Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Page Contents
Table of Contents | ||
---|---|---|
|
Live Search spaceKey ZenGRCOnboardingGuide additional none placeholder Search our site type page
Overview
The first step in integrating the ServiceNow connector requires the installation of includes installing an application in the ServiceNow environment.
Installing the “ZenGRC Request”There are three necessary actions for the installation that are outlined in this documentation. They include the following:
Adding the ZenGRC Request Table to the ServiceNow Database.
Configuring the ZenGRC Request Application in ServiceNow
These sections describe how to install and configure that application.
Add the “ZenGRC Request”.
- Configuring a service-level API account for ZenGRC to access ServiceNow.
Adding the ZenGRC Request Table to the ServiceNow Database
Add a new table, called ZenGRC Request, to the ServiceNow database by completing the following steps.
- Log into ServiceNow.
In the left-hand menu, click Scripts - Background. It may be easier to find by using the Filter navigator as shown below:
Copy and paste the following script into the Run Script (Javascript executed on server) field in ServiceNow and click Run Script.
Code Block language js linenumbers true // Version 0.4 // Copy and paste into ServiceNow var table_name = 'zengrc_requests', extends_table = 'task', auditId = 'audit_id', auditTitle = 'audit_title'; var attrs = new Packages.java.util.HashMap(); // Audit ID var ai = new GlideColumnAttributes(auditId); ai.setType("string"); ai.setUsePrefix(false); attrs.put(auditId, ai); // Audit Title var at = new GlideColumnAttributes(auditTitle); at.setType("string"); at.setUsePrefix(false); attrs.put(auditTitle, at); var tc = new GlideTableCreator(table_name , table_name); tc.setColumnAttributes(attrs); if(typeof extends_table != 'undefined') tc.setExtends(extends_table); tc.update(); // Create Customs ZenGRC states var newCh = new GlideRecord('sys_choice'); newCh.newRecord(); newCh.name = 'zengrc_requests'; newCh.element = 'state'; newCh.label = 'Pending'; newCh.value = 10; newCh.insert(); newCh.label = 'Work in Progress'; newCh.value = 20; newCh.insert(); newCh.label = 'Closed Complete'; newCh.value = 30; newCh.insert();
Configuring the
“ZenGRC Request”ZenGRC Application in ServiceNow
Next, tailor the look-and-feel of the ZenGRC Request application in ServiceNow (e.g. the task card view, the left-hand-side link, the unique numbering schema, etc.) by adding configuration elements as follows:
- Download this XML for ServiceNow and place it in a memorable place on your computer.
In ServiceNow, navigate to click Update Sets to Commit in the left-hand menu.
Click Import Update Set from XML.
Image Removed
Image Added- In Step 1, click Choose File and select the XML file you saved in the first step of these instructions.
- In Step 2, click Upload. A new row, called ZenGRC, is added for the update set.
- Click the ZenGRC link in the Name column.
Image Removed
Image Added - Click Preview Update Set.
Image Removed
Image Added - When the update is complete, click Close to close the dialog box.
- Click Commit Update Set.
Image Removed
Setting Up the ServiceNow Connector in ZenGRC
If you’re using you own instance of ZenGRC for the demo, you’ll need to set up the integration between your ZenGRC instance and ServiceNow. If you’re using the internal ZenGRC demo instance menitoned above, you can skip this section.
Demo Script and Recording: Creating and Managing a ServiceNow-Managed Audit
This demo recording and the step-by-step script that follows will show you how to navigate through the end-user experience. This recording should be usefult to documentation and training teams for building content as well as for sales enablement since it shows where to click and what to call out.
Before starting this portion of the demo, make sure you’re already logged into ServiceNow using the access information above so that the navigation from ZenGRC to ServiceNow is seamless and so that you aren't fishing for ServiceNow access credentials in the middle of the demo.
Introductory Comments:
We’re going to start the demo from the point of creating. anew ServiceNow-managed audit, but before we do that I want to provide a little background on the setup that happens before this point.
We provide our own ServiceNow application as part of the integration. Your ServiceNow administrator runs a script to add a new object table to ServiceNow and then applies a configuration XML file that adds the look-and-feel elements.
On the ZenGRC side, it’s as simple as entering your ServiceLevel username and password in the connector settings page, or you can also use Auth0 to establish the connection.
Some of the high-level features that we’ll touch on include:
Creating a ServiceNow-Managed Audit
Log into ZenGRC and launch the Audit Setup Wizard by clicking New => Audit
Fill out the Audit Title
Normally we would specify a program here, but it's not necessary if you prefer to have all of your controls available for selection in Step 2
Select “Manged in ServiceNow”
Mention that the audit will be represented as a guided vi
sual task board in ServiceNow, and each request will be represented as a task on that VTB.
We’ll see how to add those requests when we get to step 3 of the Audit Setup Wizard
If you want to view comments and attachments added by ServiceNow users, make sure to select the toggles. If you don't turn them on now, you can turn them on later in the audit and all comments and attachments already submitted in ServiceNow will then be visible in ZenGRC.
Click Save
On the Scoping tab, select a few controls and map them into the audit. If you plan to show how control mappings can be specified from within the request import CSV, note that you’ll want to make sure the control IDs you select here are used to update the Mapped Controls column in the sample request CSV before you import it. We’ll see that in the next step of the wizard.
