Setup

If a version of the Server Suite–ServiceNow integration supports multiple ServiceNow releases, you can upgrade from one ServiceNow release to another without needing to make any additional changes. All supported versions will continue to function as expected. For information about the ServiceNow releases that the Server Suite–ServiceNow integration supports, see ServiceNow Release Integration Matrix.

Prerequisites

• Complete Server Suite setup.

• Connector to PAS Instance installed.

• ServiceNow Instance installed Tokyo or later.

With PAS as your identity service, you can choose single-sign-on (SSO) access to the ServiceNow web application with IdP-initiated SAML SSO (for SSO access through the Delinea PAS) or SP-initiated SAML SSO (for SSO access directly through the ServiceNow web application) or both. Providing both methods allow you and your users maximum flexibility.

ServiceNow integrations include single sign-on (SSO) with built-in multi-factor authentication (MFA) and automated provisioning and de-provisioning of users based on role membership within the source directory. ServiceNow integrations are included with your Delinea PAS license.

If ServiceNow is the first application you are configuring for SSO through Delinea PAS, read the following topics before you get started:

• Configuring Single Sign-On

To integrate Delinea PAS and ServiceNow, review and perform the steps in the following sections: (safenet-luna/index.md)

• Integration Prerequisites
• Manual XML Import to ServiceNow
• Configuring ServiceNow for Single Sign-on
• ServiceNow Password Reset Configuration
• Privileged Access Request Integration in ServiceNow

• Zone Role Workflow Integration in ServiceNow

ServiceNow SSO Requirements

• Your domain is registered and verified with ServiceNow (for example, you have a login URL such as https://acme.service-now.com where acme is your company instance name).

• An active ServiceNow account with administrator privileges.
• A test user was created in the PAS Admin Portal.
• A signed certificate in PEM format. You can either download the standard certificate from Admin Portal or use your organization’s trusted certificate.

Delinea Requirements

The Delinea requirements comes with the following roles:

• x_cenr3_priv_acces.approver:

  • This role determines who is a Delinea App Admin approver and is utilized to provide them with quick access to their approval tasks as well as restrict who can close approval tasks.
  • This role cannot modify application settings and is limited to only viewing the two related approval modules.

• x_cenr3_priv_acces.permanent: This role is needed to unlock requests for permanent access.