Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

Centrify's Zone Role Workflow Integration with ServiceNow

11 April,19 at 11:50 AM

A key pillar of Centrify's Zero Trust security is to limit access and privilege. An effective way to accomplish this key objective is to make every access workflow enabled. 

 

As many of you know already, ServiceNow is the leading vendor in the ITSM market and is rapidly growing. And, our customers asked for the integration that helps tie the Centrify IAM stack with ServiceNow.

 

We've started on this integration journey over 3 years ago and we primarily help our common customers achieve a few core benefits:

  • Automate fulfillment management for apps and IT resources
  • Improve security with single sign-on and adaptive multi-factor authentication to ServiceNow
  • Leverage investments in existing identity infrastructure
  • Reduce IT helpdesk ticket volume

They can achieve this with a combination of Centrify's Identity Services and four Certified Centrify ServiceNow Applications.

 

The focus of this post is to elaborate on what's new in our integration as part of the 18.4 release

 

What's ServiceNow + Centrify Zone Role Workflow?

While it is possible to give users access by statically assigning them to a role with specific administrative rights, a more secure method for controlling access is to establish a request and approval workflow. A request and approval workflow give specific users or members of specific roles the ability to approve or reject access requests. A request and approval workflow improve security by controlling which users can request access, which users can grant access, and how long access is allowed if it is granted.
 
If you are a member of the System Administrator role or have the appropriate permissions, you can configure a request and approval workflow for different types of access requests. For example, you can configure a request and approval workflow for the following:
  • Checkout access for stored account passwords if you have Centrify infrastructure service deployed.
  • Login access for systems, domains, and databases if you have Centrify infrastructure service deployed.
  • Elevated privileges associated with the roles defined in zones if you have Centrify infrastructure service deployed. 

This is available within Centrify's Identity platform and the documentation for configuring and enabling the Zone Role Workflow is here

 

How to leverage Centrify's Zone Role Workflow from ServiceNow?

 

1. Enable Zone Role Workflow in the Centrify Identity Platform

 

Enable Zone Role Workflow at a domain level.Screen Shot 2018-05-03 at 9.23.43 AM.png 

And, choose to override at the system level.

 

Screen Shot 2018-05-03 at 9.24.17 AM.png

 

 

The most detailed instructions are here:

https://docs.centrify.com/en/centrify/adminref/index.html#page/cloudhelp/svr_mgr_zone_role_requester_config.html

 

2. Install and configure the Centrify ServiceNow App

  

Install the application from the ServiceNow store. This is what one would see after installation.Screen Shot 2018-05-03 at 9.32.46 AM.png

 

Configure the properties with the Centrify tenant details.

Screen Shot 2018-05-03 at 9.33.08 AM.png

 

See the new ServiceNow Catalog Item.

Screen Shot 2018-05-03 at 9.35.47 AM.png

 

 3. Request Zone Role Workflow

Request for either a Windowed, Permanent or a Temporary access from the catalog item.  

  • Windowed is for a request in the future
  • Permanent is for a request for a permanent assignment
  • Temporary is a request for a temporary assignment (minimum is an hr)

Screen Shot 2018-05-03 at 9.45.05 AM.png

  

4. Verify the Zone Role Assignment 

Once the request is approved within ServiceNow, the entitlement fulfillment is done by Centrify. This is how it shows up at the computer object level in Access Manager.

 Screen Shot 2018-05-03 at 9.40.50 AM.png

 

Summary

IT-users need to automate tasks like account provisioning and password resets, and manage privileged access to on-premises and cloud-based infrastructure. Centrify’s identity management integrations with ServiceNow help automate processes, improve visibility, and provide a better experience for ServiceNow end-users and privileged IT-users.

 

We have 4 certified Centrify Apps in the ServiceNow marketplace to help our customers achieve this. The latest update to the Privilege Access Request app with Zone Role workflow enhancement expands our capability to enable Centrify's Zero Trust security and limit access and privilege for infrastructure access.

 

 

 

 

 

 

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-12797: How to use the Centrify PowerShell Module to Automate Access and Privilege Operations article[Security Corner] Centrify and the Microsoft Enhanced Security Administrative Environment (2/3) articleCentrify 18.4 Release Notes articleCentrify 18.3 Release Notes article[Security Corner] Centrify and the Microsoft Enhanced Security Administrative Environment (1/3) articleCentrify 19.3 Release Notes article[10 Tips] I Inherited a Centrify Server Suite Deployment - What's next? articleKB-20123: Tenant URL Change FAQ for Centrify only articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS