Once you connect EmpowerID to ServiceNow, your ServiceNow developers can configure ServiceNow to create EmpowerID objects via service catalog requests. This topic demonstrates how to configure ServiceNow to add an EmpowerID group service catalog request.
In ServiceNow, you need to create the following, all of which are covered in this topic.
AnOAuth providerthat contains the information needed to connect with EmpowerID so that REST messages can be passed.
Two newproperties in the Request [sc_request] tableto use in the Resume HTTP method of the REST message.
AREST messagethat calls the EmpowerID REST API with three POST HTTP methods.
Default POST: for starting the workflow on the ServiceNow side
Access Token: to get an access token for web API calls
Resume Workflow POST: for starting the workflow on the EmpowerID side
ABusiness Ruleon the Approval table that tracks EmpowerID group requests in the Approval table, and passes values to the REST message.
AServiceNow workflowto handle user requests from the service catalog.
Aservice catalog requestso users can request EmpowerID groups through ServiceNow.
To create an OAuth provider
The OAuth provider contains the information needed to connect with EmpowerID so that REST messages can be passed.
Log in to your ServiceNow instance, and in the navigation pane, search for Application Registry and select it.
Above the list of Application Registries, click theNewbutton, and selectConnect to a third party OAuth Provider.
Configure the new Application Registry with the following settings. (Skipped settings retain their default values.)
Client ID- The GUID from your EmpowerID OAuth application Client ID (Key)
Client Secret- The GUID from your EmpowerID OAuth application Client Secret
OAuth API Script- Click the search icon and selectOAuthUtil.
Authorization URL- https://FQDN/oauth/v2/ui/authorize Replace "FQDN" with the fully qualified domain name of your EmpowerID server (e.g. sso.empoweriam.com).
Token URL- https://FQDN/oauth/v2/token
Redirect URL- https://FQDN/WebIdPForms/oauth/v2
Scroll to the bottom, and on theOAuth Entity Profilestab, double-click the text Insert a new rowand enter these values.
Name- EID default_profile
Is default- true
Grant type- Resource Owner Password Credentials
ClickSubmitto save the OAuth provider.
To add new columns to the Request table
Add two columns to the ServiceNow Request table to use in the Resume HTTP method parameters. The Resume method collects these values, along with the IsApproved value, via the HTTP query parameter script to pass to EmpowerID.
Log in to your ServiceNow instance, and in the navigation pane, search forTablesand select the one underSystem Definition.
Above the list of Tables, change theGo todrop-down from Name to Label, and search for Request.
Click theRequest [sc_request]table.
On theColumnstab, click theNewbutton to add a newCorrelation IDcolumn with the following settings. (Skipped settings can retain their default values.)
Column label- Correlation ID
Column name- (autofills after a pause) u_correlation_id
Max length- 255
Click Submit to save the new column.
Back on theColumnstab, click theNewbutton to add a newWorkflow Instance IDcolumn with the following settings. (Skipped settings can retain their default values.)
Column label- Workflow Instance ID
Column name- (autofills after a pause) u_workflow_instance_id
Max length- 255
Click Submit to save the new column.
Back on the Request table, clickUpdateto save the new columns to the Request table.
To create a REST message
The REST message is what passes information between ServiceNow and the EmpowerID REST API. It uses three methods to communicate via EmpowerID's anonymous endpoints. One method passes access tokens, another responds to group requests created in EmpowerID with approval or rejection, and the third notifies EmpowerID to create a group from a request in the ServiceNow services catalog.
In the navigation pane, search for REST Message and select it.
Above the list of REST Messages, click theNewbutton.
Configure the new REST message with the following settings.
Name: EmpowerID API Take note of the name you use, as it is used in theCreating an Approval Business Rulescript below.
Accessible from- All application scopes
Endpoint- https://FQDN/oauth/v2/token Replace "FQDN" with the fully qualified domain name of your EmpowerID server (e.g. sso.empoweriam.com).
Change theAuthentication typeto OAuth 2.0.
For the OAuth profile, click the search icon and select the EID default_profile that you created earlier.
On theHTTP Requesttab, add two HTTP Headers.
In the list of HTTP Headers, double-click the textInsert a new rowand enter these values.
Insert another new row and enter these values.
Value- your EmpowerID OAuth application API key
Click Submit to save the REST message. Back on the REST Messages list, click your newly created EmpowerID API REST message. A message at the top directs you to click theGet OAuth Tokenlink to request a token.
Click the link, supply your EmpowerID admin username and password, and clickGet OAuth Token.
Back on the EmpowerID API message, scroll to the bottom to see the HTTP Methods list.
Next to HTTP Methods, click the New button to create a new POST method. Create three in total, with the following settings. (ClickSubmit after each to return to the main REST Message page where you can add the next.)
Click theSubmit (or Update) button to save the REST message.
To create an Approval business rule
The Approval table, where ServiceNow tracks EmpowerID group approval requests and their results, needs a business rule to pass values to the REST message.
Log in to your ServiceNow instance, and in the navigation pane, scroll down and expandSystem Definition, then find and selectBusiness Rules. (You can also search for Business Rules, and select the one nested under System Definition.)
Above the list of Business Rules, click theNewbutton, and add a new one named EmpowerID BR.
Configure the new business rule with the following settings.
Name- EmpowerID BR
Application- Global (default)
Table- Approval [sysapproval_approver]
Active- selected (default)
Advanced- selected (shows an advanced tab below, and adds fields)
On theWhen to runtab, setWhento "after," and select theUpdatecheckbox.
On theAdvancedtab, paste this script to replace the default stub.
ClickSubmitto save the business rule.
To create a Workflow
This is where you set up the workflow to run when a user requests an EmpowerID group from the service catalog.
Log in to your ServiceNow instance, and in the navigation pane, search forWorkflow Versionsand select it.
Above the list of Workflow Versions, click theNewbutton, and add a new workflow named EmpowerID WF.
Configure the new workflow version with the following settings.
Name- EmpowerID WF
Table- Request [sc_request]
On theConditionstab, leave the default value ofRun the workflow(or Run the workflow always) with no conditions.
On theStagestab, leave the default value ofStage field (None) and change theStage renderingvalue to Legacy.
Click Submit to save the workflow version. A new tab opens with the visual workflow designer.
From theCoretab on the right, drag workflow activities onto the designer to create a workflow like the one in this image using the settings below.
In the window that pops up when you drag each activity from a folder under Core Activities onto the workflow, use the settings in the boxes below the image.
Click theValidatebutton (checkbox) above the workflow to ensure that it works.
Click the hamburger menu at the top left and selectPublishto make your workflow available to all users.
If you need to edit the workflow, click theShow Workflowlink at the bottom of theEmpowerID WFworkflow version.
To create a service catalog request
The service catalog request provides a page in the ServiceNow service catalog where users can request a new EmpowerID group.
Log in to your ServiceNow instance, and in the navigation pane, search forMaintain Itemsand select it. (Or navigate to Service Catalog, then Catalog Definitions, and select it from there.)
Above the list of Catalog Items, click theNewbutton, and add a new catalog item.
Configure the new catalog item with the following settings.
Name- EmpowerID Service Catalog Request
Catalogs- Service Catalog
Short Description- Request EmpowerID Group
Description- Create a group request. Once approved the group will be created in EmpowerID.
ClickSubmit, then open the EmpowerID Service Catalog Request from the list of catalog items. (Change theGo tovalue toNameto search for it.)
On theVariablestab at the bottom of the page, clickNewto add a variable with the following settings.
Question- Group Description
Tooltip- Enter a description for the group.
ClickSubmitto save the variable.
Back on the Variables tab, clickNewto add a second variable with the following settings.
Question- Group Name
Tooltip- Enter the name of the group.
ClickSubmitto save the second variable.
On theApproved Bytab at the bottom of the page, clickEditto add an approver for EmpowerID group requests.
In the Collection search box, find and select System Administrator, and click the Addarrow to add it to the Approved By List.