Data provisioning
Provisioning configuration
As the ServiceNow connector is based on the REST connector, it uses the same logging method (log4net) as the REST connector. A provisioning configuration similar to the one for the generic REST connector is used.
Currently, ServiceNow deprovisioning will not work for resources that haven't been imported back from the system. If you have a failed deprovisioning task you need to run the import for the ServiceNow system and reissue the deprovisioning claim.
| Parameter | Description |
|---|---|
| Base address | Specify the server address. |
| User query relative address | Specify the relative address for the ServiceNow API user query.The default value is: now/table/sys_user |
| Content type header | Choose the format of the content.The default value is: application/json. |
| Accept header | The default value is application/json. |
| Authentication type | The type of authentication to use for the REST system.Depending on the type of authentication that you choose to use, you may see more or fewer settings. The available options are: Basic – username and password are required. None – there are no authentication headers. OAuth2 – all OAuth mandatory * fields must be completed with proper value.These values can be found in your external vendor’s documentation of your REST system. |
| Security protocol | Security protocol of your REST system. |
| Test connection | Enable this setting to test the connection information that you have specified. |
| Timeout in seconds | Specify the timeout value in seconds. |
Basic authentication
| Parameter | Description |
|---|---|
| Username | The username for the user to authenticate with the service. |
| Password | The password for the user to authenticate with the service. |
OAuth2 authentication
| Parameter | Description |
|---|---|
| URL for Authorization token | The URL address for the Authorization token.It can be taken form the environment. |
| OAuth Grant Type | The type of OAuth2 Grant used for authorization. Possible grants: Password credentials, JWT bearer |
| OAuth Client ID | The Clint ID, can be taken form the environment. |
| OAuth Client Secret | OAuth Client Secret, can be taken from the environment. |
| OAuth Resource | OAuth Resource Owner. |
| OAuth Token Revoke URL | URL address for the Token Revoke. |
| Token cache policy | The token cache policy, with the following options available: Never cache – we should not cache the token, Always cache – get the token once and store always, Expiration interval – expire the token after some time interval (in seconds). |
Password credentials Grant
| Parameter | Description |
|---|---|
| Username | The username for the user to authenticate with the service. |
| Password | The password for the user to authenticate with the service. |
Data model
The following data model is used. It is based on the REST data model, with some adaptations to support the default ServiceNow task mappings. If necessary, the data model can be extended, similarly to the default REST data model.
<connectorDataModel xmlns="http://schemas.omada.net/ops/2015/ConnectorDataModelML" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<properties>
<!-- common -->
<property name="user_name" requried="true" />
<!-- /common -->
<!-- account -->
<property name="last_name" requried="true" />
<property name="first_name" requried="true" />
<property name="user_name" requried="true" />
<property name="active" requried="true" />
<!-- /account -->
<!-- group & role -->
<property name="user" requried="true" />
<property name="group" requried="true" />
<property name="role" requried="true" />
<!-- /group & role -->
</properties>
<objects>
<object name="ServiceNowUser">
<objectDetails>
<objectDetail name="VerbForUpdate" value="PATCH" />
<objectDetail name="VerbForDelete" value="DELETE" />
</objectDetails>
<objectProperties>
<objectProperty>last_name</objectProperty>
<objectProperty>first_name</objectProperty>
<objectProperty>user_name</objectProperty>
<objectProperty>active</objectProperty>
</objectProperties>
</object>
<object name="ServiceNowGroupAssignment">
<objectDetails>
<objectDetail name="VerbForUpdate" value="PATCH" />
<objectDetail name="VerbForDelete" value="DELETE" />
</objectDetails>
<objectProperties>
<objectProperty>user</objectProperty>
<objectProperty>user_name</objectProperty>
<objectProperty>group</objectProperty>
</objectProperties>
</object>
<object name="ServiceNowRoleAssignment">
<objectDetails>
<objectDetail name="VerbForUpdate" value="PATCH" />
<objectDetail name="VerbForDelete" value="DELETE" />
</objectDetails>
<objectProperties>
<objectProperty>user</objectProperty>
<objectProperty>user_name</objectProperty>
<objectProperty>role</objectProperty>
</objectProperties>
</object>
</objects>
</connectorDataModel>
Task mappings
The ServiceNow connector template uses the three following task mappings:
- ServiceNow User
- Assignments: ROPE Account - ServiceNow User
- ServiceNow Group
- Assignments: ServiceNow – Group membership
- ServiceNow Role
- Assignments: ServiceNow – Role assignment
Configuration of task mappings in Omada Identity
To be able to use these task mappings, you need to map the assignments to resources manually:
-
Open the system onboarding view of your ServiceNow system.
-
Click Task mappings in the Provisioning section of the view.
-
You will see the following pop-up, with resource types and empty assignments.
-
Click None in the Assignment column in each row to select the appropriate mappings from the pop-up window.
-
The correct task mappings are as follows:
-
ServiceNow Account – ServiceNow User
-
Group – ServiceNow Group Assignment
-
ServiceNow Role – ServiceNow Role Assignment
- Click OK to confirm the changes.