ServiceNow User Request Integration
You can configure a new message type in Privilege Management Cloud that allows end users to raise a request for access to an application or installer directly in ServiceNow. This ticket can then be reviewed and approved (or denied) in ServiceNow.
On the next check-in from the endpoint to Privilege Management Cloud, this exception is automatically applied and the end user is approved to perform their action. (Or if the Service Desk operator denied the request, the user is not allowed to continue the action).
Typically an endpoint checks in with Privilege Management Cloud every 60 minutes, and receives any ticket decisions at this point. If you want to get the update immediately to the endpoint, you can attempt to launch the application again to get an immediate update of that request.
The screen capture shows an example of how the ServiceNow user request message appears to the end user.
All Privilege Management configuration occurs in the Privilege Management Cloud application.
For more information, please see "ServiceNow User Request Integration" in the Privilege Management Cloud Administration Guide.
Restrict Access to Applications
In the ServiceNow authorization request workflow, you can restrict access to application requests. On an approved request, Help Desk can set a time limit in the ServiceNow ticket. The time limit is the length of time the user can use the application before the approval automatically expires.
Duration can be selected on the Application, Policy, or Decision tab.
Access time limit can be one of the following:
- Once: Permits access to the application only one time.
- Hour: Enter the number of hours the user will be permitted access, between 1 and 24.
- Day: Enter a day between 1 and 31.
- Forever: Access to the application never expires.
Select Approve after the duration is selected.
After the time expires, the user can no longer access that application. The user must go through the request workflow again with the Help Desk personnel approving and selecting a duration time for access.
Duration settings are included in the authorization auditing.
When using the duration settings to restrict access, a message displays to the end user indicating the request must be approved on the ticket in ServiceNow. The user must select a reason and click Request to proceed with the authorization.
A pending message displays to the end user until a decision on their request is made in ServiceNow.
The end user can click the request reference link to view the status on their ServiceNow ticket.