Wednesday, March 24, 2021

Sailpoint IIQ Service Now Integration - Sample Integration Config and Integration Rule

Below is the Customized Integration Config for Service Now Integration , Tested on orlando version

Service Now Integration Config

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE IntegrationConfig PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<IntegrationConfig executor="sailpoint.integration.servicenow.ServiceNowIntegrationExecutor" name="ServiceNow IntegrationConfig Vishal Demo Application" roleSyncStyle="none">
  <Attributes>
    <Map>
      <entry key="alias"/>
      <entry key="authType"/>
      <entry key="catalogItem">
        <value>
          <Map>
            <entry key="Vishal Demo Application" value="IdentityIQ Access Request"/>
          </Map>
        </value>
      </entry>
      <entry key="dateFormat" value="yyyy-MM-dd&apos;T&apos;HH:mm:ss"/>
      <entry key="visDefaultAssignmentQueue" value="IAM Requests Queue"/>
      <entry key="visServiceAcount" value="iiq.integration"/>
      <entry key="getRequestStatus">
        <value>
          <Map>
            <entry key="CONNECTION_TIMEOUT" value="30000"/>
            <entry key="SO_TIMEOUT" value="30000"/>
            <entry key="endpoint" value="https://sailpointdev.service-now.com/sc_req_item.do?SOAP"/>
            <entry key="prefix" value="sc"/>
            <entry key="responseElement" value="state"/>
			<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sc="http://www.service-now.com/sc_req_item">        
			<soapenv:Header></soapenv:Header>                        
			<soapenv:Body>                          
			<sc:getRecords>                            
			<number>$requestID</number>                          
			</sc:getRecords>                        
			</soapenv:Body>                      
			</soapenv:Envelope>                    
			"/>
			</Map>
        </value>
      </entry>
      <entry key="keyPass"/>
      <entry key="keystorePass"/>
      <entry key="keystorePath"/>
      <entry key="keystoreType"/>
      <entry key="noProvisioningRequests" value="false"/>
      <entry key="operations" value="Create,Modify,Delete,Enable,Unlock,SetPassword"/>
      <entry key="password" value="<password>"/>
	  <entry key="provision">
        <value>
          <Map>
            <entry key="CONNECTION_TIMEOUT" value="30000"/>
            <entry key="SOAPAction" value="https://sailpointdev.service-now.com/ScRequestGenerator/insert"/>
            <entry key="SO_TIMEOUT" value="30000"/>
            <entry key="endpoint" value="https://sailpointdev.service-now.com/ScRequestGenerator.do?SOAP"/>
            <entry key="groupItemBy" value="application"/>
            <entry key="multipleItem" value="true"/>
            <entry key="multipleTicket" value="true"/>
            <entry key="prefix" value="sc"/>
            <entry key="responseElement" value="scResult"/>
            <entry key="soapMessage" value="<?xml version="1.0" encoding="UTF-8"?>
			<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:scr="http://www.service-now.com/ScRequestGenerator">
			<soapenv:Header></soapenv:Header>
			<soapenv:Body>
			<scr:insert>
			<screquest>
			<opened_by>$!provisioningPlan.integrationData.openedBy</opened_by>
			<requested_for>$!provisioningPlan.integrationData.requestedFor</requested_for>
			<assignment_group>$!provisioningPlan.integrationData.assignmentGroup</assignment_group>
			<short_description>IIQ $!provisioningPlan.integrationData.identityRequestId</short_description>
			<req_description>This request item has been generated for an access request initiated in IIQ the requestor are in the Requested Item Description field.</req_description>
			<screqitems>
				#if ($config.multipleItem == &apos;true&apos;)
					#if (($config.groupItemBy) &amp;&amp; ($config.groupItemBy.toLowerCase() == &apos;application&apos;))               
						#set ($requestGroupByApp = {})
						#foreach ($request in $provisioningPlan.accountRequests)
							#if($requestGroupByApp.containsKey($request.application))
								$requestList = $!requestGroupByApp.get($request.application)
								$!requestList.add($request)
								$!requestGroupByApp.put($request.application, $requestList)
							#else
								#set ($requestList = [])
								$!requestList.add($request)
								$!requestGroupByApp.put($request.application, $requestList)
							#end
						#end
						#foreach ($mapEntry in $requestGroupByApp.entrySet())
						<item>
							<tracking_id>$!mapEntry.value.get(0).trackingId</tracking_id>
							<cat_item>$!catalogItem.get($!mapEntry.value.get(0).application)</cat_item>
							<description>
								#foreach ($request in $mapEntry.value)
									#if ($request.attributeRequests)
										#if($request.operation == &apos;Create&apos;)
											Lan ID: $provisioningPlan.integrationData.lanID
											Employee Number: $provisioningPlan.integrationData.empNumber
											Email Address: $provisioningPlan.integrationData.email
										#else
											Lan ID: $provisioningPlan.integrationData.lanID
											Employee Number: $provisioningPlan.integrationData.empNumber
											Email Address: $provisioningPlan.integrationData.email
										#end
									Application Name: $request.application
									#foreach ($att in $request.attributeRequests)
										Entitlement/Group/Role/Permission: $att.value
										#if($request.operation != &apos;Create&apos;)
											Account Id : $request.nativeIdentity
										#end
										Action needed: $att.operation access
									#end
									#elseif ($request.permissionRequests)
										For $request.nativeIdentity in application $request.application
										#foreach ($att in $request.permissionRequests)
											$att.operation Right $att.rights on $att.target
										#end
									#else
										$request.operation $request.application nativeIdentity $request.nativeIdentity
									#end
								#end
							</description>
						</item>
						#end
					#end
				#end
			</screqitems>
			</screquest>
			</scr:insert>
			</soapenv:Body>
			</soapenv:Envelope>
			"/>
          </Map>
        </value>
      </entry>
      <entry key="roleSyncHistory"/>
      <entry key="statusMap">
        <value>
          <Map>
            <entry key="-5" value="inProcess"/>
            <entry key="1" value="inProcess"/>
            <entry key="16" value="inProcess"/>
            <entry key="2" value="inProcess"/>
            <entry key="3" value="committed"/>
            <entry key="7" value="failure"/>
            <entry key="8" value="failure"/>
            <entry key="9" value="failure"/>
          </Map>
        </value>
      </entry>
      <entry key="username" value="iiq.integration"/>
    </Map>
  </Attributes>
  <PlanInitializer>
    <Reference class="sailpoint.object.Rule" name="VIS ServiceNow Service Integration Rule"/>
  </PlanInitializer>
  <ManagedResources>
    <ManagedResource>
      <ApplicationRef>
        <Reference class="sailpoint.object.Application" name="Vishal Demo Application"/>
      </ApplicationRef>
    </ManagedResource>
  </ManagedResources>
</IntegrationConfig>


