Skip to main content

ServiceNow IAM

This Integration is part of the ServiceNow Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Note: This integration should be used along with our IAM premium pack. For further details, visit our IAM pack documentation.

Integrate with ServiceNow's services to perform Identity Lifecycle Management operations. This integration was integrated and tested with London version of ServiceNow. For more information, please refer to the Identity Lifecycle Management article.

Configure ServiceNow IAM in Cortex#

ParameterDescriptionRequired
urlServiceNow URL (https://domain.service-now.com\)True
api_versionServiceNow API Version (e.g. 'v1'). Specify this value to use an endpoint version other than the latest.False
credentialsUsernameTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
create_user_enabledAllow creating usersFalse
update_user_enabledAllow updating usersFalse
enable_user_enabledAllow enabling usersFalse
disable_user_enabledAllow disabling usersFalse
create_if_not_existsAutomatically create user if not found in update and enable commandsFalse
mapper_inIncoming MapperTrue
mapper_outOutgoing MapperTrue

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

iam-create-user#


Creates a user.

Base Command#

iam-create-user

Input#

Argument NameDescriptionRequired
user-profileUser Profile indicator details.Required
allow-enableEnable the user.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, the command was executed successfully, otherwise false.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-create-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com", "givenname":"Test","surname":"Demisto"}`

Human Readable Output#

Create User Results (ServiceNow IAM)#

brandinstanceNamesuccessactiveidemaildetails
ServiceNow IAMServiceNow IAM_instance_1truetrueedab746f1b142410042611b4bd4bcb23testdemisto2@paloaltonetworks.comcalendar_integration: 1
country:
user_password:
last_login_time:
source:
sys_updated_on: 2020-11-11 14:55:48
building:
web_service_access_only: false
notification: 2
enable_multifactor_authn: false
sys_updated_by: admin
sys_created_on: 2020-11-11 14:55:48
sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"}
state:
vip: false
sys_created_by: admin
zip:
home_phone:
time_format:
last_login:
default_perspective:
active: true
sys_domain_path: /
cost_center:
phone:
name: Test Demisto
employee_number:
password_needs_reset: false
gender:
city:
failed_attempts:
user_name:
roles:
title:
sys_class_name: sys_user
sys_id: edab746f1b142410042611b4bd4bcb23
internal_integration_user: false
ldap_server:
mobile_phone:
street:
company:
department:
first_name: Test
email: testdemisto2@paloaltonetworks.com
introduction:
preferred_language:
manager:
locked_out: false
sys_mod_count: 0
last_name: Demisto
photo:
avatar:
middle_name:
sys_tags:
time_zone:
schedule:
date_format:
location:

iam-update-user#


Updates an existing user with the data passed in the user-profile argument.

Base Command#

iam-update-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
allow-enableEnable the user.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, the command was executed successfully, otherwise false.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-update-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com", "givenname":"Test","surname":"Demisto_updated"}`

Human Readable Output#

Update User Results (ServiceNow IAM)#

brandinstanceNamesuccessactiveidemaildetails
ServiceNow IAMServiceNow IAM_instance_1truetrueedab746f1b142410042611b4bd4bcb23testdemisto2@paloaltonetworks.comcalendar_integration: 1
country:
user_password:
last_login_time:
source:
sys_updated_on: 2020-11-11 14:55:48
building:
web_service_access_only: false
notification: 2
enable_multifactor_authn: false
sys_updated_by: admin
sys_created_on: 2020-11-11 14:55:48
sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"}
state:
vip: false
sys_created_by: admin
zip:
home_phone:
time_format:
last_login:
default_perspective:
active: true
sys_domain_path: /
cost_center:
phone:
name: Test Demisto_updated
employee_number:
password_needs_reset: false
gender:
city:
failed_attempts:
user_name:
roles:
title:
sys_class_name: sys_user
sys_id: edab746f1b142410042611b4bd4bcb23
internal_integration_user: false
ldap_server:
mobile_phone:
street:
company:
department:
first_name: Test
email: testdemisto2@paloaltonetworks.com
introduction:
preferred_language:
manager:
locked_out: false
sys_mod_count: 0
last_name: Demisto_updated
photo:
avatar:
middle_name:
sys_tags:
time_zone:
schedule:
date_format:
location:

iam-get-user#


Retrieves a single user resource.

Base Command#

iam-get-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, the command was executed successfully, otherwise false.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-get-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com"}`

Human Readable Output#

Get User Results (ServiceNow IAM)#

brandinstanceNamesuccessactiveidemaildetails
ServiceNow IAMServiceNow IAM_instance_1truetrueedab746f1b142410042611b4bd4bcb23testdemisto2@paloaltonetworks.comcalendar_integration: 1
country:
user_password:
last_login_time:
source:
sys_updated_on: 2020-11-11 14:55:48
building:
web_service_access_only: false
notification: 2
enable_multifactor_authn: false
sys_updated_by: admin
sys_created_on: 2020-11-11 14:55:48
sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"}
state:
vip: false
sys_created_by: admin
zip:
home_phone:
time_format:
last_login:
default_perspective:
active: true
sys_domain_path: /
cost_center:
phone:
name: Test Demisto_updated
employee_number:
password_needs_reset: false
gender:
city:
failed_attempts:
user_name:
roles:
title:
sys_class_name: sys_user
sys_id: edab746f1b142410042611b4bd4bcb23
internal_integration_user: false
ldap_server:
mobile_phone:
street:
company:
department:
first_name: Test
email: testdemisto2@paloaltonetworks.com
introduction:
preferred_language:
manager:
locked_out: false
sys_mod_count: 0
last_name: Demisto_updated
photo:
avatar:
middle_name:
sys_tags:
time_zone:
schedule:
date_format:
location:

iam-disable-user#


Disable an active user.

Base Command#

iam-disable-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, the command was executed successfully, otherwise false.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-disable-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com"}`

Human Readable Output#

Disable User Results (ServiceNow IAM)#

brandinstanceNamesuccessactiveidemaildetails
ServiceNow IAMServiceNow IAM_instance_1truefalseedab746f1b142410042611b4bd4bcb23testdemisto2@paloaltonetworks.comcalendar_integration: 1
country:
user_password:
last_login_time:
source:
sys_updated_on: 2020-11-11 14:55:48
building:
web_service_access_only: false
notification: 2
enable_multifactor_authn: false
sys_updated_by: admin
sys_created_on: 2020-11-11 14:55:48
sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"}
state:
vip: false
sys_created_by: admin
zip:
home_phone:
time_format:
last_login:
default_perspective:
active: false
sys_domain_path: /
cost_center:
phone:
name: Test Demisto_updated
employee_number:
password_needs_reset: false
gender:
city:
failed_attempts:
user_name:
roles:
title:
sys_class_name: sys_user
sys_id: edab746f1b142410042611b4bd4bcb23
internal_integration_user: false
ldap_server:
mobile_phone:
street:
company:
department:
first_name: Test
email: testdemisto2@paloaltonetworks.com
introduction:
preferred_language:
manager:
locked_out: false
sys_mod_count: 0
last_name: Demisto_updated
photo:
avatar:
middle_name:
sys_tags:
time_zone:
schedule:
date_format:
location: