Below is the Customized Integration Config for Service Now Integration , Tested on orlando version
Service Now Integration Config
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE IntegrationConfig PUBLIC "sailpoint.dtd" "sailpoint.dtd"> <IntegrationConfig executor="sailpoint.integration.servicenow.ServiceNowIntegrationExecutor" name="ServiceNow IntegrationConfig Vishal Demo Application" roleSyncStyle="none"> <Attributes> <Map> <entry key="alias"/> <entry key="authType"/> <entry key="catalogItem"> <value> <Map> <entry key="Vishal Demo Application" value="IdentityIQ Access Request"/> </Map> </value> </entry> <entry key="dateFormat" value="yyyy-MM-dd'T'HH:mm:ss"/> <entry key="visDefaultAssignmentQueue" value="IAM Requests Queue"/> <entry key="visServiceAcount" value="iiq.integration"/> <entry key="getRequestStatus"> <value> <Map> <entry key="CONNECTION_TIMEOUT" value="30000"/> <entry key="SO_TIMEOUT" value="30000"/> <entry key="endpoint" value="https://sailpointdev.service-now.com/sc_req_item.do?SOAP"/> <entry key="prefix" value="sc"/> <entry key="responseElement" value="state"/> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sc="http://www.service-now.com/sc_req_item"> <soapenv:Header></soapenv:Header> <soapenv:Body> <sc:getRecords> <number>$requestID</number> </sc:getRecords> </soapenv:Body> </soapenv:Envelope> "/> </Map> </value> </entry> <entry key="keyPass"/> <entry key="keystorePass"/> <entry key="keystorePath"/> <entry key="keystoreType"/> <entry key="noProvisioningRequests" value="false"/> <entry key="operations" value="Create,Modify,Delete,Enable,Unlock,SetPassword"/> <entry key="password" value="<password>"/> <entry key="provision"> <value> <Map> <entry key="CONNECTION_TIMEOUT" value="30000"/> <entry key="SOAPAction" value="https://sailpointdev.service-now.com/ScRequestGenerator/insert"/> <entry key="SO_TIMEOUT" value="30000"/> <entry key="endpoint" value="https://sailpointdev.service-now.com/ScRequestGenerator.do?SOAP"/> <entry key="groupItemBy" value="application"/> <entry key="multipleItem" value="true"/> <entry key="multipleTicket" value="true"/> <entry key="prefix" value="sc"/> <entry key="responseElement" value="scResult"/> <entry key="soapMessage" value="<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:scr="http://www.service-now.com/ScRequestGenerator"> <soapenv:Header></soapenv:Header> <soapenv:Body> <scr:insert> <screquest> <opened_by>$!provisioningPlan.integrationData.openedBy</opened_by> <requested_for>$!provisioningPlan.integrationData.requestedFor</requested_for> <assignment_group>$!provisioningPlan.integrationData.assignmentGroup</assignment_group> <short_description>IIQ $!provisioningPlan.integrationData.identityRequestId</short_description> <req_description>This request item has been generated for an access request initiated in IIQ the requestor are in the Requested Item Description field.</req_description> <screqitems> #if ($config.multipleItem == 'true') #if (($config.groupItemBy) && ($config.groupItemBy.toLowerCase() == 'application')) #set ($requestGroupByApp = {}) #foreach ($request in $provisioningPlan.accountRequests) #if($requestGroupByApp.containsKey($request.application)) $requestList = $!requestGroupByApp.get($request.application) $!requestList.add($request) $!requestGroupByApp.put($request.application, $requestList) #else #set ($requestList = []) $!requestList.add($request) $!requestGroupByApp.put($request.application, $requestList) #end #end #foreach ($mapEntry in $requestGroupByApp.entrySet()) <item> <tracking_id>$!mapEntry.value.get(0).trackingId</tracking_id> <cat_item>$!catalogItem.get($!mapEntry.value.get(0).application)</cat_item> <description> #foreach ($request in $mapEntry.value) #if ($request.attributeRequests) #if($request.operation == 'Create') Lan ID: $provisioningPlan.integrationData.lanID Employee Number: $provisioningPlan.integrationData.empNumber Email Address: $provisioningPlan.integrationData.email #else Lan ID: $provisioningPlan.integrationData.lanID Employee Number: $provisioningPlan.integrationData.empNumber Email Address: $provisioningPlan.integrationData.email #end Application Name: $request.application #foreach ($att in $request.attributeRequests) Entitlement/Group/Role/Permission: $att.value #if($request.operation != 'Create') Account Id : $request.nativeIdentity #end Action needed: $att.operation access #end #elseif ($request.permissionRequests) For $request.nativeIdentity in application $request.application #foreach ($att in $request.permissionRequests) $att.operation Right $att.rights on $att.target #end #else $request.operation $request.application nativeIdentity $request.nativeIdentity #end #end </description> </item> #end #end #end </screqitems> </screquest> </scr:insert> </soapenv:Body> </soapenv:Envelope> "/> </Map> </value> </entry> <entry key="roleSyncHistory"/> <entry key="statusMap"> <value> <Map> <entry key="-5" value="inProcess"/> <entry key="1" value="inProcess"/> <entry key="16" value="inProcess"/> <entry key="2" value="inProcess"/> <entry key="3" value="committed"/> <entry key="7" value="failure"/> <entry key="8" value="failure"/> <entry key="9" value="failure"/> </Map> </value> </entry> <entry key="username" value="iiq.integration"/> </Map> </Attributes> <PlanInitializer> <Reference class="sailpoint.object.Rule" name="VIS ServiceNow Service Integration Rule"/> </PlanInitializer> <ManagedResources> <ManagedResource> <ApplicationRef> <Reference class="sailpoint.object.Application" name="Vishal Demo Application"/> </ApplicationRef> </ManagedResource> </ManagedResources> </IntegrationConfig>
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd"> <Rule language="beanshell" name="VIS ServiceNow Service Integration Rule" type="Integration"> <Description> The rule is used to compute the requested for, opened by and assignmnent queue that needs to be set on the ticket created by IIQ for delimited apps.The provisioning plan and its integrationData object are used by Velocity to populate values in the XML templates for the web service calls. </Description> <Signature returnType="Object"> <Inputs> <Argument name="identity"> <Description> A sailpoint.object.Identity representing the person being remediated. </Description> </Argument> <Argument name="plan"> <Description> A sailpoint.object.ProvisioningPlan representing remediation. </Description> </Argument> <Argument name="integration"> <Description> A sailpoint.object.IntegrationConfig representing configuration object. </Description> </Argument> <Argument name="context"> <Description> A sailpoint.api.SailPointContext object that can be used to query the database to find the Rule. </Description> </Argument> <Argument name="log"> <Description> A Log object to help report and/or debug the Rule. </Description> </Argument> </Inputs> </Signature> <Source> <![CDATA[ import sailpoint.object.Identity; import sailpoint.object.Filter; import sailpoint.object.Configuration; String applicationName; String openedBy; String requestedFor; String defaultUserOpenedBy = (String) integration.getAttribute("visServiceAcount"); List accountRequests = plan.getAccountRequests(); Map argument = (Map)plan.getArguments(); String planSource = plan.getSource(); requestedFor = identity.getName(); openedBy = defaultUserOpenedBy; argument.put("requestedFor", requestedFor); argument.put("openedBy", openedBy); argument.put("lanID", identity.getName()); argument.put("email", identity.getEmail()); argument.put("empNumber", identity.getAttribute("employeeNumber")); if(accountRequests != null && accountRequests.size() > 0) { AccountRequest accountRequest = accountRequests.get(0); applicationName = accountRequest.getApplicationName(); } String visDefaultAssignmentGroup = (String)integration.getAttribute("visDefaultAssignmentQueue"); argument.put("assignmentGroup", visDefaultAssignmentGroup); ]]> </Source> </Rule>
Can i use similar rule for raising a ticket with service now developer instance while in access review , they need to raise ticket for revoke ?
ReplyDeleteSame rule will take care of both Access Request and Access REview module.
Delete