Automate provisioning and entitle users in three minutes with Integration Hub Spokes

CCB1119-K22

## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 [MUSIC PLAYING] Hello, everyone. Today we'll be talking about automating provisioning and entitling users in three minutes using integration hub spokes. So to start off with the introduction, I am myself, Ishaan Shoor. I'm a senior technical consultant working with a ServiceNow partner, Thirdera And my primary function is ServiceNow development and consultation. I've got around four years of experience in ServiceNow and seven years experience in software development and IT. My favorite part of ServiceNow is working with integrations, orchestrations, custom applications. And that is why we are here. So again, the topic relates to integration of our Flow Designer. So in today's agenda we'll be covering the following topics. We'll be going through the overview, process flow diagram, use cases, benefits, key highlights, and demo. So I'll start off with the overview. So overview-- we, as every organization, uses Active Directory and Azure AD. but the provisioning in the Active Directory and Azure AD is pretty much limited to provisioning of the users or de-provisioning of the users. But there are a lot of other activities that take place around this, which is giving users access to a particular group, a particular application, having some shared mailboxes, some distribution list, and updating some user details-- might be a phone number, might be a second name, first name. It can be anything-- or just starting an email alias to a user. So a lot of other activities are involved, but they are all manual activities that the team do while the-- they get a request, and they get those requests as a manual-- using manual intervention. So using ServiceNow platform, we can automate all these tasks. And we can fully cater these identity management requests. So this automation can be done in two ways again. So the first one is having a third-party software and ServiceNow as a middleware and having connections with AD, Active Directory, and Azure Active Directory and leveraging the integration of spokes and the Flow Designer. The second one can be where we don't have a third-party tool, and we go to the Forms Automation. So, we'll be covering Forms Automation in this demo, as I don't have a third-party tool with myself. So this is a process flow diagram. This pretty much covers all the use cases that we were discussing in the last slide. So as you can see here, there can be some third-party systems involved in this process, where we have got a third-party system, like Workday, SuccessFactors, which generate an event and create a request in the Microsoft product. And again, Microsoft is Active Directory and Azure Active Directory. And from these, the request goes further down to ServiceNow. And then we have got some capabilities to enrich the accounts through ServiceNow, add the users to a particular group, or we can also notify the account details to the manager. So this is one process. And the second one is we don't need the Microsoft works in the middle. So we can also have a direct connection with the third-party tools and ServiceNow. And then we can go around with the enrichment of the user accounts, adding the users to the group, and a number of use cases that we have there. And there's a third step, where we don't have a third-party tool. We don't have any requests coming in through the Microsoft products. We have got ServiceNow just acting by itself, where we can use the service catalog, the ServiceNow forms. We can automate those forms to fulfill these active user account requests or updating some user account, adding users to group, application access, remote network access, employee onboarding/offboarding. So this is where ServiceNow comes into the picture. And we have got all the capabilities to pretty much get a lot of flavors of employee profiles sorted just by using ServiceNow automation. So this pretty much wraps up the process flow diagram. I'll move over to the next slide. Again, I've been [INAUDIBLE] it all over. So for some possible use cases that we have here is updating my cell phone number, updating group membership, user account creation, creating a new shared mailbox, creating a distribution list, rehiring an employee, offboarding an employee. And there can be plenty of use cases that we have here. Now, some of the benefits that we have realized over time-- so I have worked with a lot of similar projects. And plenty of clients are moving towards the ServiceNow or are involving ServiceNow automation in their onboarding/offboarding and user update requests. So basically they are doing this to reduce the manual intervention and fully cater the identity management requests. So what happens when this manual intervention is removed? So in turn they also remove the errors, so reduce errors in processing. Also, dependencies are removed of in-house legacy automation scripts. So these scripts are basically which the AD team or the Exchange team or Active Directory team is having in their systems. So those dependencies are also removed. After all this, the biggest factor is a quick turnaround time. So we'll be coming to that. I'll be circling back to that later in the slides. But the turnaround time is the biggest change that we have here-- reducing the errors, no manual intervention, and also a quick turnaround time. Moving on to some key highlights-- OK. So some of the key highlights here, a number of employee profiles can be digitized. So, as we have got, we can create a user account. We can add users to the group. So many times we just, if we want to give a user access to an application, maybe Workday, we are creating an HR profile. We can simply add that user into the Workday group, and other automation will take place around it. And we have set up a HR profile. And similarly, we can set up a service desk profile, where we are adding user to a service desk group in the Azure AD. So there are a number of levels that we can set up using the ServiceNow platform. And a request form can be configured and automated. And again, this all can be done through the service request form that we have been using all around, all the time. And the design is future proof, configuration friendly, and robust. So why this is the case? Because ServiceNow is highly moving towards Flow Designer. It's promoting Flow Designer and the use of it because it's easy to use, it's user friendly, and in terms of the debugging of the logs and everything are pretty straightforward, if you can just read and see what they show is. And every six months, we are getting an upgrade for ServiceNow, which is again a plus point. We don't have to worry about anything. So there is no technical depth. So if we are having some kind of custom integration, it is on us improving and maintaining the code. But here we don't have to worry