3 Ways To Automate User Lifecycle Management for ServiceNow

May 3rd, 2017   /     /   product and technology

ServiceNow has made a name for itself as a cloud-based solution for IT Service Management (ITSM) and a productivity tool for many types of users, from IT personnel to business leads. Simple, social, and available through any browser, it offers user-friendly service and support tools, and automation of many enterprise IT operations.

OneLogin has supported ServiceNow since 2014, providing SAML Single Sign-On with multi-factor authentication (MFA) and user provisioning. We’re pleased to announce two new enhancements to our ServiceNow support that make life easier for IT admins: provisioning for ServiceNow Express, and Safe Entitlements for ServiceNow.

ServiceNow Express Provisioning

ServiceNow Express is for small- and medium-sized enterprises. Introduced in 2014, it offers a highly standardized ITSM solution that you can rapidly deploy using process templates and definitions, and has minimal configuration and customization requirements. Our ServiceNow Express user provisioning supports create, delete, and update operations, as well as passing of role metadata from OneLogin to ServiceNow for entitlement provisioning.

With this feature, IT admins can now automate user provisioning for ServiceNow Express. This saves a great deal of time, especially when you consider that service desk users need to include all employees. ServiceNow Express is the latest application that OneLogin supports for user provisioning.

To get started with ServiceNow Express provisioning, please see our documentation.

Safe Entitlements for ServiceNow

Often we see our customers start out with manually created roles. For example, a customer might manually define an Admin, which gets access to certain advanced features and permissions in ServiceNow.

But as these companies grow their employee base, and roll out Single Sign-on to more employees, they need to automate placing users into new Roles and assigning users to existing roles. For example, as employees join engineering, accounts are added automatically in engineering applications such as JIRA or GitHub. The problem comes when switching over from manual to automated role maintenance. What happens to your manually created roles in this scenario? Should they get overwritten?

You can imagine the problems that would arise if you get this wrong and, for instance, IT can’t access the the right functionality in ServiceNow to configure new laptops or even to handle ServiceNow tickets.

This is where our new OneLogin Safe Entitlements come into play. Safe Entitlements work by leaving existing assignments ‘as is’ while taking control of any new ones. In the case of Service Now, OneLogin provides Safe Entitlements by leaving any roles users were previously assigned untouched. But as new users and roles are added OneLogin takes control of them in order to automatically manage them. Further, users added to existing roles through OneLogin’s rules engine now fall under OneLogin’s control.

OneLogin Safe Entitlements work for both ServiceNow and ServiceNow Express. See our documentation to get started with ServiceNow Safe Entitlements.

Automated User Lifecycle Management for ITSM

The true power of integrating OneLogin with ServiceNow is in user lifecycle management. It’s one thing to grant permissions to access apps, but another thing to revoke those permissions, for example, if a user leaves the organization. Fortunately, with the combination of ServiceNow and OneLogin, this reverse process can be accomplished automatically. The removal of a user from OneLogin or any external directory like Active Directory or LDAP prompts the instantaneous deprovisioning of the user from applications such as ServiceNow, preventing the user from accessing the application.

Together, ServiceNow and OneLogin offer a powerful combination of administrative controls and functionality. They help IT service management run smoothly, lighten IT staff workloads, enhance user experience for application access, and reinforce security.

Attending Knowledge 17 May 7-11? Come by booth 609 to learn more about this integration and other offerings from OneLogin!

About the Author

John Offenhartz is the Lead Product Owner of all of OneLogin’s integration and development programs. John’s previous experiences cover over twenty years in Cloud-based Development and Product Management with such companies as Microsoft, Netscape, Oracle and SAP.

View all posts by John Offenhartz