Privilege Access Workflow Using Service Catalog
The instructions below will guide you through creating approval rules and role access requests necessary for configuring Cloud Suite.
Approval Rules for Catalog Requests
To create an Approval Rule for automatic approvals for specific Roles/Commands, follow these steps.
-
Log in to ServiceNow with an Admin account.
-
Go to the All tab > Delinea Cloud Suite Integration > Approval Rules.
-
Click New to create a new Approval Rule and give it a name.
-
In Variable Condition, select the dropdown and click Show related fields, then select Variables.
-
Select the application and Role (Role name) or select the application and Command (Command name).
You can add multiple Roles or Commands in a single Approval Rule.
-
Select Automatic as the Approval Type, Set Order as 1, and select the Active checkbox.
-
Click Update
Create an Approval Rule for PM Approvals
To create an Approval Rule for PM Approvals, follow these steps.
A request initiated by the approver will be auto-rejected if a single approver is added in the Approval Rule.
-
Login to ServiceNow with an Admin account.
-
Go to the All tab > Delinea Cloud Suite Integration > Approval Rules.
-
Click New to create a new Approval Rule and provide a name.
-
In Variable Condition, select Created after Yesterday.
-
Select Required as the Approval Type, Set Order as 2, and select the Active checkbox.
-
Select the User Approval checkbox.
-
Select the Approver and provide the approval role (x_centrify.approver) to the same user and click Update.
Role Access Request Workflow in ServiceNow
Role Access Request integrates with ServiceNow to enable users to request a Role assignment. The requester can request temporary and permanent role assignments. Once the request is approved, the user is assigned to the role.
To make a request, follow these steps:
-
In ServiceNow, go to the All tab > Service Catalog.
-
Search the application for Delinea Role Access Request.
-
Select the Roles, multiple roles can be selected.
-
Select the type of access (Temporary, Permanent, and Windowed). For Temporary and Windowed types, it is necessary to provide the time parameter.
By default, only Temporary and Windowed access types are available in the dropdown. The Permanent access type is only visible to users with the Permanent Access role (x_centrify.permanent_access_user).
-
Enter the reason and submit the request.
-
Log in to ServiceNow as the Approver user.
-
Go to the All tab > Delinea Cloud Suite Integrations > My approvals.
-
Open the request and approve it.
-
After approval, the user is added as a member with the assigned role.
Privilege Elevation Command Workflow in ServiceNow
The Privilege Elevation Command Request feature integrates with ServiceNow, which allows users to request command assignments for a particular system. The requestor has the option to request temporary or permanent command elevation assignments. Once the request is approved, the user can access the command on their system.
To make a request, follow these steps.
-
In ServiceNow, go to the All tab > Service Catalog.
-
Search the application for Delinea Privilege Elevation Command.
-
Select the System Set and System, multiple roles can be selected.
You can select up to 100 systems at a time.
-
Select the Command or Command Set. You can select multiple Commands or Command Sets.
-
Select the type of access (Temporary, Permanent, and Windowed). For Temporary and Windowed types, it is necessary to provide the time parameter.
By default, only Temporary and Windowed access types are available in the dropdown. The Permanent access type is only visible to users with the Permanent Access role (x_centrify.permanent_access_user).
-
Select the ticket type (Incident, Problem, Change Request, and Request).