about it. So automatically everything is getting upgraded. It's getting better every day. And the biggest point that we have here is the average fulfillment time. As I was just speaking in the last slide, it gets reduced to around three minutes from around 24 hours. And again, these 24 hours can be even more so, if we have got some approvals and they are just sitting there to be approved. And once they are approved, they might take a couple of more days to fulfill those requests. So in those terms, this time can be even more. But when we are using this automation, once the request is approved it just goes in and it's done within a few minutes. So this is a drastic change. And also, the return on investment on this one-- like, if you are having a manual employee sitting there fulfilling these requests, you can get a big turnaround, maybe save a-- so one of our clients had emailed me that they were saving of a full-time employee using this automation. So they were saving a lot on that one. So these are some of the key highlights. And where this can be applied to? So this can be applied to HR systems, as we have already seen in the process flow diagram, some HR systems where we want to automate the identity management requests and also streamline the requests by removing manual intervention errors and unstructured time-consuming processes, also customers who want to transform manual processes into self-service forms automated by ServiceNow workflows. So these are some of the places it can be applied. So before we go off to the demo, we have got some prerequisites that we need for this automation to happen. So first of all, we need a ServiceNow instance with the Integration Hub subscription. The second thing that we need on the instance is we need to install a Microsoft Azure Active Directory Spoke. Again, this can be different for different use cases. But the demo that we are going through today, we'll be using the Azure Active Directory Spoke. And also we need access to the Azure Portal and also the credentials to build a connection between ServiceNow and Azure. So I have got my ServiceNow instance with me. And I have already sorted out the connection between the Azure Portal and ServiceNow. So that's all good. So what I'll be doing the first thing, I will be raising a request for a new user account. And this user account is a fully automated form that we have. And once this form is submitted, it will go ahead and create a user for which we are requesting in the Azure Active Directory. So let's start off. No problem. Now look for-- we'll put 567. And we don't need to worry about the comments. We need to press Submit. So now, once this request is submitted, if I click on it, and as you can see, just within a minute it has actually gone to complete. So if I go to Azure and go to the users, we do have that user created here. So Tom Molly-- and we have got the job title. We also do have the phone number that we have entered. And that's how quick it is. And also, I have got the user provisioning setup from Azure to ServiceNow again. So I think every 30 minutes the users are synced back to ServiceNow. So all the new users that come in are also going back to ServiceNow at the users. So we are also provisioning a ServiceNow application for those users. Now, if I go to the back and backend of this one and check with the executions, so this is the flow that was executed in the catalog item was requested. We updated the record. And Work notes has request-- work in progress. We get catalog variables. So this is a custom action that I've created. I'm building out the account name and password for the user using this. So it's a basic script action that we have, which takes the first name and the last name of the user and generates an account name with first letter and the last name of the user and also gives out a generated password text. Now, once I've got this, I'm again updating the record with the account name-- the requested item record with the account name of the user that we get out of that action. [INAUDIBLE] the next action that I'm executing is create a user. So I am almost setting every attribute that's required for the user. So I'm setting the account enable to True so that the account is enabled for the user, and he is able to log in. So display name is set up through the catalog item, first name, last name, user IDs. We have got it from the previous step [INAUDIBLE].. So this is a servicewow.onmicrosoft.com. So this is my application on the Azure. And we have also got the email alias as Tom Molly. And we've also got the password. So we are also changing force change password for the user. We can set it to False as well. And we also got the other attributes, given name, surname. We've got the phone number, job title. We can set a lot of other attributes, but for this demo I've just used some of them. And once it has success, it gives out a user ID as the output. Now, once this is done, I'm also sending out an email to the manager, so Adam Haro. I'm sending out this email. If I go to the email logs, we should be able to see that there. OK. Let's look. I'll go back to the email in a bit. And, yep. At the end I am marking the request as complete. OK. Yep. So we have got the email there. So, Hi Adam. The account details of the new user request, RITM-- full name this, network account name, and username, and the password. And the manager can, further down, share these credentials with the user to log in. And, yep, post that, we are just marked the request as complete. So once this is completed, it's all good. We're done. We're done within, I think, less than three minutes or so. It was completed. And just in case if something goes wrong, I am also having a error handler, where I'm creating an incident and assigning it to a team, to action, just in case if anything goes wrong, to look at the logs and see what has gone wrong. And they can reticket the flow or the request for that particular user. And, yep, I think that's quite magic. And also just one more thing-- this was just a create user. Again, if I search my Azure, we have got around 39 actions with us. We can look up user stream. We can add users to group, reset user password, disable user, and delete a user, and also update a user, create a user, enable a user. So there are a number of use cases that we can get at. So it's just a small thing that I showed you. But there are a lot of possibilities around this. Thank you, everyone. Thank you for your time. If there are any questions, do reach out to me or my email address, LinkedIn, Twitter, SN Devs, Slack. And Flow Designer is the way to be. So I have been using it since 2018, and I think it's just awesome. And there are a lot of other spokes that we have outside of this use case, Azure AD and Active Directory, that can just do brilliant stuff. And it can be done in hours. So that's also an amazing thing. And thank you. [MUSIC PLAYING]