IT Service Management meets Identity and Access Management

This technology center provides information about meeting or exceeding your organizational needs where ITSM and IAM interject by leveraging ServiceNow and Centrify software and services.

Background

Large and highly-regulated organizations require process maturity and repeatability. The capabilities that are under the umbrella of Identity and Access Management are no exception. ITSM solutions like ServiceNow provide an outstanding toolset to achieve these goals. Here are some examples of the typical requirements we see from our prospects and customers:

• Self-service capabilities for application access, application provisioning.
• Self-service capabilities for shared account or privileged session access.
• Consolidated self-service password reset.
• Validation capabilities for privilege elevation (e.g. with a valid change control ticket).
• Alignment with PCI 6.4.5 that requires organizations may need to provide documented approval of authorization for privileged activities associated with change control.
• Alignment with SANS Critical Security Controls – validate that each person with administrative privileges is authorized by a senior executive.

Another set of challenges for organizations happen during the ServiceNow implementation:

• Not all organizations have appetite for complex federation solutions.
• Users require SSO and mobile access.
• Automatic Provisioning is required as a best-practice and to keep costs down.
• Advanced controls like policy and MFA can protect ServiceNow data that may have sensitive data classification.

Centrify + ServiceNow

Centrify offers several capabilities for ServiceNow:

• Centrify Identity Service
  • Use SAML to federate ServiceNow in minutes using the Multi-Provider SSO.
  • Provides outbound provisioning into ServiceNow leveraging the Centrify Identity Service app
  • Use the ServiceNow Service Catalog to request access to Web Applications using Centrify App access
  • Use the Centrify Password Reset App to consolidate self-service password reset for AD users and Centrify Directory users
• Centrify Privilege Service
  • Use the ServiceNow Service Catalog to request access to Shared Account Passwords or Privileged Sessions via the Centrify Privilege Access Request app
• Centrify Server Suite
  • Use the Centrify-enhanced sudo to implement verified privilege elevation on UNIX and Linux

Articles and Integration Examples

• How to use Privilege Service for Password Checkout/Checkin and open/close a ServiceNow (or JIRA) ticket
• How to set up ServiceNow for SSO with Identity Service and the Multi-provider SSO Plugin
• How to set-up Centrify Identity Service for automatic provisioning into ServiceNow
• How to set up Centrify App Access for ServiceNow
• How to set up the Centrify Privilege Access Request ServiceNow App
• [Labs] Integrating ServiceNow Approvals to Centrify-enhanced sudo using the dzdo validator
• [Labs] Extending the ServiceNow-dzdo validator integration to create SN tickets
• [Example] Using the Centrify Privilege Service API and ServiceNow/JIRA

Videos

•  Video: Centrify and ServiceNow configuration overview

• Video: ServiceNow Application Access Request Overview
  
  
  
• Video: ServiceNow Application Access Request Walkthrough
  
  
  
• Video: Centrify Privileged Access Request for ServiceNow 
  
  
  
  

Documentation

•  Identity Service ServiceNow Documentation