Saviynt Forums

ejeong · ‎10/27/2022

Hello

We are considering to create snow tckets for each remove access tasks created by campaign for disconnected app.

When ticket status is changed to completed, we would like to update task status to COMPLETE.

Can anyone tell me procedure how create ticket task is created to make api call to ServiceNow? I want to understand how it is actually working. Its hard to have full flow picture by reading docs only.

Thanks!

Abhishek · ‎10/28/2022

For this integration, you'll need to use REST connector.

Establish connection with SNOW using connection JSON by acquiring integration user account and password from SNOW team.

Add that connection to your Security System as Service desk connection.

you'll need the details for only 2 fields to carry out this task i.e., TicketstatusJSON (To reconcile status of ticket from SNOW to Saviynt) and CreateTicketJSON

Sample TicketstatusJson:

This call gets executed if you execute wsretry which will try to look for ticket status at SNOW side and if ticket is closed, it will update the same in Saviynt and will close complete the task.
{
"call": [{
"name": "call1",
"connection": "userAuth",
"url": "https://xxxxxxxxx.service-now.com/api/now/table/sc_req_item?sysparm_query=number=${ticketID}&sysparm...",
"httpMethod": "GET",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"ticketStatusPath": "result[0].state",
"ticketStatusValue": [
"Resolved", "Closed","Completed","Closed Complete"
],
"disContinueStatusValue":[
"Closed Incomplete","Canceled"
],
"successResponses": [{"ticket.status": "${ticketStatusValue}"}]
}]
}

Sample CreateTicketJson:

here Call1 is creating REQ and Call2 is creating RITM for that same REQ.

It depends upon customer to customer, May be in your case on REQ will suffice. You can work according to your requirements.

Go through call1 details below to understand how conditions can be called based on your requirements.

{
"accountIdPath": "call2.message.result.number",
"responseColsToPropsMap": {
"user.customproperty60": "call1.message.result.number~#~char"
},
"call": [{
"name": "call1",
"connection": "userAuth",
"url": "https://xxxxxxxxxx.service-now.com/api/now/table/sc_request",
"httpMethod": "POST",
"httpParams": "{\"opened_by\":\"${user.firstname} ${user.lastname}\",\"requested_for\":\"${if(user.email!=null){user.email}}\",\"assignment_group\":\"${endpoint.customproperty6}\",\"short_description\":\"This request has been created from Saviynt Security Manager IAM system\",\"description\":\"${if(task.tasktype==1 || task.tasktype==3){' Please set up ' +task.endpoint?.displayName +' record with Account Name as '+task.accountName+' along with access '} else if(task.requestKey==null && task.source!='CERTIFICATION') {'Remove the account and access for '+user.username+' as the user has been terminated in HR. Details to be removed '} else if (task.requestKey==null && task.source=='CERTIFICATION' && task.tasktype==2){'This is request for Remove Access as part of Access Review for account '+task.accountName + ' and details to be removed are '} else {' Please remove ' +task.endpoint?.displayName +' record with Account Name as '+task.accountName+' along with access '}} for \\\\nApplication: ${task.endpoint?.displayName} ${if(reqAttrs!=null && reqAttrs.get('customproperty6')!=null){'\\\\nModule name:'+reqAttrs.get('customproperty6')}else {''}} \\\\nEntitlements:\\\\n${allEntitlementsValues} \\\\nuser_displayname:${user.displayname} \\\\nuser_email:${user.email} \\\\nRequestID:${if(task.requestKey!=null){task.requestKey?.processinstanceid?.substring(task.requestKey?.processinstanceid?.indexOf('.') + 1, task.requestKey?.processinstanceid?.length())}else if(task.requestKey==null){task.id}}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"ticketidPath": "result.number",
"ticketStatusPath": "result.state",
"ticketStatusValue": ["Open", "OPEN", "open"],
"unsuccessResponses": {
"message": ""
}
}, {
"name": "call2",
"connection": "userAuth",
"url": "https://xxxxxxxx.service-now.com/api/now/table/sc_req_item",
"httpMethod": "POST",
"httpParams": "{\"assignment_group\":\"${endpoint.customproperty6}\",\"description\":\" this is approved access request \" ,\"opened_by\":\"${user.firstname} ${user.lastname}\",\"active\":true,\"cat_item\":\"${if(task.tasktype==2) {'Saviynt Remove Access'} else {'Saviynt Add Access'}}\",\"u_category\": \"Identity Management\",\"u_subcategory\" :\"Access Request\" ,\"request\":\"${response.call1.message.result.number}\",\"short_description\":\"Access Request created from Saviynt Security Manager IAM system for application \"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"ticketidPath": "result.number",
"ticketStatusPath": "result.state",
"ticketStatusValue": ["Open", "OPEN", "open","1"],
"unsuccessResponses": {
"error.message": "Operation Failed"
}
}]
}

above solution works in 5.5 SP 3.10/3.11/3.12

And obviously, to implement above solution, you'll need to work with SNOW team to understand closely as to what additional configuration will be needed to SNOW side whether creation of objects cat_item, u_subcategory etc....

ejeong · ‎10/28/2022

Thanks that gave me a lot of ideas.

If i want do create ticket for disconnected app and task created by certification only, should i add "if -else" condition in Url? Else condition should have blank value. Or is there a way we can make saviynt not attempt to make tickets for connected apps?

Also what flow to get ticket status updated? By application data import of all ticket?

rushikeshvartak · ‎10/30/2022

Yes you need to use if else or ternery operators

For ticket creation / other option updste etc system automatically create ticket using wsretry

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

Snow as ticket system