cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ServiceNow Activity Tracking

dwampach1
Level 7 Flexeran
Level 7 Flexeran
0 0 229

Flexera SaaS Management’s integration with ServiceNow and ServiceNow OAuth2 now tracks all user activity and the time the activity occurred. Software Asset Managers can now identify whether users with ServiceNow Approver and Fulfiller (ITIL) licenses are using the paid aspects of their licenses and are delivering services to requesters or approving requests within the appropriate time period.

Some examples of tracked ServiceNow user activity include, but are not limited to, the following:

  • Request Approved
  • Request Updated
  • Request Inserted
  • Incident Updated
  • Incident Inserted
  • Incident Inactive
  • Problem Inserted

Actions Required for Existing SaaS Management Integrations with ServiceNow and ServiceNow OAuth2

If you currently have a ServiceNow or a ServiceNow OAuth2 integration with Flexera’s SaaS Management, complete the following tasks to track user events and the time the events occurred. For further details, refer to the ServiceNow or ServiceNow OAuth2 integration instructions.

Actions Required for New SaaS Management Integrations with ServiceNow and ServiceNow OAuth2

You need to complete the following tasks to integrate ServiceNow or ServiceNow OAuth2 with SaaS Management. For further details, refer to the ServiceNow or ServiceNow OAuth2 integration instructions.

Enabling the SaaS Management Application Access Integration Task

To track ServiceNow and ServiceNow OAuth2 user activity and the time the activity occurred, you need to enable the SaaS Management Application Access integration task per the appropriate instructions:

Note • During the first run of the Application Access task, Flexera pulls data for only the last 6 days.

Minimum Permissions Required for ServiceNow

Role Description Integration Task Name
admin, snc_read_only These roles are required for retrieving the ServiceNow users and their activities. For details, refer to the Base System Roles section of the ServiceNow documentation.

Application Roster

Application Access

admin

This role is required to:

  • Retrieve the ServiceNow users and their activities
  • Manage user licenses for the Reclamation task.

For details, refer to the Base System Roles section of the ServiceNow product documentation.

Application Roster

Application Access

Reclamation

Minimum Permissions Required for ServiceNow OAuth2

Role Description Integration Task Name
admin, snc_read_only These roles are required for retrieving the ServiceNow users and their activities. For details, refer to the Base System Roles section of the ServiceNow documentation.

Application Roster

Application Access

admin

This role is required to:

  • Retrieve the ServiceNow users and their activities
  • Manage user licenses for the Reclamation task.
  • Register the Client Application
  • Generate the Client ID and Client Secret in ServiceNow.

For details, refer to the Base System Roles section of the ServiceNow documentation.

Application Roster

Application Access

Reclamation

Enabling ServiceNow and ServiceNow OAuth2 User Role Permissions

Follow the steps below to enable the correct ServiceNow and ServiceNow OAuth2 user role permissions for an existing SaaS Management integration with ServiceNow.

Task: To enable the correct user role permissions for an existing SaaS Management integration with ServiceNow, determine whether License Differentiation is enabled.

  1. When License Differentiation is enabled for an existing SaaS Management integration with ServiceNow added using itil and snc_read_only permissions:
    1. If you want to enable only the Application Roster and Application Access tasks, you are required to elevate the user role to admin and snc_read_only.
    2. If you want to enable the Application Roster, Application Access, and Reclamation tasks, you are required to elevate the user role only to admin.
  2. When License Differentiation is not enabled for an existing SaaS Management integration with ServiceNow:
    1. If you want to enable only the Application Roster and Application Access tasks, you are required to have the rest_api_explorer role.
    2. If you want to enable the Application Roster, Application Access, and Reclamation tasks, you are required to have the user_admin role. For details, refer to the Base System Roles section of the ServiceNow product documentation.

Creating a Custom Role with a Reading Permission Specific to the Tables Used in the Integration API

If you wish to have a custom role with a reading permission specific to the tables used in the integration API, then follow the steps below to create a custom role.

Important • If you enable the Reclamation task, the user_admin role and the custom role are required.

Task: To create a custom role with a reading permission specific to the tables used in the integration API:

  1. Log in to your ServiceNow instance as a security_admin or log in as a system administrator. Elevate your role by clicking System Administrator. Navigate to Elevate Roles and enable the security_admin check box, which enables this permission to edit the Access Control List.
  2. To create a custom role, navigate to the Roles tab by searching for the “roles” keyword in the All Applications menu on the left side of the screen. Click the New button and enter the desired name for the role. Click Submit to create this new role.
  3. In the All Application navigator, search for the “Access Control” keyword. Click Access Control (ACL) to navigate to the Access Control tab.
  4. In the Access Control tab, search for the access control keyword “sys_user_has_role”. Click on the record with the read operation type, add the custom role created under the Requires Role section, and click Update.
  5. Repeat the same steps for the “sys_user_role” Access Control record, add the custom role created to the Requires Role section, and click Update.
  6. In the Access Control tab, search for the access control keyword “sysevent”. There will be two records with read operation.
    1. Open the record type that does not contain the default entry of “pa_data_collector“.
    2. Add the custom role created under the Requires Role section.
    3. Click Update.

API Endpoints with License Differentiation

Application Roster

https://<<instance>>.service-now.com/api/now/stats/sys_user_has_role 

https://<<instance>>.service-now.com/api/now/table/sys_user_has_role

Application Access

https://<<instance>>.service-now.com/api/now/stats/sysevent 

https://<<instance>>.service-now.com/api/now/table/sysevent

Reclamation

https://<<instance>>.service-now.com/api/now/v2/table/sys_user_has_role/{sys_id}

API Endpoints without License Differentiation

Application Roster and Application Access

https://<<instance>>.service-now.com/api/now/stats/sys_user 

https://<<instance>>.service-now.com/api/now/table/sys_user

Reclamation

https://<<instance>>.service-now.com/api/now/v2/table/sys_user/{sys_id} 

 

More information on new features and enhancements can be found in What's New in Flexera One.