Release Notes

ServiceNow

Configuring the ServiceNow integration for Veza Lifecycle Management

Overview

The Veza integration for ServiceNow enables automated user lifecycle management capabilities. ServiceNow can serve as both a source of identity for lifecycle policies and a target for custom actions that insert records into ServiceNow tables.

Action Type
Description
Supported

SYNC_IDENTITIES

Synchronizes identity attributes between systems, with options to create new identities and update existing ones

โŒ

MANAGE_RELATIONSHIPS

Controls entitlements such as group memberships and role assignments

โŒ

DEPROVISION_IDENTITY

Safely removes or disables access for identities

โŒ

CREATE_ENTITLEMENT

Creates entitlements such as groups or roles

โŒ

CUSTOM_ACTION

Inserts records into any ServiceNow table

โœ…

SOURCE_OF_IDENTITY

ServiceNow can act as a source system for identity lifecycle policies

โœ…

This document includes steps to enable the ServiceNow integration for use in Lifecycle Management, along with supported actions and notes. See Supported Actions for more details.

Enabling Lifecycle Management for ServiceNow

Prerequisites

  1. You will need administrative access in Veza to configure the integration.

  2. Ensure you have an existing ServiceNow integration in Veza or add a new one for use with Lifecycle Management.

  3. Verify your ServiceNow integration has completed at least one successful extraction.

  4. ServiceNow release Tokyo or newer is required.

The existing ServiceNow integration credentials (admin and snc_read_only roles) are sufficient for Lifecycle Management. Custom Actions use the same Table API as the standard integration.

Configuration Steps

To enable the integration:

  1. In Veza, go to the Integrations overview

  2. Search for or create a ServiceNow integration

  3. Check the box to Enable usage for Lifecycle Management

To verify the health of the Lifecycle Management data source:

  1. Use the main Veza navigation menu to open the Lifecycle Management > Integrations page or the Veza Integrations overview

  2. Search for the integration and click the name to view details

  3. In the Properties panel, click the magnifying glass icon under Lifecycle Management Enabled

Supported Actions

ServiceNow can serve as a source for identity information in Lifecycle Management Policies. User identity details, group memberships, and role assignments are synchronized from ServiceNow with changes propagated to connected systems.

ServiceNow can also be a target for Custom Actions that insert records into ServiceNow tables as part of automated workflows.

The integration supports the following lifecycle management Actions:

Source of Identity

ServiceNow provides identity information for lifecycle policies using the ServiceNowUser entity type. The following information is available:

  • User Identities: Users with their email addresses, employee numbers, and profile attributes (entity type: ServiceNowUser)

  • Group Memberships: ServiceNow groups that users belong to are tracked as relationships and can be referenced in transformer policies

  • Role Assignments: ServiceNow roles assigned to users (both direct and inherited) are tracked as relationships and can be referenced in transformer policies

When used as a source of identity, ServiceNow user attributes can be mapped to target systems through attribute transformers and lifecycle management policies.

Custom Action

Custom Actions enable Veza to insert records into any ServiceNow table. This is useful for:

  • Creating incident tickets for access changes

  • Logging audit records for compliance

  • Triggering ServiceNow workflows via table insertions

  • Recording access request approvals or denials

Custom Actions are non-idempotent. Each execution creates a new record in the specified ServiceNow table. Running the same action multiple times will create duplicate records.

Configuration

When configuring a Custom Action for ServiceNow, specify the target table and any additional fields:

Attribute
Required
Type
Description

table

Yes

String

The ServiceNow table name to insert records into

(additional)

No

String

Any additional fields to set on the new record

Attribute names can only contain lowercase letters, numbers, and underscores (a-z, 0-9, _). This matches ServiceNow's field naming conventions.

Example: Creating an Incident Record

To create an incident ticket when access is revoked:

  1. Create a policy with your source of identity (e.g., Workday, Okta)

  2. Configure a workflow with a Custom Action targeting ServiceNow

  3. Set the action attributes:

    Attribute
    Formatter

    table

    incident

    short_description

    Access revoked for {email}

    description

    User {name} ({employee_number}) access revoked

    category

    access_management

    priority

    3

Attribute values use Transformer syntax. Use {attribute_name} to reference source identity attributes (e.g., {email}, {name}, {employee_number}). See the Transformer Reference for available functions.

The Custom Action will POST to the ServiceNow Table API (/api/now/table/incident) and create a new incident record.

Example: Audit Trail Records

To maintain an audit trail of lifecycle management actions:

  1. Create a custom table in ServiceNow for audit records (e.g., u_veza_audit_log)

  2. Configure a Custom Action with:

    Attribute
    Formatter

    table

    u_veza_audit_log

    u_user_email

    {email}

    u_employee_id

    {employee_number}

    u_user_source

    {source}

    u_action_source

    Veza Lifecycle Management

ServiceNow User Attributes

When ServiceNow serves as a source of identity, the following user attributes are available for mapping in transformers:

ServiceNow User Attributes
Property
Type
Description

email

String

User's email address

name

String

User's display name (node name in Veza graph)

employee_number

String

Employee identifier

source

String

Identity source (e.g., LDAP, manual)

is_active

Boolean

Whether the user account is active

is_locked

Boolean

Whether the user account is locked

mfa_active

Boolean

MFA enabled for the user

password_needs_reset

Boolean

Whether the user must reset their password

failed_attempts

Number

Number of failed login attempts

web_service_access_only

Boolean

API-only account (no UI access)

internal_integration_user

Boolean

Internal integration service account

identity_type

String

Identity classification (HUMAN or NONHUMAN)

created_at

Timestamp

Account creation date

last_login_at

Timestamp

Last login date

Custom Properties

If you have configured Custom Properties for your ServiceNow integration, those additional user attributes are also available for use in lifecycle management workflows.

Limitations

  • No User Provisioning: ServiceNow Lifecycle Management does not support creating, updating, or disabling user accounts directly. Use Custom Actions to trigger ServiceNow workflows that handle user provisioning.

  • No Group/Role Management: Direct management of ServiceNow group memberships or role assignments is not supported. Use Custom Actions to create requests that trigger ServiceNow's native provisioning workflows.

  • Non-Idempotent Actions: Custom Actions always create new records. Design workflows accordingly to avoid duplicate entries.

Additional Resources

PreviousSCIMNextSnowflake

Last updated

Was this helpful?