ServiceNow Workflow Management - Creating a Service User

Trustero utilizes a service user to obtain permissions to the applications defined within the ServiceNow Instance. This guide explains how to create that service user.

Pre Requisites

• Oauth is enabled for the ServiceNow instance 
  • https://www.servicenow.com/docs/bundle/zurich-platform-security/page/administer/security/task/t_SettingUpOAuth.html
• An Existing ServiceNow Application
  • https://developer.servicenow.com/dev.do#!/learn/courses/yokohama/app_store_learnv2_buildneedit_yokohama_build_the_needit_application/app_store_learnv2_buildneedit_yokohama_create_the_needit_application_and_application_files/app_store_learnv2_buildneedit_yokohama_creating_an_application

Setup

The following procedure ensures that the Trustero service user has least privilege access to the ServiceNow Instance 

1. Oauth Application Registration 
2. Service Account Creation 
3. Custom Role Creation
4. Application Role Creation

Oauth Application Registration

1. Create an OAuth entity in the Application Registry by using Create File 
   
   
2. Change the Client Type to “Integration as User”
3. Enable Default Grant Type and OAuth Application User if not yet enabled. This is done through the form layout
   1. Open the form layout builder and switch to Global
      1. https://www.servicenow.com/docs/bundle/zurich-platform-security/page/integrate/authentication/task/add-oauth-application-user.html
   2. Add the following columns to the form if not already enabled
      1. Default Grant Type 
      2. Oauth Application User
   3. At the bottom of the App Registry Config page you will see the additional field
      
   4. Now that the form is configured, fill it out. Select form field options:
      1. Client Type: Integration as User
      2. Default Grant Type: Resource Owner Password Credentials
      3. OAuth Application User: (needs to be created, see next section for details)
         
         

Service Account Creation

Upon creation of the Application Registration, we are able to create a user that is dedicated to it.

1. Click the magnifying glass on the side of Oauth Application User
   
2. You will be redirected to the user list, click the New Button
   
3. Create the service user with a dedicated email
   
4. You should be redirected to the user page, remember to select Set Password to provide a password for this new user.
   
   
5. The password will be used in  the Trustero integration

Custom Role Creation

After creating the user, we need to create a role that we can assign to the user

1. Create a Role File
   
2. Fill out the form and click update
   
3. Going back to the User page under the Roles Tab
   
4. Click Edit and add the created Role to the Role List
   

Application Role Creation

With user assigned to the Role, we need to assign the Custom Role to the Application

1. Go to the Application Roles for the Application
   • Application > Security > Role > Agent > Application with Role
     
2. Link the Agent of the Application and the Trustero Role