Creating a ServiceNow connection
Use a ServiceNow connection to enable provisioning from PingOne to the ServiceNow user directory.
Before you begin
Make sure that you have:
-
Reviewed the User administration information in the ServiceNow documentation.
-
Administrator access to a ServiceNow instance running a supported version.
-
The username and password for the administrator account.
Steps
-
In the PingOne admin console, go to Integrations > Provisioning.
-
Click and then click New Connection.
-
On the Identity Store line, click Select.
-
On the ServiceNow tile, click Select. Click Next.
-
Enter a name and description for this provisioning connection.
Result:
The connection name appears in the provisioning list after you save the connection.
-
Click Next.
-
In the Configure Authentication section, enter the values for the following fields:
Field Value ServiceNow URL
The URL of your ServiceNow instance. For example,
https://yourinstance.service-now.com
.Username
The administrator user for the ServiceNow instance.
Password
The password for the administrator user.
-
Click Test Connection to verify that PingOne can establish a connection to ServiceNow.
Result:
If there are any issues with the connection, a Test Connection Failed modal opens. Click Continue to resume the setup with an invalid connection.
You can’t use the connection for provisioning until you have established a valid connection to ServiceNow. To retry, click Cancel in the Test Connection Failed modal and repeat step 7.
Troubleshooting:
Learn more about troubleshooting your connection in Troubleshooting Test Connections Failure.
-
On the Actions section, enter the following:
Field Description Allow Users to be Created
Determines whether to create a user in the ServiceNow user directory when the user is created in the PingOne identity store.
Allow Users to be Updated
Determines whether to update user attributes in the ServiceNow user directory when the user is updated in the PingOne identity store.
Allow Users to be Disabled
Determines whether to disable a user in the ServiceNow user directory when the user is disabled in the PingOne identity store.
Allow Users to be Deprovisioned
Determines whether to deprovision a user in the ServiceNow user directory when the user is deprovisioned in the PingOne identity store.
Remove Action
Determines the action to take when removing a user from the ServiceNow user directory.
Disable: When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.
Deprovision on Rule Deletion
Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.
-
Click Save.
-
To enable the connection, click the toggle at the top of the details panel to the right (blue).
You can disable the connection by clicking the toggle to the left (gray).
Result
The ServiceNow provisioning connection is added to the list of connections on the Provisioning page.
Next steps
Define which users are provisioned and how attributes are mapped between PingOne and an external identity store. Learn more in Creating an outbound rule.
ServiceNow provisioning features
The ServiceNow provisioning connection offers the following features:
Manages users in ServiceNow based on changes in an external datastore.
-
Creates, updates, and disables users.
-
Allows you to enable the create, update, and disable capabilities independently.
-
Allows you to choose to disable users when deprovisioning.
ServiceNow default attributes
The following table shows the default ServiceNow user attributes that can be mapped to PingOne user attributes for user provisioning.
This information shows typical attribute mappings, but you are free to map attributes however you like. |
PingOne Directory attribute | Description | ServiceNow attribute |
---|---|---|
Username |
The user’s username and ServiceNow login. PingOne uses this value to synchronize pre-existing users in ServiceNow with PingOne. |
Username |
Given Name |
The user’s first (given) name. For example, "Barbara" in "Ms. Barbara Jane Jensen, III". |
First Name |
Family Name |
The user’s last (family) name. For example, "Jensen" in "Ms. Barbara Jane Jensen, III". |
Last Name |
Email Address |
The user’s email address. |
|
Enabled |
The status of the user account in ServiceNow. |
Active |
ServiceNow supported attributes
The following table lists all the attributes that can be mapped for user provisioning to ServiceNow. For more information about these attributes, see Create a user in the ServiceNow documentation.
Attribute | Description | ||
---|---|---|---|
Username |
The user’s username and ServiceNow login. PingOne uses this value to synchronize pre-existing users in ServiceNow with PingOne. |
||
Prefix |
The user’s honorific prefix, such as Ms., Mr., or Dr.. This attribute maps to introduction in ServiceNow. |
||
FirstName |
The user’s first (given) name. For example, "Barbara" in "Ms. Barbara Jane Jensen, III". |
||
MiddleName |
The user’s middle name. For example, "Jane" in "Ms. Barbara Jane Jensen, III". |
||
LastName |
The user’s last (family) name. For example, "Jensen" in "Ms. Barbara Jane Jensen, III". |
||
The user’s email address. |
|||
MobilePhone |
The user’s mobile phone number. |
||
BusinessPhone |
The user’s business phone number. |
||
HomePhone |
The user’s home phone number. |
||
Roles |
The user’s role, such as Student or Faculty. This attribute supports multiple values. The ServiceNow Provisioner can assign only roles that are already assigned to the user account that you use for provisioning. The ServiceNow Provisioner does not create new roles, so the roles must already exist in ServiceNow. |
||
Title |
The user’s business title, such as Software engineer. |
||
Active |
The status of the user account in ServiceNow. |
||
LockedOut |
If true, the user is locked out. The user account still exists in ServiceNow, but the user cannot sign on. |
||
Password |
The user’s password. Passwords cannot be mapped from a source data store, so this field can be used to set a literal default value. |
||
PasswordNeedsReset |
If true, the user must change their password at the next sign-on. |
||
EmployeeNumber |
A string identifier, typically numeric or alphanumeric, assigned to a person, often based on order of hire or association with an organization. |
||
Gender |
The user’s gender. |
||
Manager |
The Username that represents the manager for the user. |
||
Department |
The user’s department or work group, such as "Sales". |
||
Street |
The user’s street address. |
||
City |
The user’s city or locale. |
||
Zip |
The user’s ZIP code or postal code. |
||
State |
The user’s state, province, or territory. |
||
CountryCode |
The user’s country. Uses the two-character country code as defined by the ISO-3166-1 alpha-2 standard. |
||
Location |
The user’s geographical location. |
||
Timezone |
The user’s time zone. Uses the IANA time zone database format. For example, |
||
Language |
The user’s language. Uses the two-character language code as defined by the ISO 639-1 standard. |
||
Notification |
Determines whether to enable notifications. Select |
||
TimeFormat |
The user’s time format.
For more information, see Global date and time field format in the ServiceNow documentation. |
||
Photo |
The user’s photo. |
ServiceNow provisioning known limitations
The following are known issues or limitations with the ServiceNow provisioning connection.
-
When Allow Users To be Disabled is set to
false
but Allow Users To Be Updated is set totrue
, then any update to a disabled user, such as a name change, won’t get propagated to ServiceNow. For updates to go through for a disabled user, both settings must be set totrue
. -
If the PingOne attribute
PhotoLink
is mapped to the ServiceNow attributePhoto
, the URL can get truncated because themaxLength
for thePhoto
attribute is40
. We recommend that you manually upload the user photo on the ServiceNow console. -
If you delete a user in the PingOne console, the user will be disabled in the ServiceNow directory. In PingOne,
Disable
is the only option for Remove action. To delete a user, use the ServiceNow console.