Centrify Privileged Access Request integration in ServiceNow

The Centrify Privileged Access Request application is designed to serve as an integration between Centrify Privilege Service and the ServiceNow platform. The application allows ServiceNow users to request access to account privileges managed in Centrify Privilege Service by ordering the Centrify Privileged Access Request item in ServiceNow’s catalog. Intended for Self Service users for requesting access through the Service Catalog, ITIL users to process the catalog task, and application administrators for configuring and viewing dashboards, data, and logs regarding the application. The administrators require the application’s user role to view and perform updates within the application. The application includes the following functions and features:

Access features

  • ServiceNow catalog item Centrify Privileged Access Request allows all ServiceNow users to request privilege access to accounts managed by Centrify Privilege Service.
  • Ability for app admins to set account approvers within ServiceNow as well as the ability to define a global approver through a property.
  • A Dashboard for application admins to view current requests and trends.

REST API features

  • Centrify Identity Platform REST API outbound integrations to sync Accounts and Resources through an hourly scheduled job so that the information is persisted in ServiceNow. These integrations can also be triggered on demand through UI actions on their corresponding tables in the application.
  • Centrify Identity Platform REST API outbound integration to gather Centrify user data for their Centrify ID.
  • Centrify Identity Platform vice REST API outbound integration to grant temporary or permanent account privilege access through the application catalog item workflow.
  • Centrify Identity Platform REST API outbound integration to view the privileges the user currently has through the application catalog item workflow.
  • Centrify Identity Platform REST API outbound integration to impersonate the requested for users Centrify ID through the application catalog item workflow.

Architecture Overview

The Centrify Privileged Access Request application creates a one-way integration between ServiceNow and Centrify Privilege Service. Using REST web services, ServiceNow posts and receives JSON data to and from the Centrify Identity Platform API through a scheduled job data sync and thorugh the catalog item and subsequent workflow. Data passed from ServiceNow is processed by the Centrify Identity Platform API and updates the Centrify Privilege Service database. End users view the updates through Centrify Privilege Service. Any updates initiated through Centrify Privilege Service will be synced into ServiceNow through the next run of the scheduled job or through manual sync if initiated by the Application Admin.

Performance considerations

• The application utilizes REST-based web services for all integration points.

• Data is imported using import sets and transformed via transform maps.

• The import set tables are indexed on their coalesce field(s) in order to optimize performance and ensure duplicate records are not created.

• The user’s Centrify ID is stored on the sys_user table so that only one call ever needs to be made to the API to retrieve the ID. All subsequent use cases will retrieve the ID from the sys_user table.

• The user’s privileges are retrieved through the API on demand when submitting the catalog item as opposed to a scheduled job sync to avoid syncing large numbers of users. Instead the privileges are retrieved real time as a user is orders the catalog item.

Requesting access to privileged account credentials and privileged sessions

  1. Navigate to the Centrify Privileged Access Request catalog and choose a resource type from: Database, Domain, or System.

and choose the resource and account:

  1. And finally, enter information for the following fields to conclude access request to privileged account credentials and privileged sessions:
  • Choose Privilege
  • Request Justification
  • Permission Type

    Note:   You can choose between Temporary and Permanent when applying permission.

  • Duration Type
  • Duration
  • Priority
  • Parent Task

  1. Once you have the request information correctly entered, navigate to the top right corner. Select quantity and add to cart or order the request:

Once submitted, you will see an order summary with information like description, delivery date, and stage of procurement: