Configure ServiceNow
- 1 Zilla Access Request for ServiceNow Install and Configuration
- 1.1 Step 1: Install Zilla Security Access Requests application from the ServiceNow store.
- 1.2 Step 2: Add public key (certificate)
- 1.3 Step 3: Add Application Registry (for inbound requests)
- 1.4 Step 4: Add Service User
- 1.5 Step 5: Configure Zilla to connect to ServiceNow
- 1.6 Step 6: Create Application Registry (for outbound requests)
- 1.7 Step 7: Validate Connection
- 1.8 Step 8 - Update System Property for Zilla Base URL
- 1.9 Step 9: Sync the Applications and Permissions
- 2 Additional Information
Zilla Access Request for ServiceNow Install and Configuration
Step 1: Install Zilla Security Access Requests application from the ServiceNow store.
Step 2: Add public key (certificate)
Search for and select “Certificates” in the All menu under System Definition.
On the Certificates List page, click on New
Name the certificate “Zilla Public Key”
Paste the public key (provided by Zilla) in the certificate field and Submit
Step 3: Add Application Registry (for inbound requests)
Search for and select “Application Registry” in the “All” menu
Select “New” then “Create an OAuth JWT API endpoint for external clients” option
Provide a name for the Application Registry and Submit.
Leave the client secret blank, it will be auto generated)
Go back to the created Application Registry. The client secret would have been auto generated. In JWT Verifier Maps tab, click New
Name the JWT Verifier Map (for example: Zilla JWT Verifier), then select the magnifying glass for Sys Certificate and select the Zilla Public Key
Click on Submit for both JWT verifier map and Application Registry
Step 4: Add Service User
We need to create a Service User that will be used to add comments/make update to service requests.
The email for Service User need to be servicenow-zilla-app@customertenant-domain
. For example: if your Zilla tenant domain that you use to log in with is acme.org, the email will be servicenow-zilla-app@acme.org.
Search for “User Administration” and select “Users” from the “All” menu
Click on New to create a new user with the following details
Username: servicenow-zilla-app
Email (from above):
servicenow-zilla-app@acme.org
Note: replace the above
acme.org
with the domain you use to access Zilla.
First Name: Zilla
Last Name: ServiceNow Connector
In the Roles tab for the user, click on Edit to add the following roles to the service user:
catalog_admin
sn_request_write
If using onboard provisioning, the following additional role is needed:
approval_admin
Step 5: Configure Zilla to connect to ServiceNow
From within your Zilla tenant, log in as Admin. Go to the Settings tab and under “Discovery & Configuration, select Add ITSM provider
Add the following: ServiceNow Instance URL, Client ID, Client Secret
Note: The Client ID and Secret are from Step 3 above.
Click on Generate Token
This will generate a Client ID and Secret for the next step.
Step 6: Create Application Registry (for outbound requests)
From the All menu, open Application Registry, and click on New.
Select “Connect to a third party OAuth Provider”
Enter the following:
Name: Give an appropriate name (e.g. ServiceNow outbound to Zilla)
Client ID: Paste the Zilla generated client id from the previous step (from block 4)
Client Secret: Zilla generated client secret from the previous step (from block 4)
Token URL: Set to (using your Zilla tenant domain)
https://app.zillasecurity.com/api/oauth2/token?domain=acme.org
Default Grant Type: Select Client Credentials
Click on Submit
Search for and open Rest Message from the All menu
Select Zilla App Integration
Edit the record
Add the Endpoint: https://app.zillasecurity.com (no trailing slash)
In the Authentication section, click on the Search icon for OAuthProfile and select the name that you gave while creating outbound Application Registry and click on Update
Return to the Zilla App Rest Message and click on “Get OAuth Token”. This will open a dialogue box and attempt to fetch an OAuth token:
Step 7: Validate Connection
From within your Zilla instance, click on the “Check Connection” button to validate the connection is successful.
Step 8 - Update System Property for Zilla Base URL
Go to system properties by searching
sys_properties
in the ALL menuSearch for
x_zis_sec_plg.zilla_endpoint
Update to base url of the environment. Prod URL:
https://app.zillasecurity.com
Step 9: Sync the Applications and Permissions
Applications and permissions are synced from Zilla and stored in ServiceNow tables. The request forms rely on the tables to show the application/permissions to the requestor. This is a scheduled job and can be run on demand.
To sync “On demand”, please follow the steps below
Go to ServiceNow homepage and search for “Scheduled Jobs”
Once the Scheduled Jobs page is open, search for
Sync Zilla Applications and Permissions
Once opened, the Scheduled Job page is opened
Clicking on Execute Now will run an on-demand sync
Additional configurations on this page
Sync Run interval
Time Zone (Takes the instance time zone if set to --None--)
Time (At what exact time should the sync job start running)
How to check application logs to determine if the sync has completed
Go to Application Logs from Home Page
Select “Message” from the dropdown and search for
*Sync Zilla Application
. It should return 3 logs:Scheduled Job to Sync Zilla Application and Permissions ended at {time}
Starting DB actions to Sync Zilla Application and Permissions for {noOfApps} apps at {time}
Starting scheduled Job to Sync Zilla Application and Permissions at {time}
Additional Information
Configure Backup Approver
If Zilla is not able to assign approvers, this feature (if turned on) will assign people from the configured Group as approvers
Obtain Sys ID of the group
Search “Users and Groups” in All and click on Groups
Find the group by group name
Right click on the Group name, and click on “Copy Sys Id”
How to configure backup approver feature
Go to system properties by searching
sys_properties.list
in All sectionSelect Application from the dropdown and search for Zilla
The system properties will be displayed and can be changed as desired
System properties and their meanings
Property Name | Description | Default |
---|---|---|
x_zis_sec_plg.backup_approver_flow_enabled | Enable/Disable the backup approver flow | false |
x_zis_sec_plg.backup_approver_group_sysid | SysId of the group to be set | empty |
x_zis_sec_plg.backup_approver_delay_in_minutes | Delay (in minutes) after which backup approver is set | 10 |
After enabling the feature, please set appropriate values to approver group and delay
Set task assignment group for an application
For task assignment, Zilla workflow will assign the application technical owner (as set in Zilla) to the fulfillment task. Alternatively, an assignment group can be used instead.
Go to Zilla Applications table:
If the Assignment Group column is not visible in the Zilla Applications view, such can be added by clicking on the gear icon and moving Assignment Group from Available to Selected.
Click on the Application Name of the application you want to add the assignment group to.
Add the group for task assignment to the Assignment Group field and update the record.
Role-Persona mapping
This is just a representative mapping of expected roles for a Persona. This can vastly differ based on your organization and specific ServiceNow setup
Persona | Roles |
---|---|
Requestor | No role/default ServiceNow role |
Approver | approver_user & ITIL |
Assignee/Fulfiller | ITIL (minimum) or Admin |