One of the standard integration points with Okta Identity Governance (OIG) Access Requests is to log a ticket of an access request in an ITSM tool like ServiceNow. This article explores the integration between OIG Access Requests and ServiceNow.
Article contents:
Overview of Integration
The primary focus of the Okta Identity Governance (OIG) Access Requests function is to present workflows for users to request access, and optionally have some review/approval mechanism, before applying access changes to entitlements in Okta (such as group memberships or application assignments). It can also integrate with ITSM/ticketing tools, like ServiceNow and Jira, to log tickets. This is shown in the following figure.
Why would you need to integrate with a ticketing system if OIG Access Requests is providing the service catalog and access request workflows (that could also be done in a tool like ServiceNow)? You probably wouldn’t. If you are already using ServiceNow to expose an access catalog and have access request flows, you’re probably not going to also use OIG Access Requests for the same function.
But there are use cases where it makes sense to log a ticket on the back of an OIG Access Request flow, such as when all change must be logged in the ticketing tool for audit or reporting purposes. OIG Access Requests has integration with Jira and ServiceNow for that use case. The remainder of this article will look at the ServiceNow integration.
ServiceNow Integration Setup
OIG Access Requests has four integrations currently: Slack, Jira and ServiceNow, and Okta itself (Microsoft Teams is planned to be available at GA). Each is configured in the Settings page in the Access Request interface.
The first time you click the Connect button for ServiceNow you are prompted to enter the ServiceNow Instance ID, Client ID and Client Secret. The OIG product documentation describes how to setup for OAuth and get the Client ID and Secret.
With the connection established, you need to assign Teams and the Actions (one only in this case) for the connection. This is the same as you would have done for the Okta connection.
With this done, you’re ready to add the ServiceNow Create request action to a flow.
Adding ServiceNow Ticket Creation to a Flow
For this example, I’m going to add a ServiceNow action to an existing workflow. At the bottom of the workflow builder screen, there are new actions available as shown below.
Selecting ServiceNow > Create request will add the [ServiceNow] Create request action to the flow.
There are two arguments (fields) for this action, Requested for (who the ticket is being logged for) and Assignment group (group in ServiceNow who will own the ticket).
The assignment groups were pulled from the ServiceNow instance when the connection was made and stored in a Configuration item list called Assignment groups. The appropriate group is selected and assigned to the Assignment group field.
Note that this means that if you want to assign the ticket to different teams, you may need different workflows, or a workflow with appropriate Logic to call different actions with different Assignment groups.
The configured action is shown below.
Finally, some logic is added so it will only run if the request was approved by the manager and the Okta provisioning step completed.
This flow is now ready to run.
Executing the Flow
The workflow appears in the relevant users App Catalog.
The flow runs, with approval and provisioning steps, then runs the Log Ticket in SNow step. You can see the request number in the flow results (which is a link to the ticket in ServiceNow).
Checking ServiceNow, the new request has appeared in the Requests list.
Within the request, we can see the Requested for field is populated (this is the Requested for field in the Access Requests action). The Description field contains all of the information from the request flow in Access Requests. The Short description is the name of the workflow in Access Requests.
Thus was have created a ticket in ServiceNow from the request flow in Access Requests.
Conclusion
Okta Identity Governance Access Requests has the ability to log tickets in ITSM tools like ServiceNow and Jira. This article has shown how to configure the integration and how to add an action to create a ServiceNow ticket within an access request workflow.
One thought on “Integrating ServiceNow with OIG Access Requests”