configuring Service Catalog Requests

Once you connect EmpowerID to ServiceNow, your ServiceNow developers can configure ServiceNow to create EmpowerID objects via service catalog requests. This topic demonstrates how to configure ServiceNow to add an EmpowerID group service catalog request.


Prerequisites

To configure ServiceNow to create EmpowerID groups, you need the following values from EmpowerID.

ValueDescription
Usernamefor the EmpowerID admin
Passwordfor the EmpowerID admin
Fully Qualified Domain Name(FQDN)

part of the URL that you use to log in--the bold portion of this example URL:

https:// sso.empowersso.com/EmpowerID/

OAuth Client IDOAuth client information is in Admin > SSO Connections > OAuth, in the DefaultEmpowerIDOAuthApplication
OAuth Client SecretOAuth client information is in Admin > SSO Connections > OAuth, in the DefaultEmpowerIDOAuthApplication
OAuth Application API KeyOAuth app information is in AdminSSO ConnectionsOAuth, in the DefaultSystemOAuthApplication
ServiceNow Account Store IDfind the account store in AdminApplications and DirectoriesAccount Stores and Systems then click to find the Account Store ID
ServiceNow OrgZoneIDfind the ServiceNow location in IdentitiesBusiness Roles and LocationsLocations 

These values authenticate EmpowerID to ServiceNow. You also need an admin account in EmpowerID to supply ServiceNow with the credentials to create groups in EmpowerID.

In ServiceNow, you need to create the following, all of which are covered in this topic.

  • An OAuth provider that contains the information needed to connect with EmpowerID so that REST messages can be passed.
  • Two new properties in the Request [sc_request] table to use in the Resume HTTP method of the REST message.
    • workflowinstanceid
    • workflowcorrelationid
  • A REST message that calls the EmpowerID REST API with three POST HTTP methods.
    • Default POST: for starting the workflow on the ServiceNow side
    • Access Token: to get an access token for web API calls
    • Resume Workflow POST: for starting the workflow on the EmpowerID side
  • A Business Rule on the Approval table that tracks EmpowerID group requests in the Approval table, and passes values to the REST message.
  • A ServiceNow workflow to handle user requests from the service catalog.
  • A service catalog request so users can request EmpowerID groups through ServiceNow.

To create an OAuth provider

The OAuth provider contains the information needed to connect with EmpowerID so that REST messages can be passed.

  1. Log in to your ServiceNow instance, and in the navigation pane, search for Application Registry and select it.



  2. Above the list of Application Registries, click the New button, and select Connect to a third party OAuth Provider.



  3. Configure the new Application Registry with the following settings. (Skipped settings retain their default values.)
    • Name - EID
    • Client ID - The GUID from your EmpowerID OAuth application Client ID (Key)

      To find your EmpowerID OAuth settings in the web UI, expand Admin, then SSO Connections, and click OAuth. You can find all of the client settings in the DefaultEmpowerIDOauthApplication.

    • Client Secret - The GUID from your EmpowerID OAuth application Client Secret
    • OAuth API Script - Click the search icon and select OAuthUtil.
    • Authorization URL - https://FQDN/oauth/v2/ui/authorize
      Replace "FQDN" with the fully qualified domain name of your EmpowerID server (e.g. sso.empoweriam.com).
    • Token URL - https://FQDN/oauth/v2/token
    • Redirect URL - https://FQDN/WebIdPForms/oauth/v2