First, a short video on how EmpowerID and ServiceNow can work together.
EmpowerID and ServiceNow – Better Together
Combining ServiceNow with the Compliant Access Delivery platform of EmpowerID gives you two best of breed solutions.
This not only enables you to enhance your organization’s service management capabilities, but also provides you with a true end-to-end secure automation of critical processes for your global and mobile workforce.
EmpowerID ensures visibility and control over your critical systems by inventorying and automating the lifecycle of identities and their access within your ServiceNow landscape.
EmpowerID is built on workflows and, through our Orchestration Pack, connectors, and jobs, enables you to deploy business workflows directly within your ServiceNow systems.
It accomplishes this by providing an accurate catalog of requestable entitlements from all your on-premise and Cloud systems which, when approved, provides the ability for immediate access fulfillment in target systems. (Refer to Orchestration Pack – Entitlement Sync and Workflows, below, for further details.)
Watch a short overview of EmpowerID's integration with the ServiceNow ITSM platform:
Identity Lifecycle for ServiceNow
EmpowerID Identity Lifecycle for ServiceNow automates account provisioning and access assignment. By automating policy-based “Compliant Access”, it eliminates security problems and human errors associated with the manual user creation and access assignment for ServiceNow.
It is possible to manually trigger lifecycle events via workflows, but they are usually detected as changes emanating from the HR system.
When EmpowerID detects changes, it then handles the automatic provisioning and deprovisioning across all your environments and tenants.
Furthermore, on deprovisioning, graceful handover of responsibilities and the transfer of data ownership is carried out in accordance with your own pre-defined business policies.
Zero Trust Delegated Administration for ServiceNow
Though EmpowerID follows the Zero Trust strategy, out of the box, ServiceNow’s roles and security model does not.
One key aspect of the Zero Trust model is to never grant users permanent unproxied access to systems.
This is because unproxied access is difficult to monitor and attackers can easily compromise openings made by organizations allowing permanent privileged access.It is also why we designed EmpowerID as we did.
EmpowerID overlays a single unified security model on top of the native application or system which, in this case, is ServiceNow.
This overlay integrates EmpowerID’s security model with that of the native system and allows EmpowerID’s granular model to be subsequently applied.
The result being that though granularity is not supported in the original ServiceNow security model itself, we can now delegate granular administrative privileges to users within specific business units or partner organizations via EmpowerID—ServiceNow is now Zero Trust capable.
This fine-grained delegation supports even the most complex global organizations and multitenancy scenarios to control exactly who may see which objects and identities, who may perform which tasks, and all without granting any native administrative privileges.
ServiceNow Compliance and Recertification
EmpowerID’s granular control, capability, and functionality also extends to other areas, such as breezing through audits.
Maintaining control and visibility over your many ServiceNow environments can pose a huge headache for auditors.
Up to now, to complete a certification process, it may have been difficult to prove who has access to which applications and roles.
Now, because EmpowerID maintains an up to date audit and can provide complete control over who has access to what across all your ServiceNow tenants, producing this proof almost automatic.
In addition, built-in attestation policies allow for rapid periodic recertification of ServiceNow group and role assignments thereby eliminating the hassle of auditing this critical infrastructure.
EmpowerID also categorizes external users to allow their access to be reviewed and analyzed separately. Furthermore, risk-based Separation of Duties policies also allows you to define toxic combinations of access so they can be detected and remediated, if discovered.
Orchestration Pack – Entitlement Sync and Workflows
The Orchestration Pack for ServiceNow enables ServiceNow process designers to embed EmpowerID capabilities within their ServiceNow business processes. Such capabilities include workflow activities, web services, and example workflows.
For example, EmpowerID includes a job that synchronizes and maintains an up to date list of requestable groups and roles from the EmpowerID Identity Warehouse to custom tables in your ServiceNow tenants.
Embedding EmpowerID workflow activities in your ServiceNow workflows permits users to request access to entitlements in any EmpowerID connected system from the already familiar ServiceNow Service Catalog.
Example workflows can be used in several ways. First, employee onboarding, group access requests, and role access requests can be used by you in your production environments, as-is. Second, and this is important to note, is that all workflows are fully customizable. With zero restrictions on modifications, these can all be leveraged by ServiceNow process designers in both your existing and future workflows.
AI Powered Chat Bot Virtual Assistant
The chat bot permits users to perform self-service automation of any IT task through an intelligent chat bot virtual assistant.
The EmpowerID chat bot enables users to perform secure self-service at any time using their preferred communication channel (SMS, Teams, web, mobile, ServiceNow portal, etc.).
Behind the scenes, the chat bot interacts with EmpowerID’s visually designed workflows to securely automate Identity Governance, and Administration (IGA) processes that interact with your Cloud and on-premise applications and systems.
Self-service tasks that users can perform include:
- Self-service forgotten password reset and unlock
- Application and group access requests
- SAP role access requests
- Privileged credential check-out and check-in
- Vaulting personal or shared credentials
- Mobile login to SSO applications
- Expose any additional workflows to end users through the chat bot