ServiceNow Workflows with Privilege Management

There are three workflows you can use with Privilege Management for Windows and ServiceNow integration:

  • Challenge Response: This is the default, out-of-the-box configuration discussed earlier in this guide. The button on the lower-left of the dialog box reads Enter Response Code or your chosen wording so users can enter their Challenge Response Code when it is provided to them. Or, they can enter their business justification to raise an incident in ServiceNow if they do not have a Challenge Response Code.
  • Run as Designated User: The button on the lower-left of the dialog box reads Login as Other User, so you can provide your end user with administrator credentials or type them in. Alternatively, they can enter their business justification to raise an incident in ServiceNow if they don't have the required credentials.
  • No option: The button on the lower-left is removed so your end users can only enter their business justification and raise an incident in ServiceNow.

For each of these options, you need to configure an appropriate message to make sure your users have the correct experience if the Default rule is run.

To change the behavior of the integration for each of these workflows, you need to edit the ServiceNowSettings.json file.

Settings files are encrypted at the endpoint and must be encoded in UTF-8.

Edit the Settings File

You need to edit the ServiceNowSettings.json file to change the workflow you want to use.

All associated rules with the same Power Rules script will inherit the changes you make. You do not need to edit the settings file multiple times.

To edit the ServiceNowSettings.json file:

  1. In the Edit Application Rule dialog box, select Manage Scripts from the Run a Rule Script dropdown list.

Image showing Rule Scripts to edit ServiceNowSettings.json file

  1. Click Settings on the bottom-right of the dialog box.

 

  1. Locate the Misc section. Within Misc, locate the DefaultRule setting. For the recommended ServiceNow workflow, this is set to ChallengeResponse. However, you can change it here:
    • ServiceNow and Challenge / Response (Default Workflow): Provides the user with an option to enter a Privilege Management Response Code.
    • ServiceNow and Designated User Must Authorize: Provides the user with an option to enter designated user credentials.
    • ServiceNow Only: User can only submit an incident to ServiceNow or cancel their request.
  2. Click Save.

ServiceNow and Challenge / Response (Default Workflow)

This is the default and recommended configuration for the ServiceNow integration.

ServiceNowSettings.json Configuration

"Misc": {
    "_comment": "DefaultRule - Should be DesignatedUserMustAuthorize, ChallengeResponse, or empty.",
    "DefaultRule": "ChallengeResponse"
},

User Experience

The Submit Incident Report dialog box looks similar to the one shown here depending on other settings:

  • Enter Response Code: The user clicks the button and enters a Privilege Management code to run the application.

Image showing example integration scenario with ServiceNow

  • Submit Report: The user clicks the button to submit an incident to ServiceNow.

 

Message

Configure a message for Challenge / Response to ensure the end user can enter their challenge code to run the application.

ServiceNow and Designated User Must Authorize

This is an alternative configuration that allows your users to enter Designated User Credentials instead of a Challenge Response Code.

ServiceNowSettings.json Configuration

"Misc": {
    "_comment": "DefaultRule - Should be DesignatedUserMustAuthorize, ChallengeResponse, or empty.",
    "DefaultRule": "DesignatedUserMustAuthorize"
},

User Experience

Image showing example integration with ServiceNow with callouts.

The Submit Incident Report dialog box looks similar to the one shown here depending on other configuration.

 

Message

Configure a message for Designated User Must Authorize to ensure the end user can enter the designated user credentials and run the application.

ServiceNow Only

This is an alternative configuration that means the user can only submit an incident to ServiceNow or cancel their request.

ServiceNowSettings.json Configuration

"Misc": {
    "_comment": "DefaultRule - Should be DesignatedUserMustAuthorize, ChallengeResponse, or empty.",
    "DefaultRule": ""
},

User Experience

Image showing integration example with ServiceNow with business justifications rule in place

The Submit Incident Report dialog box looks similar to the one shown here, depending on other configuration.

The user can enter a business justification and click Submit Report to send an incident to ServiceNow.

 

Message

The end user is presented with a text box to enter their business justification for the task they are trying to perform. There is no option to run the Default rule for the end user.