Oftentimes organizations are spending too much time (and valuable resource allocation) to produce audit reports that demonstrate compliance of who has access to what, how that access was requested and approved, and when that access was granted. This effort is typically cross organizational and spans IT and the Lines of Business. While many organizations rely on ServiceNow for requests and approvals, the Identity Management system is leveraged to automate the fulfillment of access changes. Anomalix has enabled organizations to leverage their ServiceNow investment to integrate with the Identity Management system of choice for efficiency and automation and cost reduction for daily operations as well as audit and compliance purposes.
ServiceNow is a leader inthe access request, incident management, and IT ticketing space. While it provides extensive capabilities around the generation and management of user access requests, completing the last-mile of automated provisioning can be challenging for organizations of all sizes. Anomalix can enable businesses to close the gap of last-mile fulfillment through the configuration and customization ofServiceNow & Identity Management System integrations.
End-user access requests have been traditionally challenging at the enterprise level. Large organizations will typically have multiple, disparate processes for requesting access. These include re-purposed IT asset ticketing systems, homegrown solutions, group email inboxes, and calls to individual administrators. The result is user confusion, difficulty or inability fulfilling compliance requirements, and inefficient and costly maintenance processes.
ServiceNow IT Service Management aims to bring a service-based approach to IT access requests. The result of a fully realized implementation is reduced IT management costs,increased user satisfaction, and easier fulfillment of audit and compliance requirements. Coupled with the automated fulfillment capabilities found in Identity and Access Management Systems, this becomes a powerful solution for end-to-end user lifecycle management. Additionally, requests generated in the Identity Management System can point to ServiceNow to generated tickets formanual fulfillment.
Anomalix knows that each organization has unique requirements and use cases around end-user access requests, audit and compliance mandates. We have experience with IT Service Management, Identity Management as well as IT Audit and Compliance. Anomalix has integrated Identity Management systems with ServiceNow both as the generator and receiver of fulfillment requests. Furthermore, these patterns are not mutually exclusive; hybrid implementations are possible that allow ServiceNow to generate fulfillment requests and act as a fulfillment endpoint,should the need arise.
Figure1: Identity Management Fulfillment
The first pattern represents ServiceNow utilizing the IdentityManagement (IDM) System to fulfill requests. This allows organizations to leverage existing provisioning connectors to automatically fulfill access requests. This pattern demonstrates the end to end provisioning of access without any user intervention. An approval process can be implemented in ServiceNow before the fulfillment phase to ensure that the right level of access is provided to the user. The design incorporates the need for MID server for the ServiceNow instance to talk to on-premise IDM.
Figure 1.1: Sequence of interaction between ServiceNow, IDM and Active Directory
Figure 2: ServiceNow Fulfillment
The second pattern demonstrates ServiceNow acting as a fulfillment endpoint for requests generated in the Identity Management System. Systems that are not integrated or rely on ServiceNow tickets for fulfillment can still leverage request generated (manually or automatically). Proprietary workflow capabilities can monitor the status of the ticket and close the request when it has been marked complete in ServiceNow.
Figure 3: Compliance Management with ServiceNow
Take advantage of the advanced audit compliance capabilities of your existing IDM Platform and integrate it with ServiceNow to provide reviewers a unified ServiceNow Platform that they are familiar with. In this use case we schedule the generation of audit report in the IDM Platform which in turn generates ServiceNow(SN) Ticket (via web service call) for each reviewer with the list of user access to be reviewed. The ServiceNow Ticket can be manually fulfilled in the target system. The audit report can be closed by polling ServiceNow for ticket completion.
Figure 4: Compliance Management with IDM Fulfillment
The second pattern demonstrates ServiceNow acting as a fulfillment endpoint for revoking access.The IDM platform generates ServiceNow ticket for each reviewer with tasks foreach access to review. The reviewer maintains/revokes action is registered in IDM via web service call. The IDM platform fulfills the request generated on the target system without any user interaction to provide automated compliance.
High-level planning for how your company can leverage ServiceNow and your Identity Management System isa straightforward affair. It comes down to:
Anomalix professional services can help plan, implement, and support your organization’s needs in each scenario.