ServiceNow User Request Integration

You can configure a new message type in Privilege Management Cloud that allows end users to raise a request for access to an application or installer directly in ServiceNow. This ticket can then be reviewed and approved (or denied) in ServiceNow.

On the next check-in from the endpoint to Privilege Management Cloud, this exception is automatically applied and the end user is approved to perform their action. (Or if the Service Desk operator denied the request, the user is not allowed to continue the action).

Typically an endpoint checks in with Privilege Management Cloud every 60 minutes, and receives any ticket decisions at this point. If you want to get the update immediately to the endpoint, you can attempt to launch the application again to get an immediate update of that request.

All Privilege Management configuration occurs in the Privilege Management Cloud application.

For more information, please see ServiceNow User Request Integration in the Privilege Management Cloud Administration Guide

Restrict Access to Applications

In the ServiceNow authorization request workflow, you can restrict access to application requests. On an approved request, Help Desk can set a time limit in the ServiceNow ticket. The time limit is the length of time the user can use the application before the approval automatically expires.

Under the Application, Policy, or Decision tab, select a Duration.

ServiceNow Duration settings for PM Cloud tickets

Access time limit can be one of the following:

  • Once: Permits access to the application only one time.
  • Hour: Enter the number of hours the user will be permitted access, between 1 and 24.
  • Day: Enter a day between 1 and 31.
  • Month: Enter a month between 1 and 12.

Click Approve.

 

ServiceNow and PM Cloud authorization request workflow with duration set

After the time expires, the user can no longer access that application. The user must go through the request workflow again, with the Help Desk personnel approving and selecting a duration time for access.

Duration settings are included in the authorization auditing.

 

The Mac client shows an Authorization Request Approved notification.

The client checks an application's authorization access when the end user attempts to run the program. If the duration settings have been correctly configured, a message appears indicating the outcome of the ServiceNow request. The user receives a new message indicating that the application has been either Denied or Approved once the policy has been updated or when they attempt to run the application again.

 

The Mac client shows an Authorization Request Pending notification.

A pending message displays to the end user until a decision on their request is made in ServiceNow.

To view the status on their ServiceNow ticket, the end user can click the request reference link.