ServiceNow IAM
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Note: This integration should be used along with our IAM premium pack. For further details, visit our IAM pack documentation.
Integrate with ServiceNow's services to perform Identity Lifecycle Management operations. This integration was integrated and tested with London version of ServiceNow. For more information, please refer to the Identity Lifecycle Management article.
Configure ServiceNow IAM on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services.
- Search for ServiceNow IAM.
- Click Add instance to create and configure a new integration instance.
| Parameter | Description | Required |
|---|---|---|
| url | ServiceNow URL (https://<domain>.service-now.com) | True |
| api_version | ServiceNow API Version (e.g. 'v1'). Specify this value to use an endpoint version other than the latest. | False |
| credentials | Username | True |
| insecure | Trust any certificate (not secure) | False |
| proxy | Use system proxy settings | False |
| create_user_enabled | Create User Command Enabled | False |
| update_user_enabled | Update User Command Enabled | False |
| enable_disable_user_enabled | Enable/Disable User Commands Enabled | False |
| create_if_not_exists | Automatically create user if not found in update and enable commands | False |
| mapper_in | Incoming Mapper | True |
| mapper_out | Outgoing Mapper | True |
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
iam-create-user
Creates a user.
Base Command
iam-create-user
Input
| Argument Name | Description | Required |
|---|---|---|
| user-profile | User Profile indicator details. | Required |
| allow-enable | Enable the user. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| IAM.Vendor.active | Boolean | If true, the employee's status is active, otherwise false. |
| IAM.Vendor.brand | String | Name of the integration. |
| IAM.Vendor.details | string | Indicates if the API was successful or provides error information. |
| IAM.Vendor.email | String | The employee's email address. |
| IAM.Vendor.errorCode | Number | HTTP error response code. |
| IAM.Vendor.errorMessage | String | Reason why the API failed. |
| IAM.Vendor.id | String | The employee's user ID in the app. |
| IAM.Vendor.instanceName | string | Name of the integration instance. |
| IAM.Vendor.success | Boolean | If true, the command was executed successfully, otherwise false. |
| IAM.Vendor.username | String | The employee's username in the app. |
Command Example
!iam-create-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com", "givenname":"Test","surname":"Demisto"}`
Human Readable Output
Create User Results (ServiceNow IAM)
| brand | instanceName | success | active | id | details | |
|---|---|---|---|---|---|---|
| ServiceNow IAM | ServiceNow IAM_instance_1 | true | true | edab746f1b142410042611b4bd4bcb23 | testdemisto2@paloaltonetworks.com | calendar_integration: 1 country: user_password: last_login_time: source: sys_updated_on: 2020-11-11 14:55:48 building: web_service_access_only: false notification: 2 enable_multifactor_authn: false sys_updated_by: admin sys_created_on: 2020-11-11 14:55:48 sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"} state: vip: false sys_created_by: admin zip: home_phone: time_format: last_login: default_perspective: active: true sys_domain_path: / cost_center: phone: name: Test Demisto employee_number: password_needs_reset: false gender: city: failed_attempts: user_name: roles: title: sys_class_name: sys_user sys_id: edab746f1b142410042611b4bd4bcb23 internal_integration_user: false ldap_server: mobile_phone: street: company: department: first_name: Test email: testdemisto2@paloaltonetworks.com introduction: preferred_language: manager: locked_out: false sys_mod_count: 0 last_name: Demisto photo: avatar: middle_name: sys_tags: time_zone: schedule: date_format: location: |
iam-update-user
Updates an existing user with the data passed in the user-profile argument.
Base Command
iam-update-user
Input
| Argument Name | Description | Required |
|---|---|---|
| user-profile | A User Profile indicator. | Required |
| allow-enable | Enable the user. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| IAM.Vendor.active | Boolean | If true, the employee's status is active, otherwise false. |
| IAM.Vendor.brand | String | Name of the integration. |
| IAM.Vendor.details | string | Indicates if the API was successful or provides error information. |
| IAM.Vendor.email | String | The employee's email address. |
| IAM.Vendor.errorCode | Number | HTTP error response code. |
| IAM.Vendor.errorMessage | String | Reason why the API failed. |
| IAM.Vendor.id | String | The employee's user ID in the app. |
| IAM.Vendor.instanceName | string | Name of the integration instance. |
| IAM.Vendor.success | Boolean | If true, the command was executed successfully, otherwise false. |
| IAM.Vendor.username | String | The employee's username in the app. |
Command Example
!iam-update-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com", "givenname":"Test","surname":"Demisto_updated"}`
Human Readable Output
Update User Results (ServiceNow IAM)
| brand | instanceName | success | active | id | details | |
|---|---|---|---|---|---|---|
| ServiceNow IAM | ServiceNow IAM_instance_1 | true | true | edab746f1b142410042611b4bd4bcb23 | testdemisto2@paloaltonetworks.com | calendar_integration: 1 country: user_password: last_login_time: source: sys_updated_on: 2020-11-11 14:55:48 building: web_service_access_only: false notification: 2 enable_multifactor_authn: false sys_updated_by: admin sys_created_on: 2020-11-11 14:55:48 sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"} state: vip: false sys_created_by: admin zip: home_phone: time_format: last_login: default_perspective: active: true sys_domain_path: / cost_center: phone: name: Test Demisto_updated employee_number: password_needs_reset: false gender: city: failed_attempts: user_name: roles: title: sys_class_name: sys_user sys_id: edab746f1b142410042611b4bd4bcb23 internal_integration_user: false ldap_server: mobile_phone: street: company: department: first_name: Test email: testdemisto2@paloaltonetworks.com introduction: preferred_language: manager: locked_out: false sys_mod_count: 0 last_name: Demisto_updated photo: avatar: middle_name: sys_tags: time_zone: schedule: date_format: location: |
iam-get-user
Retrieves a single user resource.
Base Command
iam-get-user
Input
| Argument Name | Description | Required |
|---|---|---|
| user-profile | A User Profile indicator. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| IAM.Vendor.active | Boolean | If true, the employee's status is active, otherwise false. |
| IAM.Vendor.brand | String | Name of the integration. |
| IAM.Vendor.details | string | Indicates if the API was successful or provides error information. |
| IAM.Vendor.email | String | The employee's email address. |
| IAM.Vendor.errorCode | Number | HTTP error response code. |
| IAM.Vendor.errorMessage | String | Reason why the API failed. |
| IAM.Vendor.id | String | The employee's user ID in the app. |
| IAM.Vendor.instanceName | string | Name of the integration instance. |
| IAM.Vendor.success | Boolean | If true, the command was executed successfully, otherwise false. |
| IAM.Vendor.username | String | The employee's username in the app. |
Command Example
!iam-get-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com"}`
Human Readable Output
Get User Results (ServiceNow IAM)
| brand | instanceName | success | active | id | details | |
|---|---|---|---|---|---|---|
| ServiceNow IAM | ServiceNow IAM_instance_1 | true | true | edab746f1b142410042611b4bd4bcb23 | testdemisto2@paloaltonetworks.com | calendar_integration: 1 country: user_password: last_login_time: source: sys_updated_on: 2020-11-11 14:55:48 building: web_service_access_only: false notification: 2 enable_multifactor_authn: false sys_updated_by: admin sys_created_on: 2020-11-11 14:55:48 sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"} state: vip: false sys_created_by: admin zip: home_phone: time_format: last_login: default_perspective: active: true sys_domain_path: / cost_center: phone: name: Test Demisto_updated employee_number: password_needs_reset: false gender: city: failed_attempts: user_name: roles: title: sys_class_name: sys_user sys_id: edab746f1b142410042611b4bd4bcb23 internal_integration_user: false ldap_server: mobile_phone: street: company: department: first_name: Test email: testdemisto2@paloaltonetworks.com introduction: preferred_language: manager: locked_out: false sys_mod_count: 0 last_name: Demisto_updated photo: avatar: middle_name: sys_tags: time_zone: schedule: date_format: location: |
iam-disable-user
Disable an active user.
Base Command
iam-disable-user
Input
| Argument Name | Description | Required |
|---|---|---|
| user-profile | A User Profile indicator. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| IAM.Vendor.active | Boolean | If true, the employee's status is active, otherwise false. |
| IAM.Vendor.brand | String | Name of the integration. |
| IAM.Vendor.details | string | Indicates if the API was successful or provides error information. |
| IAM.Vendor.email | String | The employee's email address. |
| IAM.Vendor.errorCode | Number | HTTP error response code. |
| IAM.Vendor.errorMessage | String | Reason why the API failed. |
| IAM.Vendor.id | String | The employee's user ID in the app. |
| IAM.Vendor.instanceName | string | Name of the integration instance. |
| IAM.Vendor.success | Boolean | If true, the command was executed successfully, otherwise false. |
| IAM.Vendor.username | String | The employee's username in the app. |
Command Example
!iam-disable-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com"}`
Human Readable Output
Disable User Results (ServiceNow IAM)
| brand | instanceName | success | active | id | details | |
|---|---|---|---|---|---|---|
| ServiceNow IAM | ServiceNow IAM_instance_1 | true | false | edab746f1b142410042611b4bd4bcb23 | testdemisto2@paloaltonetworks.com | calendar_integration: 1 country: user_password: last_login_time: source: sys_updated_on: 2020-11-11 14:55:48 building: web_service_access_only: false notification: 2 enable_multifactor_authn: false sys_updated_by: admin sys_created_on: 2020-11-11 14:55:48 sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"} state: vip: false sys_created_by: admin zip: home_phone: time_format: last_login: default_perspective: active: false sys_domain_path: / cost_center: phone: name: Test Demisto_updated employee_number: password_needs_reset: false gender: city: failed_attempts: user_name: roles: title: sys_class_name: sys_user sys_id: edab746f1b142410042611b4bd4bcb23 internal_integration_user: false ldap_server: mobile_phone: street: company: department: first_name: Test email: testdemisto2@paloaltonetworks.com introduction: preferred_language: manager: locked_out: false sys_mod_count: 0 last_name: Demisto_updated photo: avatar: middle_name: sys_tags: time_zone: schedule: date_format: location: |