Integration prerequisites

ServiceNow SSO requirements

  • Your own domain registered and verified with ServiceNow. For example, you have a login URL such as https://acme.service-now.com.
  • An active ServiceNow account with administrator privileges.
  • A test user created in the Privileged Access ServiceAdmin Portal. For more information about creating users and roles, see Users and Roles.
  • A signed certificate in PEM format. You can either download the standard certificate from Admin Portal or use your organization’s trusted certificate.

Centrify Privileged Access Service requirements

Centrify PAS comes with the following three roles:

  1. x_cenr3_priv_acces.admin:
  • This is the primary role for the application.
  • Only users with this role are able to update application settings and view/edit application-specific tables. Additionally, only users with this role can generate the manual API sync for both the Centrify account and Centrify resource table UI actions.
  1. x_cenr3_priv_acces.approver:
  • This role determines who is a Centrify App Admin approver and is utilized to provide them with quick access to their approval tasks as well as restrict who can close approval tasks.
  • This role cannot modify application settings and is limited to only viewing the two related approval modules.
  1. x_cenr3_priv_acces.permanent.This role is needed to unlock requesting for permanent access.

Configuring the ServiceNow application

Download and configure the Centrify Privileged Access Request. To do this, get the Centrify Privileged Access Request Integration from the ServiceNow Store located at https://store.servicenow.com and follow the ServiceNow instructions on how to install a ServiceNow application.

Configuring an instance

To install and configure the instance, perform the following steps:

  1. As an Admin, grant yourself the x_cenr3_priv_acces.admin role.
  2. In Centrify Privileged Access Request, navigate to Properties and enter your tenant URL in the Centrify Cloud Tenant URL field.
  3. Enter a valid username and password in the Centrify Cloud Service Account and Centrify Cloud Service Account Password fields. A valid username will have admin rights.
  4. Enter the field name of the field that should be used to match the Login name in Centrify PAS. This is often the email field.
  5. Navigate to Centrify Privileged Access Request > Approval Rules and setup the appropriate approval rules that you require.
  6. Navigate to Customize API Sync and select Active to true and update the sync frequency as desired. Save the record.
  7. Set the application approval groups per account by navigating to Accounts.

Note:   For each group, ensure the group has the approval role.

  1. Navigate to Customize Catalog Item and update the item category as desired

Connecting external systems

For applications that contains integration components, outline them and provide integration user creation instructions by doing the following:

Note:   Centrify PAS integration components required.

  1. Create a dedicated integration user by logging into your Centrify Cloud tenant.
  2. Select the Users tab. Click Add User.
  3. Fill out all required user fields and deselect ‘Require password change at login.’
  4. Select Create User.
  5. Grant the user the ‘System Administrator’ role.

Testing the configuration

If your application requires successful communication with external systems, you must test the connection and ensure successful configuration. You can manually sync applications to confirm that you are successfully connected to Centrify Privilege Service. To manually sync, perform the following steps:

  1. In Centrify PAS, navigate to Customize API Sync.
  2. Click Execute Now.