Configure Integration Between Oracle Access Governance and ServiceNow User Management (UM)
Prerequisites
Before you install and configure a ServiceNow User Management (UM) Orchestrated System, you should consider the following prerequisites and tasks.
- Check that your ServiceNow (UM) system is certified with Oracle Access Governance by referring to Components Certified for Integration with Oracle Access Governance for details of the versions supported.
- The ServiceNow Oracle Access Governance for User Management application must be installed from the ServiceNow store before creating your orchestrated system. Install this application in your ServiceNow instance as per the instructions given in Install a ServiceNow Store application. For details specific to the Oracle Access Governance for User Management application, refer to the ServiceNow Application Installation and Configuration Guide .
Configure
You can establish a connection between ServiceNow (UM) and Oracle Access Governance by entering connection details. To achieve this, use the orchestrated systems functionality available in the Oracle Access Governance Console.
Navigate to the Orchestrated Systems Page
The Orchestrated Systems page of the Oracle Access Governance Console is where you start configuration of your orchestrated system.
- From the Oracle Access Governance navigation menu icon
, select Service Administration → Orchestrated Systems.
- Click the Add an orchestrated system button to start the workflow.
Select system
On the Select system step of the workflow, you can specify which type of system you would like to integrate with Oracle Access Governance.
You can search for the required system by name using the Search field.
- Select ServiceNow User Management.
- Click Next.
Add details
Add details such as name, description, and configuration mode.
- Enter a name for the system you want to connect to in the Name field.
- Enter a description for the system in the Description field.
- Determine if this orchestrated system is an authoritative source, and if Oracle Access Governance can manage permissions by setting the following checkboxes.
- This is the authoritative source for my identities
- I want to manage permissions for this system
- Click Next.
Add Owners
Add primary and additional owners to your orchestrated system to allow them to manage resources.
Note:
When setting up the first Orchestrated System for your service instance, you can assign owners only after you enable the identities from the Manage Identities section.- Select an Oracle Access Governance active user as the primary owner in the Who is the primary owner? field.
- Select one or more additional owners in the Who else owns it? list. You can add up to 20 additional owners for the resource.
Account settings
Outline details of how to manage account settings when setting up your orchestrated system including notification settings, and default actions when an identity moves or leaves your organization.
- Select whether to allow Oracle Access Governance to create accounts when a permission is requested, if the account does not already exist. By default this option is selected meaning that an account will be created if it does not exist, when a request for a permission is made. If the option is unselected then permissions can only be provisioned where the account already exists in the orchestrated system. If permission is requested where no user exists then the operation will fail.
-
Select where to send notification emails when an account is created. The default setting is User. You can select one, both, or none of these options. If you select no options then notifications will not be sent when an account is created.
- User
- User manager
- When an identity leaves your enterprise you should remove access to
their accounts. You can select what to do with the account when this happens.
Select one of the following options:
- Delete
- Disable
- No action
Note:
The options above are only displayed if supported in the orchestrated system type being configured. For example, if Delete is not supported, then you will only see the Disable and No action options. - When all permissions for an account are removed, for example when
moving from one department to another, you may need to adjust what accounts the
identity has access to. You can select what to do with the account when this
happens. Select one of the following options:
- Delete
- Disable
- No action
Note:
The options above are only displayed if supported in the orchestrated system type being configured. For example, if Delete is not supported, then you will only see the Disable and No action options. - If you want Oracle Access Governance to manage accounts created directly in the orchestrated system you can select the Include accounts that are not created by Access Governance option. This will reconcile accounts created in the target system and will allow you to manage them from Oracle Access Governance.
Note:
If you do not configure your system as a managed system then this step in the workflow will display but is not enabled. In this case you proceed directly to the Integration settings step of the workflow.Note:
If your orchestrated system requires dynamic schema discovery, as with the Generic REST and Database Application Tables integrations, then only the notification email destination can be set (User, Usermanager) when creating the orchestrated system. You cannot set the disable/delete rules for movers and leavers. To do this you need to create the orchestrated system, and then update the account settings as described in Configure Orchestrated System Account Settings.Integration settings
Enter details of the connection to your ServiceNow system.
-
On the Integration settings step of the workflow, enter the details required to allow Oracle Access Governance to connect to your ServiceNow system.
Table - Integration settings
Parameter Name Mandatory? Description What is the host of servicenow? Yes The URL to access your ServiceNow system, for example https://yourinstance.service-now.com.What is the port of servicenow? Yes The port number of your ServiceNow system. What is the username for servicenow authentication? Yes The username you will use to connect to the ServiceNow instance you want to integrate with. What is the password for servicenow authentication? Yes The password for the integration user you will use to connect to the ServiceNow instance you want to integrate with. What is the authentication server URL to validate the client? Yes URL of the authentication server that validates the client ID and client secret for the ServiceNow system. What is the servicenow client Id of OAuth authentication? Yes The client identifier (a unique string) issued by the authorization server to your domain while registering your client application with the ServiceNow system. What is the servicenow client secret of OAuth authentication? Yes The value used to authenticate the identity of your domain. This value is generated while registering your client application with the ServiceNow system. - Click Add to create the orchestrated system.
Finish Up
Finish up configuration of your orchestrated system by providing details of whether to perform further customization, or activate and run a data load.
The final step of the workflow is Finish Up.
- Customize before enabling the system for data loads
- Activate and prepare the data load with the provided defaults
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.