Skip to main content

Preparation

Before you can target ServiceNow, you must:

  1. Set up a target system administrator.

  2. Create at least one template account for account creation operations.

  3. Import the Bravura Security Update Set into ServiceNow.

  4. Assign the target system administrator the Bravura Security role.

  5. Ensure that the Bravura Security Fabric psadmin account is allowed to access ServiceNow IT Service Management Suite site via HTTPS.

Setting up a target system administrator

Bravura Security Fabric uses a designated account on ServiceNow IT Service Management Suite to perform Bravura Security Fabric operations. Create an account with appropriate permissions if one does not already exist.

  1. As an administrator, use a browser to log into ServiceNow IT Service Management Suite web site.

  2. In the left pane, click User Administration.

  3. Click Users.

  4. Select the user you want to promote.

  5. Click Edit next to Roles.

  6. Select admin > Add.

  7. Click Save.

In order to use the ServiceNow REST API architecture, an OAuth API endpoint for external clients must be created in addition to the target administrator.

  1. As an administrator, use a browser to log into the ServiceNow IT Service Management Suite website.

  2. In the left pane, navigate to System OAuth.

  3. Click Application Registry.

  4. Click New.

  5. Click the Create an OAuth API endpoint for external clients link.

  6. Add the details for the Name and Client Secret. Copy the Client ID for future usage.

  7. Click Submit.

  8. When adding the OAuth credentials to the target, the Client ID is entered as the Administrator ID and the Client Secret is entered as the Password . These OAuth credentials must be designated as the System password .

Notes on ServiceNow admin roles

In ServiceNow, permissions are controlled through a combination of roles. Access Control Rules (ACLs), and sometimes specific properties within the application. For example, if you want to allow a user to only view accounts and change passwords, you will need to configure the permissions accordingly, focusing on the user table (often sys_user) and associated records. The following is a summary of steps:

  1. Viewing Accounts: Users typically need the "itil" role or a custom role with read access to the user table (often "sys_user"). Configure ACLs to grant read access to necessary fields within user records.

  2. Changing Passwords: While typically restricted to users with admin or elevated privileges, you can create custom roles and ACLs to allow specific users to change passwords without full admin rights:

    1. Create a custom role (e.g., "password_admin") with permissions to change passwords.

    2. Configure ACLs on the user table to allow users with this role to update the password field. Be cautious, as this permission can pose security risks.

    3. Ensure ACLs restrict access to other fields and system areas.

    4. Provide user training on the responsibilities and security implications of changing passwords.

Always test configurations in a development or test instance before applying them to production to avoid unintended access issues. For more detailed instructions tailored to your version and setup, consult ServiceNow documentation or community forums.

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new accounts in ServiceNow IT Service Management Suite. The following example illustrates how you can create a template account in ServiceNow IT Service Management Suite:

  1. As an administrator, use a browser to log into ServiceNow IT Service Management Suite web site.

  2. In the left pane, click User Administration.

  3. Click Users.

  4. Click New.

  5. Fill in the required fields: User ID, First name, Last name.

  6. Click Submit.

Import the Bravura Identity Update Set into ServiceNow

Before you import the Bravura Identity Update Set, you must back out any previously imported Bravura Identity Update Sets:

  1. Log into ServiceNow IT Service Management Suite.

  2. Click System Update Sets.

  3. Select "Bravura Identity".

  4. Click Back Out.

    "Elevated security Admin" permissions are required to do this.

  5. Delete the Bravura Identity Update Set.

If there is an application with same name as "Bravura Identity", it is recommended to change it.

More information on the back out process can be found in section 5 of the following link:

http://wiki.servicenow.com/index.php?title=Transferring\_Update\_Sets#gsc.tab=0

Import the Update Set

  1. Locate Bravura_Identity_Integration.xml shipped with connector pack installed together with svcnow.exe. The location will be:

    • <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ agent

      or

    • <Program Files path>\Bravura Security\Connector Packs\global\ agent

  2. Log into ServiceNow IT Service Management Suite with an admin account.

    Ensure the admin account is elevated to Security_Admin by checking the "lock" symbol in the left-top corner. If the lock symbol is open, the account is elevated. If the lock is closed, click it to elevate.

  3. Navigate to System Update Sets > Retrieved Update Sets > Import Update Set from XML.

  4. Choose the Bravura_Identity_Integration.xml file located previously, and click Upload.

    The Retrieved Update Sets page displays "Loaded" for the Bravura Identity item.

  5. Select the "Bravura Identity" row.

  6. Click Preview Update Set.

  7. If no problems were detected, click Commit Update Set.

To confirm the import was successful:

  • In the left panel type in "Bravura" in the Filter text field.

    "Bravura Identity" will appear, and below this, the menu, "Bravura Security users" will appear, if the import was successful.

The steps for importing the Update Set from XML can be found in Section 3 of the following:

http://wiki.servicenow.com/index.php?title=Transferring\_Update\_Sets#gsc.tab=0

Assign the Bravura Security Role

As part of the import, a new role called x_snc_bravura_iden.Bravura_Security_Role is imported. This role has the appropriate permissions required to utilize the Bravura Security web services, which integrates with the agtsvcnow agent program to enable operations.

It is recommended that you configure the target system administrator account to use this role, as opposed to the admin role.

  1. As an administrator, use a browser to log into ServiceNow IT Service Management Suite web site.

  2. In the left pane, click User Administration.

  3. Click Users.

  4. Select the user you used as the target system administrator.

  5. Click Edit next to Roles.

  6. Select x_snc_bravura_iden.Bravura_Security_Role. > Add.

  7. Click Save.

    If the Bravura Security Role does not appear in the list on on the left hand side, set the filter as: Name Contains "Bravura".

Ensuring psadmin access

Ensure that the Bravura Security Fabric psadmin account is allowed to access the ServiceNow site via https:

  1. As psadmin, log into the server where Bravura Security Fabric resides.

  2. Using a browser, access your ServiceNow IT Service Management Suite site via https (for example; https://dev00001.service-now.com) and add it as a trusted site.

In this section: