Integrate ServiceNow 编辑

Integrate with ServiceNow to submit and monitor requests, and take action from any device, intranet, or messenger using Citrix Workspace.

Note

We provide two ServiceNow integration templates for your use. We recommend using the newer HTTP integration for most use-cases. The HTTP integration provides more power to configure the cached data structure. The set-up process for each integration is identical. For full details of the microapps available in each integration, see Use ServiceNow microapps.

Use the following process to enable the ServiceNow Integration. Ensure you meet the prerequisites, enable API access, and assign a role to the dedicated user. After you complete this process, your existing level of audit logging persists, including any actions carried out by the use of Citrix Microapps.

This integration enables you to:

• create a task in Workspace Experience. The solution adds an “opened_by” parameter to the API request based on the currently logged-in user. If you explicitly define the “opened_by” parameter in the service action parameters settings, it replaces the default value
• approve requests within the microapp. The solution adds the sentence Approval state set by the user_name to the comment field to identify who performed the approval
• create a new Service Catalog Request from the microapp. The solution adds the “requested_for” parameter to the API request based on the currently logged-in user

For a comprehensive list of out-of-the-box ServiceNow microapps, see Use ServiceNow microapps.

Review prerequisites

These prerequisites assume you administer the ServiceNow instance of your organization to set up the integration.

Workspace users need proper roles assigned to complete service actions. Proper roles depend on your ServiceNow configuration.

You must have these details to add the integration in Citrix Workspace Microapps:

• Base URL: This is your instance URL. You must enter your instance Base URL or simply replace {cloud-id} in the example with your customer ID.
• Authorization URL: Replace {customer-id} in the example with your customer ID, https://{customer-id}.service-now.com/oauth_auth.do This is the authorization server URL provided when setting up the target application integration.
• Token URL Replace {customer-id} in the example with your customer ID: https://{customer-id}.service-now.com/oauth_token.do. This is the URL of the access authorization token.
• Username: This and Password are the credentials of the service account with access to the full table structure and all tables in ServiceNow.
• Password: This and Username are the credentials of the service account with access to the full table structure and all tables in ServiceNow.
• Client ID: You collect the Client ID by registering the OAuth client in your ServiceNow account. The Client ID and the Client Secret are the same for both Service authentication and Service action authentication.
• Client Secret: You collect the Client Secret by registering the OAuth client in your ServiceNow account. The Client ID and the Client Secret are the same for both Service authentication and Service action authentication.

Note

It is recommended that you always use OAuth 2.0 as your service authentication method where available. OAuth 2.0 ensures that your integration meets the maximum security compliance with your configured microapp.

• Obtain a new oauth2 client_id and client_secret and define the scope of the client’s application.

• Configure Citrix Gateway to support single sign-on for ServiceNow so that once users log in they are automatically logged in again without having to enter their credentials a second time. Follow the instructions in ServiceNow Single Sign-on Configuration. For more information about configuring SSO, see Citrix Gateway Service.

New HTTP integration privileges

Your ServiceNow admin account must have read access to all tables that we are fetching in the integration. See the list below:

• change_request
• incident
• problem
• sc_cat_item
• sys_user
• task
• cmn_location
• core_company
• sc_req_item
• sc_request
• sys_journal_field
• sys_user_delegate
• sys_user_group
• sys_user_has_role
• sys_user_role
• sys_user_role_contains
• sysapproval_approver
• sys_choice
• sc_item_option_mtom

Important

The ServiceNow admin account that administers the HTTP integration must have the timezone set to GMT. This is required to correct time handling in Workspace and in incremental data synchronization. If you see any time mismatch, first check these settings to resolve the issue.

ServiceNow roles

We recommend the following ServiceNow roles:

• approval_admin
• itil
• personalize_choices
• snc_read_only

Legacy integration privileges

This ServiceNow admin account must have full data access privileges. If you choose to use a separate ServiceNow account for the Microapps integration, you need to manually add read permissions on restricted tables, such as like sys_journal_field. Specifically, the administrator needs access to the following tables as they include information about the data structure of ServiceNow:

• sys_db_object
• sys_dictionary
• sys_choice

Enable API access for required tables

Most of the ServiceNow tables are enabled for access via web services by default. To confirm if a table you want to synchronize with Workspace is accessible via web services:

1. Log in to ServiceNow.
2. Select System Definition > Tables.
3. Select the Information icon next to the table name that you want to confirm. Select Open record. Select the Application Access tab and ensure that the “Allow access to this table via web services” check box is enabled.
4. Select the check box if necessary, and click Update to save your settings.

Add Callback URLs

Add a custom URL to your instance configuration to grant access to private data and enable OAuth authenticated user actions.

Note

This section of the URL {yourmicroappserverurl} is composed of a tenant part, a region part, and an environment part: https://{tenantID}.{region(us/eu/ap-s)}.iws.cloud.com.

1. Log in to ServiceNow as an admin.
2. Navigate to System OAuth > Application Registry, and select New.
3. Select Create an OAuth API endpoint for external clients.

4. Enter the following authorized redirect URLs for this integration in the Redirect URL field separated by a comma:

   • https://{yourmicroappserverurl}/admin/api/gwsc/auth/serverContext
   • https://{yourmicroappserverurl}/app/api/auth/serviceAction/callback

   Ensure that PKCE required is not selected.

5. Click Submit.

Filter queries

Most ServiceNow entities support filtering. The sysparm_query URL parameter of the Table API GET method allows filtering. Choose predefined queries or write your own custom queries. For more information, consult the ServiceNow REST API reference and product documentation.

Note

If the query or any part of it is invalid, then the invalid part is ignored, as specified in the ServiceNow documentation.

Examples:

// Only Active objects:
active=true

// Updated in the last 2 days:
sys_updated_onONLast%20day@javascript:gs.daysAgoStart(1)@javascript:gs.daysAgoEnd(0)

// Updated in the last 3 hours:
sys_updated_onONLast%20hour@javascript:gs.hoursAgoStart(2)@javascript:gs.hoursAgoEnd(0)

// Updated in the last 4 months:
sys_updated_onONLast%20month@javascript:gs.monthsAgoStart(3)@javascript:gs.monthsAgoEnd(0)