Privilege Access Workflow Using Incident and Change Management
Users can create just-in-time access requests for Systems, Commands, and Roles using the Delinea Privilege Elevation section in Incident and Change Management forms.
It is not mandatory for users to be logged into ServiceNow or Cloud Suite. Instead, users can be located by using the Search any user in Directory Service field from the Directory Services associated with Cloud Suite. If you want to search for users that are already present in ServiceNow, use the Search ServiceNow users in Directory Service field.
To view the System Sets, the user must have the View permission of the required System Set.
Additional Configurations for Incident and Change Tickets
Delinea Cloud Suite Integration Properties now offer extra properties for Incident and Change.
You can select systems based on the affected CIs and impacted CIs validation. You do this by selecting the following properties:
-
Validate Systems with Affected/Impacted CI for Incident
-
Validate Systems with Affected/Impacted CI for Change Request
Based on the Properties page selection, the validation will be done when you select the systems on the Incident and Change Request forms.
If the property value is set as None, then no validation is done based on Affected and Impacted CIs. In this case, you can select any system.
The table below lists additional properties for Incident and Change Management tickets.
| Field | Values | Used for Incident | Used for Change Management |
|---|---|---|---|
| Maximum Access Duration limit |
Days - Upper limit is 90 days. Note: Value set in this field will be considered as the maximum access duration limit for users while initiating the request. |
Yes | Yes |
| Allow All Systems Section |
Yes/No: YES - All Systems are displayed instead of System Sets. NO - System Sets are displayed based on user’s view permission of a System Set. |
Yes | Yes |
| Allow only static duration for Incidents |
Yes/No: YES - Static duration value set in Default Access limit for Incident tickets (Hours) field is considered as the access time for Incident tickets. NO - User needs to provide the duration manually while creating the Incident. |
Yes | No |
| Default Access limit for Incident tickets (Hours) |
Hours 1-24. This field is only applicable when Allow only static duration for Incidents field is selected as YES. Note: Upper limit for this field is set, based on the value provided in Maximum Access Duration Limit field. |
Yes | No |
| Valid States for Incident Tickets |
Provide the State’s value in this field (numeric value). Note: Valid state means the state in which the access of System/Command/Role needs to be granted. |
Yes | No |
| End States for Incident Tickets |
Provide the State’s value in this field (numeric value). Note: End state means the end of workflow. (Access cannot be re-granted once the Incident moves in the End state. |
Yes | No |
| Valid States for Change Tickets |
Provide the State’s value in this field (numeric value). Note: Valid state means the state in which the access of System/Command/Role needs to be granted. |
No | Yes |
|
End States for Change Tickets |
Provide the State’s value in this field (numeric value). Note: End state means the end of workflow. Access cannot be re-granted once the Incident moves in the End state. |
No |
Yes
|
| Hide Delinea tab on Change request & Incident |
Enable: Delinea tab is added on the Incident and Change Request forms. Disable: Delinea tab is removed from the Incident and Change Request forms. |
Yes | Yes |
| Validate Systems with Affected/Impacted CI for Incident |
None: No validation, you can select any system. System Validation with Affected CI: Selecting the Systems available in the Affected CIs list is possible only. System Validation with Impacted CI: Selecting the Systems available in the Impacted CIs list is possible only. System Validation with both Affected and Impacted CI: Selecting the Systems available in the Affected and Impacted CIs list is possible only. |
Yes | Yes |
| Validate Systems with Affected/Impacted CI for Change Request |
None: No validation, you can select any system. System Validation with Affected CI: Selecting the Systems available in the Affected CIs list is possible only. System Validation with Impacted CI: Selecting the Systems available in the Impacted CIs list is possible only. System Validation with both Affected and Impacted CI: Selecting the Systems available in the Affected and Impacted CIs list is possible only. |
Yes | Yes |
Incident Ticket Workflow for Delinea Cloud Suite Privilege Request
To create an incident ticket, follow these steps.
-
In ServiceNow, go to the All tab.
-
Expand the Incident section and select Create New.
-
Enter the details in the Delinea Privilege Elevation section and submit the incident.
-
Search the ServiceNow user in Directory Service or search any user in Directory Service.
-
Enter the user in the Assigned to field and update.
-
Log in to ServiceNow with the Assigned user and go to Incident > Assigned to me.
-
Change the Incident state to a valid state and access is granted when the state is valid.
-
Check the user entry in the Cloud Suite.
-
Review the Notes section for details.
If the state of the Incident is changed to any state other than a valid state, access will be revoked, and the request will be put on hold. However, if the state is changed back to the Approved State, access will be granted again.
Change the Ticket Workflow for Delinea Cloud Suite Privilege Request
To create an change ticket, follow these steps.
-
In ServiceNow, go to the All tab > Change and select Create New.
-
Enter the required information in the Delinea Privilege Elevation Section, Planned Start Date, Planned End Date, and Schedule sections.
-
Submit the request, select the required Assignment group, and move the Change Request to the next available state.
-
Log in to with any of the Approver group members and approve the request.
-
Access is granted once the state is valid, and the Planned Start Date time activates.
Access will only be revoked after the Planned End Date or when the Change is moved to the End State.
