PingOne

Creating a ServiceNow connection

Use a ServiceNow connection to enable provisioning from PingOne to the ServiceNow user directory.

Before you begin

Make sure that you have:

  • Reviewed the User administration information in the ServiceNow documentation.

  • Administrator access to a ServiceNow instance running a supported version.

  • The username and password for the administrator account.

Steps

  1. In the PingOne admin console, go to Integrations > Provisioning.

  2. Click and then click New Connection.

  3. On the Identity Store line, click Select.

  4. On the ServiceNow tile, click Select. Click Next.

  5. Enter a name and description for this provisioning connection.

    Result:

    The connection name appears in the provisioning list after you save the connection.

  6. Click Next.

  7. In the Configure Authentication section, enter the values for the following fields:

    Field Value

    ServiceNow URL

    The URL of your ServiceNow instance. For example, https://yourinstance.service-now.com.

    Username

    The administrator user for the ServiceNow instance.

    Password

    The password for the administrator user.

  8. Click Test Connection to verify that PingOne can establish a connection to ServiceNow.

    Result:

    If there are any issues with the connection, a Test Connection Failed modal opens. Click Continue to resume the setup with an invalid connection.

    You can’t use the connection for provisioning until you have established a valid connection to ServiceNow. To retry, click Cancel in the Test Connection Failed modal and repeat step 7.

    Troubleshooting:

    Learn more about troubleshooting your connection in Troubleshooting Test Connections Failure.

  9. On the Actions section, enter the following:

    Field Description

    Allow Users to be Created

    Determines whether to create a user in the ServiceNow user directory when the user is created in the PingOne identity store.

    Allow Users to be Updated

    Determines whether to update user attributes in the ServiceNow user directory when the user is updated in the PingOne identity store.

    Allow Users to be Disabled

    Determines whether to disable a user in the ServiceNow user directory when the user is disabled in the PingOne identity store.

    Allow Users to be Deprovisioned

    Determines whether to deprovision a user in the ServiceNow user directory when the user is deprovisioned in the PingOne identity store.

    Remove Action

    Determines the action to take when removing a user from the ServiceNow user directory.

    Disable: When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.

    Deprovision on Rule Deletion

    Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.

  10. Click Save.

  11. To enable the connection, click the toggle at the top of the details panel to the right (blue).

    You can disable the connection by clicking the toggle to the left (gray).

Result

The ServiceNow provisioning connection is added to the list of connections on the Provisioning page.

Next steps

Define which users are provisioned and how attributes are mapped between PingOne and an external identity store. Learn more in Creating an outbound rule.

ServiceNow provisioning features

The ServiceNow provisioning connection offers the following features:

Manages users in ServiceNow based on changes in an external datastore.

  • Creates, updates, and disables users.

  • Allows you to enable the create, update, and disable capabilities independently.

  • Allows you to choose to disable users when deprovisioning.

ServiceNow default attributes

The following table shows the default ServiceNow user attributes that can be mapped to PingOne user attributes for user provisioning.

This information shows typical attribute mappings, but you are free to map attributes however you like.

PingOne Directory attribute Description ServiceNow attribute

Username

The user’s username and ServiceNow login. PingOne uses this value to synchronize pre-existing users in ServiceNow with PingOne.

Username

Given Name

The user’s first (given) name. For example, "Barbara" in "Ms. Barbara Jane Jensen, III".

First Name

Family Name

The user’s last (family) name. For example, "Jensen" in "Ms. Barbara Jane Jensen, III".

Last Name

Email Address

The user’s email address.

Email

Enabled

The status of the user account in ServiceNow.

Active

ServiceNow supported attributes

The following table lists all the attributes that can be mapped for user provisioning to ServiceNow. For more information about these attributes, see Create a user in the ServiceNow documentation.

Attribute Description

Username

The user’s username and ServiceNow login. PingOne uses this value to synchronize pre-existing users in ServiceNow with PingOne.

Prefix

The user’s honorific prefix, such as Ms., Mr., or Dr.. This attribute maps to introduction in ServiceNow.

FirstName

The user’s first (given) name. For example, "Barbara" in "Ms. Barbara Jane Jensen, III".

MiddleName

The user’s middle name. For example, "Jane" in "Ms. Barbara Jane Jensen, III".

LastName

The user’s last (family) name. For example, "Jensen" in "Ms. Barbara Jane Jensen, III".

Email

The user’s email address.

MobilePhone

The user’s mobile phone number.

BusinessPhone

The user’s business phone number.

HomePhone

The user’s home phone number.

Roles

The user’s role, such as Student or Faculty. This attribute supports multiple values.

The ServiceNow Provisioner can assign only roles that are already assigned to the user account that you use for provisioning.

The ServiceNow Provisioner does not create new roles, so the roles must already exist in ServiceNow.

Title

The user’s business title, such as Software engineer.

Active

The status of the user account in ServiceNow.

LockedOut

If true, the user is locked out. The user account still exists in ServiceNow, but the user cannot sign on.

Password

The user’s password. Passwords cannot be mapped from a source data store, so this field can be used to set a literal default value.

PasswordNeedsReset

If true, the user must change their password at the next sign-on.

EmployeeNumber

A string identifier, typically numeric or alphanumeric, assigned to a person, often based on order of hire or association with an organization.

Gender

The user’s gender.

Manager

The Username that represents the manager for the user.

Department

The user’s department or work group, such as "Sales".

Street

The user’s street address.

City

The user’s city or locale.

Zip

The user’s ZIP code or postal code.

State

The user’s state, province, or territory.

CountryCode

The user’s country. Uses the two-character country code as defined by the ISO-3166-1 alpha-2 standard.

Location

The user’s geographical location.

Timezone

The user’s time zone. Uses the IANA time zone database format. For example, America/Los_Angeles. The ServiceNow provisioner can set only time zones that are already assigned to the user account that you use for provisioning. You might need to update the time zones in ServiceNow to account for other allowable values.

Language

The user’s language. Uses the two-character language code as defined by the ISO 639-1 standard.

Notification

Determines whether to enable notifications. Select Enable or Disable.

TimeFormat

The user’s time format.

The ServiceNow Provisioner can set only time formats that are already assigned to the user account that you use for provisioning.

For more information, see Global date and time field format in the ServiceNow documentation.

Photo

The user’s photo.

ServiceNow provisioning known limitations

The following are known issues or limitations with the ServiceNow provisioning connection.

  • When Allow Users To be Disabled is set to false but Allow Users To Be Updated is set to true, then any update to a disabled user, such as a name change, won’t get propagated to ServiceNow. For updates to go through for a disabled user, both settings must be set to true.

  • If the PingOne attribute PhotoLink is mapped to the ServiceNow attribute Photo, the URL can get truncated because the maxLength for the Photo attribute is 40. We recommend that you manually upload the user photo on the ServiceNow console.

  • If you delete a user in the PingOne console, the user will be disabled in the ServiceNow directory. In PingOne, Disable is the only option for Remove action. To delete a user, use the ServiceNow console.