In step 3 of the wizard, we're going to import the requests. Note that the CSV template for importing ServiceNow requests differs from the standard CSV template used to import internal ZenGRC requests. You can access the ServiceNow-specific template from this screen by clicking “click here to download”
I’ve already prepared a CSV, so we’re going to browse to that file and upload it.
Note that I’ve specified some named ServiceNow users as assignees for some requests, while for other requests I've specified Assignment Groups. We support specifying eithr or both of these, but the corresponding user and assignment groups need to existing Service Now. Note also that while ServiceNow filters available assignees upon selection of an assignment group, we do not validate this on our side and so it must be specified correctly in the CSV
Note also that I have control mapping specified in this sample CSV. Prior to the demo, you’ll want to modify these to match the Control ID values of whatever controls you plan to scope into your audit in th previous steps.
Import the sheet and show how the requests have been correctly mapped to the controls. Also show that these mappings can be further modified from within the UI
In step 4, specify that we would like to perform control assessments.
In step 5, click Start Audit. The requests should now be visible within ServiceNow.
Before navigating to ServiceNow, show the Summary tab from within the audit dashboard view.
Mention here that by default the ZenGRC request application in ServiceNow provides these three default states, but that ServiceNow administrators can extend the ZenGRC Request application to have as many states as they like, and those state, as well as the counts of requests in each state, will be reflected appropriately in this screen.
While there is no way to modify the workflow states from within ZenGRC, ZenGRC users can submit comments to ServiceNow users in order to request additional documents, provide responses to clarification requests, etc. We’ll see more on the comment integration later in just a minute
Show the “Requests (in ServiceNow)” tab.
Mention that the request will automatically synchronize once every hour, but that you can always force a sync by clicking on “Click here to sync now”
We’ll return to this view shortly, but first, let’s go take a look at what we have in ServiceNow. We could navigate to any one of these reqiuests in ServiceNow by clicking the link, or we can navigate to the audit visual task board by clicking on Actions => Open in ServiceNow
Viewing and Updating Requests in ServiceNow
The “Open in ServiceNow” link should open a new browser tab take you into ServiceNow. You may need to enter the ServiceNow access information at the start of this document if you did not log into ServiceNow prior to the demo
The link should take you directly to the Visual Task Board that represents your audit. If for whatever reason it doesn’t, select “Visual Tak Board” from the left-hand nav in ServiceNow, and click on the VTB that has the same name as your audit.
The requests all appear in their initial state. For our example, we’ll more on to Work in Progress and one to Closed Complete.
Click on the one in Work in Progress to open it and make the following changes
Note that the state of the task record has updated based on the lane change. We’ll look for this same update in Zen
Additionally, I’m going to add (my update) to the end of the task name and the task description.
Add an attachment (you could just add the same CSV you used to import the requests if tahts what’s in your recent history)
Add a comment
NOTE: The ZenGRC Request application for ServiceNow should include comments in the task card view by default, but if for whatever reason you don’t see them there, click the task ID link at the top of the card to open a detailed view of the task.
Viewing Synchronized Changes in ZenGRC
Returning to the Audit Dashboard in ZenGRC, click on the Summary tab and show that the counts of requests by workflow state have been updated based on the lane changes.
Click on the “Requests (in ServiceNow) “ tab and click “Click here to Synchronize” (note that it’s possible for the summary counts on the prior tab to update even when the individual requests on the Requests (in ServiceNow) tab have not been updated.
Locate the “Work in Progress” request that we modified in ServiceNow and open it within Zen by clicking on the link n the “Title” column - that will open the ZenGRC version of the request, while clicking on the “Object URL” link will take you into ServiceNow
Note that the fields have updated appropriately and that the attachment and comments are visible from within ZenGRC.
While the attachment still resides only in ServiceNow, the integration allows the ZenGRC to download the attachment from here
Click on the comments tab and show that the comment is visible.
Responding to Comments from within ZenGRC
submit a comment back to ServiceNow. Mention here that since the ZernGRC user might nop have a user account in ServiceNow, we sign the comments using the service-level SNOW account, but we append the user’s name and email to the end of the comment so that you can see who actually submitted itConfiguring a Service-Level API Access in ServiceNow
Application Permissions
The ZenGRC application, whether authenticated via a ServiceNow user account or via 0auth2, requires the following minimum permissions:
Object / Table | Permission | Reason |
---|---|---|
/table/zengrc_requests | READ/WRITE | Access to where the requests will be stored |
/table/sys_user | READ | |
/table/vtb_board | READ/WRITE | To create the board |
/table/vtb_lane | READ | |
/table/vtb_card | READ | |
/attachment/ID/file | READ | To get attachments |
/table/sys_journal_field | READ/WRITE | Comments and work notes |
/table/sys_journal_field.* | READ/WRITE | To ensure permissions to access child variables |
Username/Password Option
Create a service-level account user in ServiceNow and note the username/password so that it can be entered into the ServiceNow connection settings screen in ZenGRC.
0auth2 Option
To utilize the OAuth2 option, a ServiceNow administrator needs to create an OAuth application endpoint for external client applications to access the ServiceNow instance. Please read the ServiceNow documentation Create an endpoint for clients to access the instance and note the generated token/secret for entry into the ZenGRC connection settings screen.
Info | ||
---|---|---|
| ||
Continue to Configuring ZenGRC with ServiceNow. |
Include Page | ||||
---|---|---|---|---|
|