ServiceNow IAM

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Note: This integration should be used along with our IAM premium pack. For further details, visit our IAM pack documentation.

Integrate with ServiceNow's services to perform Identity Lifecycle Management operations. This integration was integrated and tested with London version of ServiceNow. For more information, please refer to the Identity Lifecycle Management article.

Configure ServiceNow IAM on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for ServiceNow IAM.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlServiceNow URL (https://<domain>.service-now.com)True
api_versionServiceNow API Version (e.g. 'v1'). Specify this value to use an endpoint version other than the latest.False
credentialsUsernameTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
create_user_enabledCreate User Command EnabledFalse
update_user_enabledUpdate User Command EnabledFalse
enable_disable_user_enabledEnable/Disable User Commands EnabledFalse
create_if_not_existsAutomatically create user if not found in update and enable commandsFalse
mapper_inIncoming MapperTrue
mapper_outOutgoing MapperTrue
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

iam-create-user


Creates a user.

Base Command

iam-create-user

Input

Argument NameDescriptionRequired
user-profileUser Profile indicator details.Required
allow-enableEnable the user.Optional

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, the command was executed successfully, otherwise false.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-create-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com", "givenname":"Test","surname":"Demisto"}`

Human Readable Output

Create User Results (ServiceNow IAM)

brandinstanceNamesuccessactiveidemaildetails
ServiceNow IAMServiceNow IAM_instance_1truetrueedab746f1b142410042611b4bd4bcb23testdemisto2@paloaltonetworks.comcalendar_integration: 1
country:
user_password:
last_login_time:
source:
sys_updated_on: 2020-11-11 14:55:48
building:
web_service_access_only: false
notification: 2
enable_multifactor_authn: false
sys_updated_by: admin
sys_created_on: 2020-11-11 14:55:48
sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"}
state:
vip: false
sys_created_by: admin
zip:
home_phone:
time_format:
last_login:
default_perspective:
active: true
sys_domain_path: /
cost_center:
phone:
name: Test Demisto
employee_number:
password_needs_reset: false
gender:
city:
failed_attempts:
user_name:
roles:
title:
sys_class_name: sys_user
sys_id: edab746f1b142410042611b4bd4bcb23
internal_integration_user: false
ldap_server:
mobile_phone:
street:
company:
department:
first_name: Test
email: testdemisto2@paloaltonetworks.com
introduction:
preferred_language:
manager:
locked_out: false
sys_mod_count: 0
last_name: Demisto
photo:
avatar:
middle_name:
sys_tags:
time_zone:
schedule:
date_format:
location:

iam-update-user


Updates an existing user with the data passed in the user-profile argument.

Base Command

iam-update-user

Input

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
allow-enableEnable the user.Optional

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, the command was executed successfully, otherwise false.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-update-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com", "givenname":"Test","surname":"Demisto_updated"}`

Human Readable Output

Update User Results (ServiceNow IAM)

brandinstanceNamesuccessactiveidemaildetails
ServiceNow IAMServiceNow IAM_instance_1truetrueedab746f1b142410042611b4bd4bcb23testdemisto2@paloaltonetworks.comcalendar_integration: 1
country:
user_password:
last_login_time:
source:
sys_updated_on: 2020-11-11 14:55:48
building:
web_service_access_only: false
notification: 2
enable_multifactor_authn: false
sys_updated_by: admin
sys_created_on: 2020-11-11 14:55:48
sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"}
state:
vip: false
sys_created_by: admin
zip:
home_phone:
time_format:
last_login:
default_perspective:
active: true
sys_domain_path: /
cost_center:
phone:
name: Test Demisto_updated
employee_number:
password_needs_reset: false
gender:
city:
failed_attempts:
user_name:
roles:
title:
sys_class_name: sys_user
sys_id: edab746f1b142410042611b4bd4bcb23
internal_integration_user: false
ldap_server:
mobile_phone:
street:
company:
department:
first_name: Test
email: testdemisto2@paloaltonetworks.com
introduction:
preferred_language:
manager:
locked_out: false
sys_mod_count: 0
last_name: Demisto_updated
photo:
avatar:
middle_name:
sys_tags:
time_zone:
schedule:
date_format:
location:

iam-get-user


Retrieves a single user resource.

Base Command

iam-get-user

Input

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, the command was executed successfully, otherwise false.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-get-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com"}`

Human Readable Output

Get User Results (ServiceNow IAM)

brandinstanceNamesuccessactiveidemaildetails
ServiceNow IAMServiceNow IAM_instance_1truetrueedab746f1b142410042611b4bd4bcb23testdemisto2@paloaltonetworks.comcalendar_integration: 1
country:
user_password:
last_login_time:
source:
sys_updated_on: 2020-11-11 14:55:48
building:
web_service_access_only: false
notification: 2
enable_multifactor_authn: false
sys_updated_by: admin
sys_created_on: 2020-11-11 14:55:48
sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"}
state:
vip: false
sys_created_by: admin
zip:
home_phone:
time_format:
last_login:
default_perspective:
active: true
sys_domain_path: /
cost_center:
phone:
name: Test Demisto_updated
employee_number:
password_needs_reset: false
gender:
city:
failed_attempts:
user_name:
roles:
title:
sys_class_name: sys_user
sys_id: edab746f1b142410042611b4bd4bcb23
internal_integration_user: false
ldap_server:
mobile_phone:
street:
company:
department:
first_name: Test
email: testdemisto2@paloaltonetworks.com
introduction:
preferred_language:
manager:
locked_out: false
sys_mod_count: 0
last_name: Demisto_updated
photo:
avatar:
middle_name:
sys_tags:
time_zone:
schedule:
date_format:
location:

iam-disable-user


Disable an active user.

Base Command

iam-disable-user

Input

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, the command was executed successfully, otherwise false.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-disable-user user-profile=`{"email":"testdemisto2@paloaltonetworks.com"}`

Human Readable Output

Disable User Results (ServiceNow IAM)

brandinstanceNamesuccessactiveidemaildetails
ServiceNow IAMServiceNow IAM_instance_1truefalseedab746f1b142410042611b4bd4bcb23testdemisto2@paloaltonetworks.comcalendar_integration: 1
country:
user_password:
last_login_time:
source:
sys_updated_on: 2020-11-11 14:55:48
building:
web_service_access_only: false
notification: 2
enable_multifactor_authn: false
sys_updated_by: admin
sys_created_on: 2020-11-11 14:55:48
sys_domain: {"link": "https://ven03941.service-now.com/api/now/table/sys_user_group/global", "value": "global"}
state:
vip: false
sys_created_by: admin
zip:
home_phone:
time_format:
last_login:
default_perspective:
active: false
sys_domain_path: /
cost_center:
phone:
name: Test Demisto_updated
employee_number:
password_needs_reset: false
gender:
city:
failed_attempts:
user_name:
roles:
title:
sys_class_name: sys_user
sys_id: edab746f1b142410042611b4bd4bcb23
internal_integration_user: false
ldap_server:
mobile_phone:
street:
company:
department:
first_name: Test
email: testdemisto2@paloaltonetworks.com
introduction:
preferred_language:
manager:
locked_out: false
sys_mod_count: 0
last_name: Demisto_updated
photo:
avatar:
middle_name:
sys_tags:
time_zone:
schedule:
date_format:
location: