Configure ServiceNow with Password Safe Ticket System

The process to configure ServiceNow with Password Safe is as follows:

  • Create the integration user in ServiceNow. This integration user is used to configure the connector and functional account in the next steps.
  • Assign the user the itil role in ServiceNow.
  • Create a ServiceNow ticket system connector in BeyondInsight to your ServiceNow instance.
  • Create a functional account and associate that with the ServiceNow connector.
  • Add the ServiceNow ticket system to Password Safe.

For any tickets being verified, you must ensure the Requestor is populated in the Assigned To field in the ServiceNow web portal. The User ID here must match the Password Safe User ID. Tickets must also be associated with a ticket table extending from the Task table.

Create ServiceNow Ticket System Connector

Follow these steps to create the connector:

  1. In BeyondInsight, go to Configuration > General > Connectors.
  2. From the Connectors pane, click Create New Connector.
  3. Enter a name for the connector.
  1. Select ServiceNow Ticket System from the Connector Type dropdown list.
  2. Click Create Connector.
  3. Enter the following details for your ServiceNow system:
    • Instance URL: Provide the URL for the ServiceNow environment.
    • Table Name (Optional): If applicable, enter the appropriate table name.
    • User ID Mapping: Select the User ID format used in the ServiceNow instance. This validates users in Password Safe are assigned to the ticket in ServiceNow. The options are:
      • User Name
      • User Principal Name
      • Email Address
    • Username and Password: Provide credentials to be used to authenticate with ServiceNow. The credentials are used only on this configuration page. The user must be a member of a role containing an ACL for the sys_choice table value field with Read access.
    • Ticket Field Mappings: Add field mappings to further validate tickets. You can map against Password Safe checkout start and end date and the system being accessed, as well as literal values, which is useful for validating the tickets state. Username is validated separately.
  4. Click Test Connector to ensure connectivity to your ServiceNow server is successful.
  5. Click Create Connector.

Create a Functional Account in Password Safe

Once you have created the connector, follow these steps to create the functional account:

  1. In BeyondInsight, go to Configuration > Privileged Access Management > Functional Accounts.
  2. Click Create New Functional Account.
  1. Select Ticket System from the Entity Type dropdown.
  2. Select ServiceNow from the Platform dropdown.
  3. Enter the Username and Password for ServiceNow. The credentials are the same used when entering ticket details in ServiceNow.
  4. From the Search Connectors dropdown, select the ServiceNow connector (created using the process above).
  5. Enter an Alias and, if required, a Description for the account.
  6. Click Create Functional Account.

Create a ServiceNow Ticket System in Password Safe

With the connector and functional account created, follow these steps:

  1. In BeyondInsight, go to Configuration > Privileged Access Management > Ticket Systems.
  2. From the Ticket Systems pane, click Create New Ticket System.
  1. Select ServiceNow Ticket System from the Platform dropdown menu.
  2. Select the functional account from the dropdown menu (created using the process above).
  3. Enter a Name for the system.
  4. If desired, enter a Description, Access Policy Certificate Code Name, and Access Policy Code.
  1. Enable the options for features you want. Options are:
    • Auto Approve on Ticket Number Validation
    • Enable Emergency Approval Without Ticket Number
    • Make Ticket System the Default
  2. Click Create Ticket System when done.

The Access Policy Certificate Common Name and Access Policy Code fields are not used.