ServiceNow Provisioning - Eureka and Later Releases

Note: This ServiceNow appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. is deprecated and Okta recommends that you move to ServiceNow UD.

See:


REQUIREMENTS

Before configuring provisioning in Okta, you need to do the following:


FEATURES

The following provisioning features are supported:

  • Push GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.

    Groups and their members can be pushed to remote systems. For more about using group push operations see Using Group Push.

  • Import New Users

    New users created in the third party application will be downloaded and turned in to new AppUser objects, for matching against existing OKTA users.

  • Import Profile Updates

  • Push New Users

    New users created through OKTA will also be created in the third party application.

  • Push Password Updates

    Updates made to the user's password through OKTA will be pushed to the third party application.

  • Push Profile Updates

    Updates made to the user's profile through OKTA will be pushed to the third party application.

  • Push User Deactivation

    Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in the third party application.

  • Reactivate Users

    Reactivating the user through Okta will reactivate the user in the 3rd party application.


PROCEDURE

Configure your Provisioning settings for ServiceNow as follows:

  1. Check the Enable API Integration box.

  2. Enter your ServiceNow credentials:

    servicenoweurekaprovisioning1.png


ACTIVE DIRECTORY MAPPING

There is predefined AD mapping for certain fields that is not modifiable and used only in case AD is configured as the source.

  • AD.managerDn > ServiceNow.manager

  • AD.deliveryOffice > ServiceNow.location

  • AD.department > ServiceNow.department

  • AD.telephoneNumber > ServiceNow.businessPhone

  • AD.departmentNumber > ServiceNow.costCenter

  • AD.title > ServiceNow.title

Also note that fields with predefined list of values (such as Location, Department, etc.) should be synchronized between AD and ServiceNow.

For example:

AD Department ServiceNow Department Comment
Development Development OK
HR HR OK
Finance Finance should be added into Department list in ServiceNow.

In case Finance department is not listed in ServiceNow and it was set in AD for a certain user, the Department field value for this user will have old value (that is, not Finance) in ServiceNow.


TROUBLESHOOTING TIPS

Where do I find my SYS_USER table list?

  1. Log into your ServiceNow Admin Account.

  2. Select Ctl + Option(Alt) + N to open the Toggle Navigation Bar.

  3. Search for : Tables.

    • Under System Definition, select Tables.

  4. Search for SYS_USER.

servicenow3.png

How do I disable mapping for specific fields?

You can turn off synchronization for the specific field by leaving corresponding Service Now column name value as empty.

 

Top