Configure ServiceNow

Zilla Access Request for ServiceNow Install and Configuration

Step 1: Install Zilla Security Access Requests application from the ServiceNow store.

image-20240910-205558.png

Step 2: Add public key (certificate)

  1. Search for and select “Certificates” in the All menu under System Definition.

    Screen Shot 2024-05-14 at 5.14.26 PM.png

  2. On the Certificates List page, click on New

    1. Name the certificate “Zilla Public Key”

    2. Paste the public key (provided by Zilla) in the certificate field and Submit

Step 3: Add Application Registry (for inbound requests)

  1. Search for and select “Application Registry” in the “All” menu

  2. Select “New” then “Create an OAuth JWT API endpoint for external clients” option

  3. Provide a name for the Application Registry and Submit.

    1. Leave the client secret blank, it will be auto generated)

  4. Go back to the created Application Registry. The client secret would have been auto generated. In JWT Verifier Maps tab, click New

  5. Name the JWT Verifier Map (for example: Zilla JWT Verifier), then select the magnifying glass for Sys Certificate and select the Zilla Public Key

  6. Click on Submit for both JWT verifier map and Application Registry

Step 4: Add Service User

We need to create a Service User that will be used to add comments/make update to service requests.

The email for Service User need to be servicenow-zilla-app@customertenant-domain. For example: if your Zilla tenant domain that you use to log in with is acme.org, the email will be servicenow-zilla-app@acme.org.

  1. Search for “User Administration” and select “Users” from the “All” menu

  2. Click on New to create a new user with the following details

    1. Username: servicenow-zilla-app

    2. Email (from above): servicenow-zilla-app@acme.org

      1. Note: replace the above acme.orgwith the domain you use to access Zilla.

    3. First Name: Zilla

    4. Last Name: ServiceNow Connector

  3. In the Roles tab for the user, click on Edit to add the following roles to the service user:

    1. catalog_admin

    2. sn_request_write

  4. If using onboard provisioning, the following additional role is needed:

    1. approval_admin

Step 5: Configure Zilla to connect to ServiceNow

  1. From within your Zilla tenant, log in as Admin. Go to the Settings tab and under “Discovery & Configuration, select Add ITSM provider

  2. Add the following: ServiceNow Instance URL, Client ID, Client Secret

    1. Note: The Client ID and Secret are from Step 3 above.

  3. Click on Generate Token

    1. This will generate a Client ID and Secret for the next step.

Step 6: Create Application Registry (for outbound requests)

  1. From the All menu, open Application Registry, and click on New.

  2. Select “Connect to a third party OAuth Provider

  3. Enter the following:

    1. Name: Give an appropriate name (e.g. ServiceNow outbound to Zilla)

    2. Client ID: Paste the Zilla generated client id from the previous step (from block 4)

    3. Client Secret: Zilla generated client secret from the previous step (from block 4)

    4. Token URL: Set to (using your Zilla tenant domain)
      https://app.zillasecurity.com/api/oauth2/token?domain=acme.org

    5. Default Grant Type: Select Client Credentials

    6. Click on Submit

  4. Search for and open Rest Message from the All menu

  5. Select Zilla App Integration

    1. Edit the record

    2. Add the Endpoint: https://app.zillasecurity.com (no trailing slash)

    3. In the Authentication section, click on the Search icon for OAuthProfile and select the name that you gave while creating outbound Application Registry and click on Update

    4. Return to the Zilla App Rest Message and click on “Get OAuth Token”. This will open a dialogue box and attempt to fetch an OAuth token:

Step 7: Validate Connection

From within your Zilla instance, click on the “Check Connection” button to validate the connection is successful.

Step 8 - Update System Property for Zilla Base URL

  1. Go to system properties by searching sys_properties in the ALL menu

  2. Search for x_zis_sec_plg.zilla_endpoint

  3. Update to base url of the environment. Prod URL: https://app.zillasecurity.com

Step 9: Sync the Applications and Permissions

Applications and permissions are synced from Zilla and stored in ServiceNow tables. The request forms rely on the tables to show the application/permissions to the requestor. This is a scheduled job and can be run on demand.

To sync “On demand”, please follow the steps below

  1. Go to ServiceNow homepage and search for “Scheduled Jobs

  2. Once the Scheduled Jobs page is open, search for Sync Zilla Applications and Permissions

  3. Once opened, the Scheduled Job page is opened

    1. Clicking on Execute Now will run an on-demand sync

    2. Additional configurations on this page

      1. Sync Run interval

      2. Time Zone (Takes the instance time zone if set to --None--)

      3. Time (At what exact time should the sync job start running)

How to check application logs to determine if the sync has completed

  1. Go to Application Logs from Home Page

  2. Select “Message” from the dropdown and search for *Sync Zilla Application. It should return 3 logs:

    1. Scheduled Job to Sync Zilla Application and Permissions ended at {time}

    2. Starting DB actions to Sync Zilla Application and Permissions for {noOfApps} apps at {time}

    3. Starting scheduled Job to Sync Zilla Application and Permissions at {time}

Additional Information

Configure Backup Approver

If Zilla is not able to assign approvers, this feature (if turned on) will assign people from the configured Group as approvers

  1. Obtain Sys ID of the group

    1. Search “Users and Groups” in All and click on Groups

    2. Find the group by group name

    3. Right click on the Group name, and click on “Copy Sys Id

  2. How to configure backup approver feature

    1. Go to system properties by searching sys_properties.list in All section

    2. Select Application from the dropdown and search for Zilla

    3. The system properties will be displayed and can be changed as desired

System properties and their meanings

Property Name

Description

Default

Property Name

Description

Default

x_zis_sec_plg.backup_approver_flow_enabled

Enable/Disable the backup approver flow

false

x_zis_sec_plg.backup_approver_group_sysid

SysId of the group to be set

empty

x_zis_sec_plg.backup_approver_delay_in_minutes

Delay (in minutes) after which backup approver is set

10

After enabling the feature, please set appropriate values to approver group and delay

Set task assignment group for an application

For task assignment, Zilla workflow will assign the application technical owner (as set in Zilla) to the fulfillment task. Alternatively, an assignment group can be used instead.

 

  1. Go to Zilla Applications table:

If the Assignment Group column is not visible in the Zilla Applications view, such can be added by clicking on the gear icon and moving Assignment Group from Available to Selected.

  1. Click on the Application Name of the application you want to add the assignment group to.

  2. Add the group for task assignment to the Assignment Group field and update the record.

Role-Persona mapping

This is just a representative mapping of expected roles for a Persona. This can vastly differ based on your organization and specific ServiceNow setup

Persona

Roles

Persona

Roles

Requestor

No role/default ServiceNow role

Approver

approver_user & ITIL

Assignee/Fulfiller

ITIL (minimum) or Admin