Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
64 views

Integration of ServiceNow With Azure Cloud

Uploaded by

Ishanth Swaroop
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
64 views

Integration of ServiceNow With Azure Cloud

Uploaded by

Ishanth Swaroop
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Integration of ServiceNow with Azure

Cloud: Automating User Creation


Introduction:
In modern IT environments, seamless integration between service management platforms like
ServiceNow and cloud services such as Azure is crucial for efficient operations. This integration
ensures that user management tasks are synchronized, reducing manual effort and enhancing
security and compliance.

Use Case Scenario


Scenario: When a new user is created in ServiceNow, a corresponding user account is automatically
provisioned in Azure Active Directory (Azure AD). This ensures that users have access to Azure
resources based on their roles and permissions managed through ServiceNow.

Integration Steps
1. Pre-requisites

• Azure AD Setup:

o Ensure you have an Azure AD tenant set up with the necessary subscriptions and
permissions to manage users.

o Have administrative access to ServiceNow and Azure AD.

• ServiceNow Configuration:

o Access to ServiceNow with administrative privileges to configure outbound


integrations.

2. Integration Configuration

• Azure Configuration

o Access Azure Portal:

1. Log in to the Azure Portal.


o Create or Select App Registrations:

1. Navigate to "Azure services" and select "App Registrations."


2. Create a new app registration or select an existing one.

o Obtain Client ID, Client Secret and Tenant ID:

1. Once inside the app, note down the "Client ID" (Application ID).
2. Remember that the "Tenant ID" is common for the ServiceNow instance
3. In the app settings, go to "Certificates & secrets."
4. Create a new client secret with a description and expiration.
5. Store the generated client secret securely.[Important]
o Add API Permissions:

1. Navigate to "API permissions" within the app settings.

o Add Microsoft Graph Permissions:

1. Click "Add a permission" > "Microsoft Graph."


2. Choose "Delegated permissions"
3. Go to user and add "User.ReadWrite.All" permission.
4. Go to Directory and add “Directory.ReadWrite.All” permission.

5. After adding the required permission, click on to the “Grant admin consent for default
directory”.

o Configure Redirect URL:

1. Move to the "Authentication" tab.


2. In the "Redirect URIs" section, add your ServiceNow instance URL followed by
"/oauth_redirect.do" or the appropriate path. Eg- https://<instance-url>/oauth_redirect.do

o Complete Configuration:
1. Save your changes and ensure all required configurations are completed on the Azure portal
side.

• ServiceNow Configuration

o Create Connections

1. Go to "Application Registry" in ServiceNow.


2. Create a record for the Azure AD Rest connection:
3. Name: Choose a name (e.g., Azure AD Rest).
4. Client ID: Use the Azure Client ID.
5. Client Secret: Use the Azure Client Secret.
6. Grant Type: Authorization Code.
7. Token URL: Replace Tenant ID with the tenant id captured from the azure application and
add it to the url -- https://login.microsoftonline.com/<TentantID>/oauth2/token
8. Redirect URL: Use the Servicenow instance URL followed by oauth_redirect.do
eg. https://<instance-url>/oauth_redirect.do
9. Save the record.

Note:- Use your App Registration’s Client Id and Client Secret which was copy from app registration.

o OAuth Entity Scopes Table

1. Name: Choose a name (e.g., Azure Scope).


2. Provider: Use the Azure application registry record which we created in first step
3. Scope: Use the provided scope in documentation - https://graph.microsoft.com/.default
o OAuth Entity Profile Scope Table

1. Profile: Choose the default Graph profile as referred to in the Step - Verify OAuth Entity
Profile Table
2. Scope: Choose the Graph scope created in the OAuth Entity Scopes configuration

• REST Message

o Create REST Message

1. Go to "REST Message" module in ServiceNow.


2. Create a record for the Azure AD Rest connection:
3. Name: Choose a name (e.g., AzureServicenowRest).
4. Endpoint: https://graph.microsoft.com
5. Authentication: Go to the Authentication tab and select Authentication Type – oauth2.0 and
oauth Profile- select your oauth profile(eg. AzureServicenowIntegration default_profile).
Click here to get the Authentication token, It will redirect to the azure
portal.

6. After hitting on the related link (Get Oauth Token) you will be redirect to the azure portal and got
the token.

o Create HTTP Method

1. We will test for getting all the users from Azure AD with GET method.
2. By Clicking on the new button in the HTTP Method section we can create methods.
3. Name: Name of your Method
4. HTTP Method: Method name (eg. POST, GET,PUT,DELETE,PATCH)
5. Endpoint: Complete URL of the graph api: https://graph.microsoft.com/v1.0/users
6. Click on to the Test Related Link
Click here to test your API for fetch all the users from Azure AD

o POST Method for create User


1. We will create POST method for creating the users in Azure AD.
2. By Clicking on the new button in the HTTP Method section we can create methods.
3. Name: Name of your Method
4. HTTP Method: Method name (eg. POST)
5. Endpoint: Complete URL of the graph api: https://graph.microsoft.com/v1.0/users
6. HTTP Request Tab: click on the HTTP Request Tab and add Content-Type as application/json
7. Content: write the payload

{
"accountEnabled": true,
"displayName": "${displayName}",
"mailNickname": "${mailNickname}",
"userPrincipalName":
"${userPrincipalNameSuffix}#EXT#@deepchauhan9758gmail.onmicrosoft.com",
"mail":"${mail}",
"surname":"${surname}",
"givenName":"${givenName}",
"mobilePhone":"${mobilePhone}",
"department":"${department}",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}
8. Click on to the “Auto Generated Variables” related link
Write down your user principal
name which is mentioned in
your azure portal.

click here to generate the variables for dynamic


value

o Create Business Rule

1. Go to the Business Rule Table: sys_script


2. Create new business rule: After insert BR
3. Name: (Any BR name)
4. When to run: After, insert
5. Advance: checked (do check for write the script)
6. Write down the script:
o Testing for create User

1. Go to the user Table: sys_user and create a new user

2. After fill all required field click on the submit button.


3. A new user will be create in azure AD.
• Conclusion: Integrating Azure Portal with ServiceNow and creating a user in Azure AD through this
integration allows organizations to streamline their IT operations and enhance user management processes.
By leveraging ServiceNow's capabilities alongside Azure AD's robust user management features, businesses
can achieve:

o Centralized Management
o Efficiency and Automation
o Enhanced Security
o Improved User Experience
o Analytics and Reporting

integrating Azure Portal with ServiceNow for user management in Azure AD represents a strategic
investment in IT efficiency, security, and user experience, enabling organizations to better align their digital
operations with business objectives.

You might also like