- Flexera Community
- :
- Flexera One
- :
- Flexera One Blog
- :
- ServiceNow Activity Tracking
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Flexera SaaS Management’s integration with ServiceNow and ServiceNow OAuth2 now tracks all user activity and the time the activity occurred. Software Asset Managers can now identify whether users with ServiceNow Approver and Fulfiller (ITIL) licenses are using the paid aspects of their licenses and are delivering services to requesters or approving requests within the appropriate time period.
Some examples of tracked ServiceNow user activity include, but are not limited to, the following:
- Request Approved
- Request Updated
- Request Inserted
- Incident Updated
- Incident Inserted
- Incident Inactive
- Problem Inserted
Actions Required for Existing SaaS Management Integrations with ServiceNow and ServiceNow OAuth2
If you currently have a ServiceNow or a ServiceNow OAuth2 integration with Flexera’s SaaS Management, complete the following tasks to track user events and the time the events occurred. For further details, refer to the ServiceNow or ServiceNow OAuth2 integration instructions.
- The minimum permissions for ServiceNow and ServiceNow OAuth2 have been updated. For details, refer to the appropriate minimum permissions table: Minimum Permissions Required for ServiceNow or Minimum Permissions Required for ServiceNow OAuth2.
- Enable the updated ServiceNow or ServiceNow OAuth2 user role permissions based on whether your existing integration supports license differentiation. For details, refer to Enabling ServiceNow and ServiceNow OAuth2 User Role Permissions.
- If your organization currently implements the optional task of Creating a Custom Role with a Reading Permission Specific to the Tables Used in the Integration API, note that step 6 has been added to these instructions.
- The ServiceNow and ServiceNow OAuth2 API endpoints have been updated. Refer to the appropriate API endpoints based on whether your existing integration supports license differentiation: API Endpoints with License Differentiation or API Endpoints without License Differentiation.
Actions Required for New SaaS Management Integrations with ServiceNow and ServiceNow OAuth2
You need to complete the following tasks to integrate ServiceNow or ServiceNow OAuth2 with SaaS Management. For further details, refer to the ServiceNow or ServiceNow OAuth2 integration instructions.
- To track user activity and the time the activity occurred, complete the task: Enabling the SaaS Management Application Access Integration Task.
- Note the appropriate user permissions: Minimum Permissions Required for ServiceNow or Minimum Permissions Required for ServiceNow OAuth2.
- As an option for your organization, you can enable the task: Creating a Custom Role with a Reading Permission Specific to the Tables Used in the Integration API.
- Based on your decision whether to support license differentiation for your integration, refer to the appropriate API endpoints: API Endpoints with License Differentiation or API Endpoints without License Differentiation.
Enabling the SaaS Management Application Access Integration Task
To track ServiceNow and ServiceNow OAuth2 user activity and the time the activity occurred, you need to enable the SaaS Management Application Access integration task per the appropriate instructions:
Note • During the first run of the Application Access task, Flexera pulls data for only the last 6 days.
Minimum Permissions Required for ServiceNow
| Role | Description | Integration Task Name |
| admin, snc_read_only | These roles are required for retrieving the ServiceNow users and their activities. For details, refer to the Base System Roles section of the ServiceNow documentation. |
Application Roster Application Access |
| admin |
This role is required to:
For details, refer to the Base System Roles section of the ServiceNow product documentation. |
Application Roster Application Access Reclamation |
Minimum Permissions Required for ServiceNow OAuth2
| Role | Description | Integration Task Name |
| admin, snc_read_only | These roles are required for retrieving the ServiceNow users and their activities. For details, refer to the Base System Roles section of the ServiceNow documentation. |
Application Roster Application Access |
| admin |
This role is required to:
For details, refer to the Base System Roles section of the ServiceNow documentation. |
Application Roster Application Access Reclamation |
Enabling ServiceNow and ServiceNow OAuth2 User Role Permissions
Follow the steps below to enable the correct ServiceNow and ServiceNow OAuth2 user role permissions for an existing SaaS Management integration with ServiceNow.
Task: To enable the correct user role permissions for an existing SaaS Management integration with ServiceNow, determine whether License Differentiation is enabled.
- When License Differentiation is enabled for an existing SaaS Management integration with ServiceNow added using itil and snc_read_only permissions:
- If you want to enable only the Application Roster and Application Access tasks, you are required to elevate the user role to admin and snc_read_only.
- If you want to enable the Application Roster, Application Access, and Reclamation tasks, you are required to elevate the user role only to admin.
- When License Differentiation is not enabled for an existing SaaS Management integration with ServiceNow:
- If you want to enable only the Application Roster and Application Access tasks, you are required to have the rest_api_explorer role.
- If you want to enable the Application Roster, Application Access, and Reclamation tasks, you are required to have the user_admin role. For details, refer to the Base System Roles section of the ServiceNow product documentation.
Creating a Custom Role with a Reading Permission Specific to the Tables Used in the Integration API
If you wish to have a custom role with a reading permission specific to the tables used in the integration API, then follow the steps below to create a custom role.
Important • If you enable the Reclamation task, the user_admin role and the custom role are required.
Task: To create a custom role with a reading permission specific to the tables used in the integration API:
- Log in to your ServiceNow instance as a security_admin or log in as a system administrator. Elevate your role by clicking System Administrator. Navigate to Elevate Roles and enable the security_admin check box, which enables this permission to edit the Access Control List.
- To create a custom role, navigate to the Roles tab by searching for the “roles” keyword in the All Applications menu on the left side of the screen. Click the New button and enter the desired name for the role. Click Submit to create this new role.
- In the All Application navigator, search for the “Access Control” keyword. Click Access Control (ACL) to navigate to the Access Control tab.
- In the Access Control tab, search for the access control keyword “sys_user_has_role”. Click on the record with the read operation type, add the custom role created under the Requires Role section, and click Update.
- Repeat the same steps for the “sys_user_role” Access Control record, add the custom role created to the Requires Role section, and click Update.
- In the Access Control tab, search for the access control keyword “sysevent”. There will be two records with read operation.
- Open the record type that does not contain the default entry of “pa_data_collector“.
- Add the custom role created under the Requires Role section.
- Click Update.
API Endpoints with License Differentiation
Application Roster
https://<<instance>>.service-now.com/api/now/stats/sys_user_has_role
https://<<instance>>.service-now.com/api/now/table/sys_user_has_role
Application Access
https://<<instance>>.service-now.com/api/now/stats/sysevent
https://<<instance>>.service-now.com/api/now/table/sysevent
Reclamation
https://<<instance>>.service-now.com/api/now/v2/table/sys_user_has_role/{sys_id}
API Endpoints without License Differentiation
Application Roster and Application Access
https://<<instance>>.service-now.com/api/now/stats/sys_user
https://<<instance>>.service-now.com/api/now/table/sys_user
Reclamation
https://<<instance>>.service-now.com/api/now/v2/table/sys_user/{sys_id}
More information on new features and enhancements can be found in What's New in Flexera One.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- New SaaS integration for Confluence in Flexera One Blog
- ServiceNow App Details and User Level Activity for Custom Apps in Flexera One Blog
- Reclaiming User Licenses and Tracking User Activity No Longer Available for DocuSign Integration in Flexera One Blog
- New Power BI Reporting Insights for ServiceNow Subscriptions and Allocations in Flexera One Blog
- ServiceNow Power BI Reporting for Flexera One's SaaS Management in Flexera One Knowledge Base