Sample Integration Rule
 
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="VIS ServiceNow Service Integration Rule" type="Integration">
  <Description>
 The rule is used to compute the requested for, opened by and assignmnent queue that needs to be 
 set on the ticket created by IIQ for delimited apps.The provisioning plan and its integrationData 
 object are used by Velocity to populate values in the XML templates for the web service calls.
  </Description>
  <Signature returnType="Object">
    <Inputs>
      <Argument name="identity">
        <Description>
    A sailpoint.object.Identity representing the person being remediated.
  </Description>
      </Argument>
      <Argument name="plan">
        <Description>
    A sailpoint.object.ProvisioningPlan representing remediation.
  </Description>
      </Argument>
      <Argument name="integration">
        <Description>
    A sailpoint.object.IntegrationConfig representing configuration object.
  </Description>
      </Argument>
      <Argument name="context">
        <Description>
    A sailpoint.api.SailPointContext object that can be used to query the database to find the Rule.
  </Description>
      </Argument>
      <Argument name="log">
        <Description>
    A Log object to help report and/or debug the Rule.
  </Description>
      </Argument>
    </Inputs>
  </Signature>
  <Source>
   <![CDATA[ 
   
	 import sailpoint.object.Identity;
	 import sailpoint.object.Filter;
	 import sailpoint.object.Configuration;
	 
	 String applicationName;
	 String openedBy;
	 String requestedFor;
	 String defaultUserOpenedBy = (String) integration.getAttribute("visServiceAcount");
	 List accountRequests = plan.getAccountRequests();
	 Map argument = (Map)plan.getArguments();
	 String planSource = plan.getSource();
	 
		requestedFor = identity.getName();
		openedBy = defaultUserOpenedBy;                         
		argument.put("requestedFor", requestedFor);      
		argument.put("openedBy", openedBy);
		argument.put("lanID", identity.getName());
		argument.put("email", identity.getEmail());
		argument.put("empNumber", identity.getAttribute("employeeNumber"));

	 if(accountRequests != null && accountRequests.size() > 0) {
		AccountRequest accountRequest = accountRequests.get(0);
		applicationName = accountRequest.getApplicationName();  
	 }
		   
	  String visDefaultAssignmentGroup = (String)integration.getAttribute("visDefaultAssignmentQueue");  
	  argument.put("assignmentGroup", visDefaultAssignmentGroup);
  ]]>  
  </Source>
</Rule>