A key pillar of Centrify's Zero Trust security is to limit access and privilege. An effective way to accomplish this key objective is to make every access workflow enabled.
As many of you know already, ServiceNow is the leading vendor in the ITSM market and is rapidly growing. And, our customers asked for the integration that helps tie the Centrify IAM stack with ServiceNow.
We've started on this integration journey over 3 years ago and we primarily help our common customers achieve a few core benefits:
- Automate fulfillment management for apps and IT resources
- Improve security with single sign-on and adaptive multi-factor authentication to ServiceNow
- Leverage investments in existing identity infrastructure
- Reduce IT helpdesk ticket volume
They can achieve this with a combination of Centrify's Identity Services and four Certified Centrify ServiceNow Applications.
The focus of this post is to elaborate on what's new in our integration as part of the 18.4 release.
What's ServiceNow + Centrify Zone Role Workflow?
While it is possible to give users access by statically assigning them to a role with specific administrative rights, a more secure method for controlling access is to establish a request and approval workflow. A request and approval workflow give specific users or members of specific roles the ability to approve or reject access requests. A request and approval workflow improve security by controlling which users can request access, which users can grant access, and how long access is allowed if it is granted.
If you are a member of the System Administrator role or have the appropriate permissions, you can configure a request and approval workflow for different types of access requests. For example, you can configure a request and approval workflow for the following:
- Checkout access for stored account passwords if you have Centrify infrastructure service deployed.
- Login access for systems, domains, and databases if you have Centrify infrastructure service deployed.
- Elevated privileges associated with the roles defined in zones if you have Centrify infrastructure service deployed.
This is available within Centrify's Identity platform and the documentation for configuring and enabling the Zone Role Workflow is here.
How to leverage Centrify's Zone Role Workflow from ServiceNow?
1. Enable Zone Role Workflow in the Centrify Identity Platform
Enable Zone Role Workflow at a domain level.
And, choose to override at the system level.
The most detailed instructions are here:
2. Install and configure the Centrify ServiceNow App
Install the application from the ServiceNow store. This is what one would see after installation.
Configure the properties with the Centrify tenant details.
See the new ServiceNow Catalog Item.
3. Request Zone Role Workflow
Request for either a Windowed, Permanent or a Temporary access from the catalog item.
- Windowed is for a request in the future
- Permanent is for a request for a permanent assignment
- Temporary is a request for a temporary assignment (minimum is an hr)
4. Verify the Zone Role Assignment
Once the request is approved within ServiceNow, the entitlement fulfillment is done by Centrify. This is how it shows up at the computer object level in Access Manager.
IT-users need to automate tasks like account provisioning and password resets, and manage privileged access to on-premises and cloud-based infrastructure. Centrify’s identity management integrations with ServiceNow help automate processes, improve visibility, and provide a better experience for ServiceNow end-users and privileged IT-users.
We have 4 certified Centrify Apps in the ServiceNow marketplace to help our customers achieve this. The latest update to the Privilege Access Request app with Zone Role workflow enhancement expands our capability to enable Centrify's Zero Trust security and limit access and privilege for infrastructure access.