Privilege Manager ServiceNow Verification

How to Create ServiceNow Approval Request Items Task

When you run the Create ServiceNow Approval Request Items task, Integrations creates the necessary items in ServiceNow so that it can use ServiceNow to manage requests to approve execution or elevation of applications.

This following items are available:

  • Delinea—The task creates a service catalog category called “Delinea” within your ServiceNow UI.

  • Execute Application Request—The task creates a service catalog item called Execute Application Request and associates it with the Delinea service catalog category.

Variables

The table below lists variables for tasks and requests execution.

Variables Description
PMApprovalId The Integrations internal identifier for the approval request.
PMInitiatorId The Integrations internal identifier for the user that initiated the request.
PMInitiatorName The name of the user that initiated the request.
PMPolicyId The Integrations internal identifier for the policy associated with the approval request.
PMPolicyName The name of the policy associated with the approval request.
PMAgentId The Integrations internal identifier for the endpoint on which the request was initiated.
PMAgentName The name of the endpoint on which the request was initiated.
PMProcessId The Integrations internal identifier for the process configuration item associated with the approval request.
PMProcessName The name of the process configuration item associated with the approval request.
PMFilePath The path to the application the user is attempting to run.
PMUserReason The reason given by the user requesting the approval.

Tasks

The table below lists tasks available for execution.

Task Description

CreateExecuteAppApprovalRequest

 The task creates a scripted SOAP service called CreateExecuteAppApprovalRequest. When a user initiates an approval request, Integrations will call this service with input data about the request. The default script will create a new Execute Application Request service catalog item, fill out the variable data from the inputs, and submit the item. The service returns the ID of the item to Integrations so that it can periodically check or update the status of the item.
Script Input

The task creates an input called PMGetRequestId. Integrations supplies this input using the value from PMRequestId that was output from the CreateExecuteAppApprovalRequest service.
Script Output

The task creates an output called PMRequestId. Integrations looks for this output by name and records it so can be used in future service calls to check or update the request status.

 

Available script outputs:

  • PMApprovalStatus—Integrations expects this service to return PMApprovalStatus with one of the following values:

    • approved—The request has been approved.

    • rejected—The request has been rejected.

    • pending—The request is still pending approval or rejection.

  • PMComment—If there is a comment by the worker that approves or rejects the request, it can optionally be returned in the output called PMComment. If this output is present, it will record it with the status of the request in its database.
GetExecuteAppApprovalRequestStatus

The task creates scripted SOAP service called GetExecuteAppApprovalRequestStatus. When an approval is in progress, Integrations will periodically call this service to determine if the request has been approved or rejected.
CancelExecuteAppApprovalRequest

The task creates a scripted SOAP service called CancelExecuteAppApprovalRequest. If a request times out from within Integrations, Integrations will call this service to cancel the corresponding item in ServiceNow.

Integrations expects this service to be defined in ServiceNow, but the product does not invoke this except when a request times out from Integrations .
Inputs

Available inputs:

  • PMCancelRequestId—Integrations call this service with PMCancelRequestId set to the value from PMRequestId returned from the CreateExecuteAppApprovalRequest service.

  • PMCancelComment—Integrations calls this service with PMCancelComment set to a comment about why the request is being canceled.
Outputs The task creates the output called TmsCancelResult. Integrations expects an output with this name, but currently ignores the value.

Capabilities to change the services

Most of the ServiceNow back end can be changed to accommodate your own items and workflows. Integrations only requires the three scripted SOAP web services described above. You are welcome to change the script within the services to do whatever is necessary for your environment.

While the inputs that Integrations sends to the services are fixed, once they reach ServiceNow you are free to do (or not do) what you want with the values.

Integrations expects the outputs from the services as described above. PMRequestId is by default the ServiceNow sys_id of the requested service catalog item instance, but can be any string up to 256 characters used to identify the request. It's up to you to ensure that the status and cancel services can interpret that value.

You can change the names of the services if you update the names in the ServiceNow Approval Process configuration in Integrations. You can also create multiple ServiceNow Approval Process items within Integrations, and each can reference their own set of services.