Privilege Manager ServiceNow Configuration
To configure the ServiceNow Privilege Manager, you must undertake actions on both the Delinea and ServiceNow sides.
Defining Policies and Actions
You can create an action and attach it to a policy to control which events you want to be sent to ServiceNow for approval.
To create an action:
-
In the Integrations console, go to the Admin > Tasks.
-
Select the Automation tab.
-
In the tree, go to Automation > Approvals > Approval Processes, and select Create.
-
Enter a name and description, select Create.
-
The ServiceNow Server value is empty by default, select the Instance.
-
Under the Settings, specify your ServiceNow Server, select Save Changes.
-
Back to the Automation tree and select Approval Types. Then, select Default Execute Application Request Type.
-
Select your ServiceNow Approval Process.
-
Select Save Changes.
Running the Approval Request Item Tasks
Once you have configured the actions, you should initiate the task running to create several new items in your ServiceNow dashboard.
To run a task:
-
In the Search field at the top of your Integrations console, search for Create ServiceNow Approval Request Items.
-
In your search results, select click on this task and then select Run Task from the More dropdown.
-
Under the ServiceNow System ID > Select..., choose the resource and add the ServiceNow Server that you created as a Foreign System earlier.
- From the Scope by Organizational Group dropdown, select your resource.
- In the Search field, enter a text for a tack searching.
- Select Search.
- From the list of returned results, choose the necessary task and select Select.
-
Select Run Task.
Clients with robust ServiceNow installations are welcome (and in fact encouraged) to alter their ServiceNow scripted web services for use with their own ServiceNow items and workflow rather than relying on this importing task.
Configuring ServiceNow
Open ServiceNow and go to Scripted Web Services > Scripted SOAP Services to verify that these three new options are listed:
- CreateExecuteAppApprovalRequest
- CancelExecuteAppApprovalRequest
- GetExecuteAppApprovalRequestStatus
Using an Approval Request (with ServiceNow Request ItemNumber) Form Action
You can use this action to approve requests associated with the numbered items.
To create an approval request:
- Go to Admin > Actions.
- Search and select Approval Request (with ServiceNow Request ItemNumber) Form Action.
- Select Duplicate.
- Name your new action and select Create.
- Customize the Action based on your specific business requirements.
- Select Save Changes.
- Go to your computer group's Application Policies, select Create Policy or find an existing policy that you want to use for ServiceNow Approvals.
- Under the Actions section, search for and add the action you previously created, ServiceNow Approval Request Form Action.
- Select Save Changes.
- Select the i icon next to the Deployment and select Resource and Collection Targeting Update to immediately send the policy to your endpoint agents.
Policies also automatically update according to a schedule.
Using an Endpoint Group Member Authenticated Message Action
This action is relevant for over-the-shoulder approvals, whether systems are on or offline. The supervisor approves access by authentication on the user's endpoint system.
To create an endpoint group:
-
Go to Admin > Actions.
-
Select Create.
- On the Create Action modal from the Platform dropdown, select Windows.
- From the Type dropdown, select Endpoint Group Member Authenticated Approval Action.
- Enter a meaningful Name and Description.
- From the Approval Group dropdown, select the group membership of the approver.
- Select Create.
-
Under the Settings verify that the Require approval by a member of the group: contains the correct group. If you ever need to change it, come back to this page and select the group name to access the change modal.
-
Go to your computer group's Application Policies, select Create Policy or find an existing policy that you want to use for ServiceNow Approvals.
-
Under the Actions section, search for and add the action you previously created.
-
Select Save Changes.
-
Select the i icon next to the Deployment and select Resource and Collection Targeting Update to immediately send the policy to your endpoint agents.
Policies also automatically update according to a schedule.
Sample Group Member approval notice with approval overlay:
Refer to the Endpoint Group Member Authenticated Approvals report In Integrations or your ServiceNow instance to view a history of "over the shoulder" approvals.
Viewing the Requests
Now that you have a policy attached to your ServiceNow integrated Action, the requests from your policy will be sent through ServiceNow for approval.
To view a request:
- On your endpoint, perform the action that your policy targets for ServiceNow Approval. You will be prompted with a justification window to explain your request. To approve these requests, open your ServiceNow Dashboard.
- Go to the My Requests option in ServiceNow and you will see your new requests.
- Select Requested for details.
- In the Request page you can view details of what action is being requested, and you can Accept the action.
- On your endpoint, the pending justification window will update to an Approved status, and you can access the requested application.