ServiceNow Ticketing integration - Manual

ServiceNow can be configured to create tickets directly from Oleria. There are 2 methods to configure ServiceNow for ticketing. This document describes the manual steps to setup ServiceNow before configuring in Oleria workspace. Follow the pre-requisites and the steps below. <doc_information>Note: ServiceNow tickets will be created as an incident ticket  and the ticket will be assigned to the configured assignment group.<doc_information>

​

Pre-requisites

• User account to perform the setup steps in ServiceNow. The account needs to be able to do the following actions. See relevant ServiceNow documentation to learn more about necessary access needed to perform these actions.- Add a  x509 Certificate
  • Add an Application Registry
  • Add a User
  • View a Group
• Oleria public key
• Administrator access to Oleria to access the Ticketing System page. Learn about role permissions.

​

Manual Steps to Integrate

​

Step 1: Download Certificate

1. Login to Oleria.
2. Click on the Avator icon on the upper right hand corner.
3. Click the Ticketing integration option.
4. From the Ticketing system page, click the Download public key button to download the file containing the public key (oleria-public-key.pem).

​

Step 2: Steps in ServiceNow

While following the steps in ServiceNow, certain data needs to be collected to be used later during the Oleria configuration. The data to collect are:

• Client ID
• Kid (Key ID or Key IDentifier)
• Claim Value (Oleria service account email address)
• sys_id (assignment group sys_id)

​

Step 2a: Upload Oleria’s Public Certificate to your ServiceNow Instance

1. Log into your ServiceNow instance with administrator credentials.
2. From the All menu, navigate to x509 Certificate page under Multi-Provider SSO > Administration section.
3. Create a new x509 certificate. 1. From x.509 Certificates page, click the New button from the upper right-hand corner. 2. From New record page, type in the following information

3. For PEM Certificate, copy and paste Oleria’s public certificate here.

            4. Click **Submit **button.

​

Step 2b: Create an OAuth JWT Application

1. From the All menu, navigate to Application Registry page under System OAuth section.
2. From Application Registries page, click the New button from the upper right-hand corner.
3. From What kind of OAuth application? page, click Create an OAuth JWT API endpoint for external clients link.
4. From OAuth JWT - New Record page, reveal the **Public Client **hidden field in the form layout.1. Click on the three horizontal lines icon next to **New Section New Record **in the upper-left corner of the page. 2. Click on Configure menu option and then click Form Layout option. 3. From Configuring OAuth JWT form page, under the Available column, find the Public Client field, select the Public Client field, and then click the arrow pointing to the right which is between Available and Selected columns to select the field to display in the layout.

<doc_information>NOTE: If you cannot find “Public Client” under “Available” check “Selected” instead. If “Public Client” is in the “Selected” column, proceed to the next step<doc_information>

4. Click Save button on the upper right-hand corner of the page.
5. From OAuth JWT - New Record page, type in the following information

1. Leave the remaining fields with their default values (including leaving Client Secret value blank).
2. COPY the Client ID value to use later during Oleria integration.
3. From OAuth JWT - New Record page, add useraccount to the **Auth Scope **for the JWT application.
   1. From the Auth Scope section, double-click on Insert a new row… link
   2. In the newly appeared textbox, search for useraccount, select one of the results from the dropdown menu, and then click on the green check icon.
   3. Click Submit button

​

2c: Map Oleria’s public key to the new OAuth JWT Application

1. From Application Registries page, find and view the OAuth JWT application you created. (it may be called Oleria ServiceNow Incident Creation JWT OAuth - tenantName).1. To navigate to Application Registry page, from the All menu, navigate to Application Registry page under System OAuth section.
2. From the OAuth JWT Application page, scroll to the bottom of the page to the Jwt Verifier Maps tab.
3. From the OAuth JWT Application page, add a Jwt Verifier Map.1. From the Jwt Verifier Map tab, click New button. 2. From Jwt Verifier Map - New Record page, type in the following information.

3. COPY the Kid (Key ID or Key IDentifier) value to use later during Oleria integration.
4. Click Submit button.

​

Step 2d: Limit access to the new OAuth JWT Application to only Oleria service account

1. From the OAuth JWT Application page, scroll to the bottom of the page to the OAuth JWT Claim Validations tab.
2. From the OAuth JWT Claim Validations tab, click New button.
3. From OAuth JWT Claim Validation - New Record page, type in the following information1. From the OAuth JWT Claim Validations tab, click New button. 2. From OAuth JWT Claim Validation - New Record page, type in the following informations

3. COPY the Claim Value (Oleria service account email address) value to use later during Oleria integration.
4. Click Submit button.

​

Step 2e: Find/Create a role with write access to the “Incidents” table

1. From the All menu, navigate to Roles page under System Security > Users and Groups section.
2. From the Roles page, search for a role named sn_incident_write. If a record is found, then continue to the next section (Create a service account). If the record does not exist, then create a new role.

​

Step 2f: Create a service account

1. From the All menu, navigate to Users page under User Administration section.
2. From Users page, click the New button from the upper right-hand corner.
3. From User - New Record page, type in the following information.

1. Click Submit button.

​

Step 2g: Associate role to the new service account

1. From the All menu, navigate to Users page under User Administration section.
2. From Users page, search for the created Oleria service account (e.g.  “Oleria Integrator - tenantName”) and click on its name.
3. From the User page, scroll down to the bottom of the page and click on Roles tab.
4. From the Roles tab, click on Edit… button.
5. From Edit Members page, from the Collection column, search for sn_incident_write role, select the role, and then click on the Add icon (arrow pointing to the right) found in between the Collection and Roles List columns to add the role to the selection list.
6. From Edit Members page, click Save button.

​

Step 2h: Find the Assignment Group sys_id

1. From the All menu, navigate to Groups page under System Security > Users and Groups section.
2. From Groups page, find the group you want to assign incidents to (eg RiskRemediators) and view the group. Create a new group if needed.
3. From the **Group **page, click on the three horizontal lines icon in the upper left-hand corner, and then click Copy sys_id option.
4. COPY the sys_id (assignment group sys_id) value to use later during Oleria integration.

​

Step 3: Steps in Oleria

1. To navigate to the page to integrate the ticketing system, there are 2 methods. They are the following: 1. From the Risk Monitoring page, click on any risk and you will be suggested to integrate a ticketing system. 2. From the Avator on the upper right hand corner, click on the Avatar, and then click Ticketing system.

<doc_warning>Warning: Ticketing system is not configured from the Integrations page. <doc_warning>

1. From the Ticketing system page, follow the prerequisite instructions for the ticketing system. These are the steps that were followed previously in Step 2: Steps in ServiceNow.
2. From the Ticketing system page, under the desired ticketing system (ServiceNow), click Connect.
3. From the **Ticketing System Authentication **page,  provide the information needed to connect to the ticketing system and then click Connect.1. Provide the following information:

1. From the **Ticketing System Configuration **page, provide the information that will be used to create the ticket and then click Done.some text1. Provide the following information:

1. A confirmation message will appear.
2. The **Ticketing system **page will show the configured ticket system only.

​

Locate Assignment Group ID

1. From the All menu, navigate to Groups page under System Security > Users and Groups section.
2. From Groups page, find the group you want to assign incidents to (eg RiskRemediators) and view the group. Create a new group if needed.
3. From the **Group **page, click on the three horizontal lines icon in the upper left-hand corner, and then click Copy sys_id option.
4. COPY the sys_id (assignment group sys_id) value to use later during Oleria integration.

​

Created Ticket

A ticket created for a risk from Risk Monitoring will contain the following default field values:

​

Troubleshoot

​

Caller value does not appear in the Ticket

The Oleria Service Account’s email address exists with another user accounts that that is causing confusion on which email user to list as the caller. Resolution: Change the Oleria Service Account’s email address to another email address and then update the email address associated with the Application Registration for the OAuth JWT Claim Validation email address listed in the JWT Application that was created for Oleria.

​

Contact us

For questions about this integration, please contact us at support@oleria.com.