ServiceNow

Overview

IT Service Management (ITSM) is an important area of focus for many organizations. Organizations invested in ServiceNow as an ITSM provider will find that Morpheus integrates tightly with some of the most-used features. After integrating ServiceNow with Morpheus, both environments can be used interchangeably and the results are synced to both places. This guide walks administrators through the process of integrating ServiceNow with Morpheus and how Morpheus can be used to effectively leverage the best of ServiceNow.

Tip

The ServiceNow integration guide is also available as a PDF download, which includes additional example use cases and screenshots.

Add ServiceNow Integration

  1. Navigate to Administration > Integrations

  2. Select + NEW INTEGRATION

  3. Select “ServiceNow” from the dropdown list

  4. Add the following:

    NAME

    A friendly name to describe the ServiceNow integration in Morpheus.

    ENABLED

    Check “Enabled” to allow consumption of this ServiceNow integration in Morpheus.

    SERVICENOW HOST

    URL of the ServiceNow instance (ex: https://your.instance.service-now.com), keep in mind you can create multiple ServiceNow integrations in Morpheus if needed.

    API PROXY

    If necessary, select a configured proxy (Infrastructure > Network > Proxies) to route traffic through to the ServiceNow API. If a proxy is not configured here, ServiceNow API traffic will be routed through the global proxy if one is configured on the appliance.

    CREDENTIALS

    Supply credentials for a user in ServiceNow that is able to access the REST interface and create/update/delete incidents, requests, requested items, item options, catalog items, workflows, etc. The list of necessary roles includes x_moda_morpheus_ca.integration (available if the Morpheus ServiceNow plugin is installed from the ServiceNow Store), catalog_admin, itil, rest_service, web_service_admin and import_transformer.

    Morpheus supports simple and OAuth 2.0 authentication with ServiceNow. See the next section for additional details on configuring the ServiceNow appliance for OAuth 2.0 authentication if you intend to use it. When supplying credentials to Morpheus users may opt to integrate with a saved set of username and password credentials, a saved set of OAuth 2.0 credentials, a new set of username and password credentials (not saved), or a new set of credentials (OAuth 2.0 or username/password) which will also be saved to the Morpheus credential store for later use. Once the credential type is selected, the fields in the modal will adjust to correspond to the chosen credential type. Once again, see the next section for more details on configuring OAuth 2.0 authentication.

    CMDB CUSTOM MAPPING

    If needed, administrators can opt to populate a specific field in the ServiceNow table and such mapping is identified here with a JSON code snippet. Below is an example that populates the object_id field in the CM database with the Morpheus instance name and two other field examples:

    {
    "object_id":"<%=instance.name%>",
    "SN_field_id2":"<%=morph.varname2%>",
    "SN_field_id3":"<%=morph.varname3%>"
    }
    
    CMDB CLASS MAPPING

    Define the mapping between Morpheus server types and ServiceNow CI classes. Select a Morpheus server type from the dropdown menu and a new field will appear in the list. Enter a ServiceNow CI class into the text field to create the association

    CMDB BUSINESS OBJECT

    Allows the user to define the table CMDB records are written to if they prefer this over Morpheus default. By default, Morpheus writes to the cmdb_ci_vm_instance table.

  5. Save Changes

Important

Morpheus supports integration with single-domain and multi-domain ServiceNow appliances. In multi-domain installations, a selected ServiceNow company can be mapped to a selected Morpheus Tenant for purposes of exposing Morpheus Library items only to users within a certain company. In this configuration, ServiceNow integrations should be added in each relevant Morpheus Tenant. Further setup steps for exposing Morpheus library items to ServiceNow are included in a later section below.

Configuring ServiceNow for OAuth 2.0 Authentication

Before configuring Morpheus to use OAuth 2.0 authentication with ServiceNow, ensure your ServiceNow appliance is configured correctly. OAuth must be set up and activated, you must also create a new endpoint for the client. See the following relevant parts of ServiceNow documentation to properly configure your appliance:

  1. Set up OAuth

  2. Create a new application endpoint for Morpheus to access the ServiceNow instance

With ServiceNow correctly configured, we can integrate ServiceNow using either a stored OAuth 2.0 credential set or we can create one on the fly during integration. When creating one on the fly Morpheus will save it as a stored credential set for later use. Whether storing one ahead (Infrastructure > Trust > Credentials) or storing one at integration time, configure your credentials as follows. Note that all fields are required for a ServiceNow Integration unless specifically mentioned otherwise:

Note

Some of the fields below may not be present if creating an OAuth credential set on the fly as opposed to the Infrastructure > Trust section of Morpheus.

  • CREDENTIAL STORE: Select “Internal” or (if present) an external Cypher store

  • NAME: A name for the stored credential set in Morpheus

  • DESCRIPTION: An optional description for the credential set

  • ENABLED: If enabled, this credential set will be selectable for creating various integrations in Morpheus

  • GRANT TYPE: Use “Password Credentials”

  • ACCESS TOKEN URL: Should be the appliance domain with the path of “/oauth_token.do”. For example, “https://mydomain.service-now.com/oauth_token.do

  • CLIENT ID: The client ID (potentially auto-generated) set when the endpoint was created in ServiceNow

  • CLIENT SECRET: The client secret set when the endpoint was created in ServiceNow

  • USERNAME: The username for a ServiceNow service account, note the required permissions this user must have in the section above

  • PASSWORD: The password for the ServiceNow account

  • SCOPE: Left empty

  • CLIENT AUTHENTICATION: Use “Send client credentials in body”

If storing these credentials for later use, click ADD CREDENTIALS. If creating this credential set on the fly at the time of integration, complete the rest of the new integration modal as discussed in the prior section.

../../_images/oauthcreds.png

ServiceNow Configuration Management Database (CMDB)

ServiceNow CMDB is central to maintaining a complete record of IT infrastructure at many organizations. The Morpheus ServiceNow integration can create and update configuration item (CIs) records as new services are provisioned or existing services are reconfigured. Once a ServiceNow integration is set as the CMDB for a Cloud or Group, CI records are created and managed by Morpheus.

Setting a CMDB on a Group

When adding or editing a Morpheus Group, any active ServiceNow integration can be set as the CMDB.

  1. Navigate to Infrastructure > Groups

  2. Select an existing Group name from the list

  3. Click EDIT

  4. Under “Advanced Options”, select an active ServiceNow integration from the CMDB dropdown menu

  5. If desired, select “CMDB DISCOVERY” to create CMDB CI records for discovered (unmanaged) servers that Morpheus automatically onboards to this Group

This setting is also available when creating a Group. Rather than selecting an existing Group in step two above, click + CREATE to make a new Group.

Setting a CMDB on a Cloud

When adding or editing a Morpheus Cloud, any active ServiceNow integration can be set as the CMDB.

  1. Navigate to Infrastructure > Clouds

  2. Select an existing Cloud name from the list

  3. Click EDIT

  4. Under “Advanced Options”, select an active ServiceNow integration from the CMDB dropdown menu

  5. If desired, select “CMDB DISCOVERY” to create CMDB CI records for discovered (unmanaged) servers that Morpheus automatically onboards to this Cloud

This setting is also available when creating a Cloud. Rather than selecting an existing Cloud in step two above, click + ADD to make a new Cloud.

Provisioning and CI Records

With a ServiceNow instance integrated with Morpheus and the instance set as the CMDB for a Morpheus Group or Cloud, we will see CI records created as new resources are provisioned to the Cloud or Group in Morpheus. After the provisioning process has completed, a CI record should exist with a name value equal to the Instance name in Morpheus.

Provisioned and active Instances in Morpheus will have CI records with an “On” state in ServiceNow. After they are deleted in Morpheus, the state value will be rolled to “Terminated” in ServiceNow as expected.

Morpheus will also populate a number of additional fields in ServiceNow including IP address, FQDN and more. Custom views can be created in ServiceNow to expose these fields.

ServiceNow Approval Policies

Morpheus offers its own approval engine out of the box, but some organizations prefer ServiceNow to be their final approval authority. With a ServiceNow instance integrated with Morpheus, administrators can create provision approval policies and tie them to an active ServiceNow integration. With the policy in place, any new provisioning within the policy scope (Global, Group, Cloud, User, or Role) is sent to ServiceNow for approval before provisioning will go ahead in Morpheus. Approvals are synced between the two applications every minute.

Add ServiceNow Provision Approval Policy to a Cloud

Note

Any Instance provisioned into a Cloud with an approval policy enabled will not proceed without the required approval.

To add a ServiceNow Approval policy to a Cloud:

  1. Navigate to Infrastructure > Clouds

  2. Select a Cloud by clicking on the desired Cloud name link

  3. Select the POLICIES tab

  4. Click + ADD POLICY

  5. Select Provision Approval from the type dropdown

  6. Optionally enter a description for the Policy

  7. Configure the following:

    APPROVAL INTEGRATION

    Select the ServiceNow Integration already configured in Administration > Integrations to use for the approval policy.

    WORKFLOW

    Select the ServiceNow workflow for the approval in ServiceNow (if desired). These workflows are configured and synced in from the ServiceNow Integration.

    TENANTS (if applicable)

    Only required for multi-tenant permission scoping. For the policy to apply to a Subtenant, type the name of the tenant(s) and select the Tenant(s) from the typeahead list.

  8. Save Changes

Add ServiceNow Provision Approval Policy to a Group

Note

Any Instance provisioned into a Group with an approval policy enabled will not proceed without the required approval.

To add a ServiceNow Approval policy to a Group:

  1. Navigate to Infrastructure > Groups

  2. Select a Group by clicking on the Group name

  3. Select the POLICIES tab

  4. Click + ADD POLICY

  5. Select Provision Approval

  6. Optionally enter a description for the Policy

  7. Configure the following:

    APPROVAL INTEGRATION

    Select the ServiceNow Integration already configured in Administration > Integrations to use for the approval policy.

    WORKFLOW

    Select the ServiceNow workflow for the approval in ServiceNow (if desired). These workflows are configured and synced in from the ServiceNow Integration.

    TENANTS (if applicable)

    Only required for multi-tenant permission scoping. For the policy to apply to a Subtenant, type the name of the tenant(s) and select the Tenant(s) from the typeahead list.

  8. Save Changes

Using ServiceNow Approval Policies

Any Instance provisioned into a Cloud or Group with an approval policy enabled will be in a PENDING state until the request is approved.

Instances pending a ServiceNow approval will show “Waiting for Approval” with the Requested Item number and Request number, ex: Waiting for Approval [RITM0010002 - REQ0010002].

ServiceNow approval requests are displayed in Operations > Approvals. Instances pending a ServiceNow approval must be approved in ServiceNow for provisioning to initiate. Approval requests from a ServiceNow approval policy cannot be approved in Morpheus, only approvals originating from Morpheus.

ServiceNow approval requests are displayed in Morpheus under Operations > Approvals. Pending ServiceNow approval requests can be cancelled in Morpheus by selecting the request and then selecting ACTIONS > Cancel.

Once a pending ServiceNow approval request is approved in ServiceNow, the Instance(s) will begin to provision in Morpheus within one minute of being approved in ServiceNow.

ServiceNow Monitoring Integration Settings

Note

A ServiceNow integration must be already configured in Administration > Integrations to enable ServiceNow monitoring.

The ServiceNow monitoring integration is enabled and configured in Administration > Settings > Monitoring. As long as the “Enabled” switch is activated, Morpheus will report monitoring data to ServiceNow. Configuration selections are described below:

Enabled

Enables the ServiceNow monitoring integration

Integration

Select from an existing ServiceNow integration in |AdmInt|

New Incident Action

The ServiceNow action to take when a Morpheus incident is created

Close Incident Action

The Service Now action to take when a Morpheus incident is closed

Incident Severity Mapping

Morpheus Severity

ServiceNow Impact

Info

Low/Medium/High

Warning

Low/Medium/High

Critical

Low/Medium/High

Once finished working with configuration, click APPLY

../../_images/3monitoringConfig.png

ServiceNow Service Catalog Integration

In addition to integrating with key ServiceNow features, Morpheus offers a free plugin directly from the ServiceNow Store. Once the plugin is installed, Morpheus Self-Service Catalog Items can be presented as provisioning options in the ServiceNow catalog for ordering.

Note

Surfacing Catalog Items made with Forms to ServiceNow is not yet supported. If planning to use ServiceNow to order Catalog Items you should not use Forms on any Catalog Items until it is supported.

The Morpheus plugin supports integration with ServiceNow whether it’s configured for a single tenant or for multiple domains. When both Morpheus and ServiceNow are configured for multiple Tenants, we can create ServiceNow integrations in any relevant Morpheus Tenant and map those to specific companies in ServiceNow. Any exposed library items would only be shared with users in the relevant ServiceNow company. The Morpheus plugin will automatically detect whether the ServiceNow Domain Support–Domain Extensions Installer plugin has been installed and respond accordingly. Additionally, the User Criteria Scoped API plugin must also be enabled on the ServiceNow instance for multi-tenant use.

Depending on the scenario, setup steps for the Morpheus plugin will be slightly different. Setup steps for both single and domain-separated ServiceNow environments are included below.

Important

A valid SSL Certificate is required on the Morpheus Appliance for the ServiceNow plugin to be able to communicate with the appliance.

Important

As described below, the Morpheus ServiceNow plugin requires the use of a Morpheus service account to integrate back with the Morpheus appliance. Some symbol characters, specifically “%” and “&” are valid for use in Morpheus account passwords but aren’t passed correctly when ServiceNow makes its API calls to Morpheus. It is best not to use these characters in the password for Morpheus accounts which may be used in the ServiceNow plugin to interface back with Morpheus. Authentication errors will occur and the plugin will not work. This is a ServiceNow issue which Morpheus has no control over.

Single-Domain ServiceNow Configuration

  1. Install the Morpheus plugin from the ServiceNow store, refer to the Morpheus Data plugin for ServiceNow installation instructions for additional help with the installation steps

  2. Navigate to Morpheus Catalog > Properties

  3. Set the following properties:

    MID Server

    If desired, specify the name of an existing MID server

    Morpheus Appliance Endpoint

    The full URL to your Morpheus appliance

    Username

    Morpheus user that the plugin will connect as to the Morpheus API

    Password

    Password to the above Morpheus account

    Morpheus Manage Workflows?

    Indicate whether Morpheus should manage workflows. If this option is checked, Morpheus will overwrite the workflow and set it to “Morpheus (Internal) Catalog Item Provision Instance” on sync

Important

The Morpheus service account integrated with the plugin interacts with the Morpheus appliance through Morpheus API and must have the appropriate Role permissions to complete all provisioning requests from the ServiceNow plugin. Often it’s easiest to make a service account with full administrator rights to avoid failed provisioning. If you’d prefer to create a minimal service account for security reasons, ensure the Role for the service account User has the following permissions:

  • Personas: Standard: Full

  • Personas: Service Catalog: Full

  • Features: Provisioning: Instances: Full

  • Features: Provisioning: Apps: Full

  • Groups: Full rights to all Groups containing Clouds you will expose to ServiceNow

  • Instance Types: Full rights to all Instance Types you will expose to ServiceNow

  • Blueprints: Full rights to all Blueprints you will expose to ServiceNow

  • Catalog Item Types: Full rights to all Catalog Item Types you will expose to ServiceNow

Users created from SAML Identity Sources cannot authenticate with the Morpheus API and cannot be used for the ServiceNow plugin.

../../_images/4servicenowProperties.png

Multi-Domain ServiceNow Configuration

  1. Install the Morpheus plugin from the ServiceNow store, refer to the Morpheus Data plugin for ServiceNow installation instructions for additional help with the installation steps

  2. Navigate to Morpheus Catalog > Multi-Tenant Credentials

  3. Set the following properties:

    Morpheus Appliance Endpoint

    The full URL to your Morpheus appliance

    Morpheus Tenant ID

    The integer database ID for the selected Tenant

    Username

    Morpheus user that the plugin will connect as to the Morpheus API. This user must exist within the Morpheus Tenant being linked to the chosen ServiceNow company

    Password

    The password for the above user

    ServiceNow Company

    Select a company from the list to link with the Tenant whose ID was entered above

    MID Server

    If desired, specify the name of an existing MID server. Note that configuring a multi-domain MID server requires the glide.ecc.enable_multidomain_mid property in sys_properties.list be set to true prior to creating the MID server in the global domain. This allows the MID server to explore any domain for which it has the credentials. The ServiceNow user (which the MID server authenticates with) must be in the global domain as well. For more, see this section of ServiceNow documentation.

    Morpheus Manage Workflows?

    Indicate whether Morpheus should manage workflows. If this option is checked, Morpheus will overwrite the workflow and set it to “Morpheus (Internal) Catalog Item Provision Instance” on sync

Important

The Morpheus service account integrated with the plugin interacts with the Morpheus appliance through Morpheus API and must have the appropriate Role permissions to complete all provisioning requests from the ServiceNow plugin. Often it’s easiest to make a service account with full administrator rights to avoid failed provisioning. If you’d prefer to create a minimal service account for security reasons, ensure the Role for the service account User has the following permissions:

  • Personas: Standard: Full

  • Personas: Service Catalog: Full

  • Features: Provisioning: Instances: Full

  • Features: Provisioning: Apps: Full

  • Groups: Full rights to all Groups containing Clouds you will expose to ServiceNow

  • Instance Types: Full rights to all Instance Types you will expose to ServiceNow

  • Blueprints: Full rights to all Blueprints you will expose to ServiceNow

  • Catalog Item Types: Full rights to all Catalog Item Types you will expose to ServiceNow

Users created from SAML Identity Sources cannot authenticate with the Morpheus API and cannot be used for the ServiceNow plugin.

Adding to ServiceNow Catalog

Once the ServiceNow plugin is installed and configured, Service Catalog items can be exposed to the ServiceNow catalog from Morpheus. Follow the guide below to expose Morpheus Clouds, Library Items, and Blueprints to users in the ServiceNow catalog.

  1. Navigate to Administration > Integrations

  2. Select the relevant ServiceNow integration

  3. Within the “EXPOSED CATALOG ITEMS” section is a list of currently-exposed Service Catalog items

  4. To expose a new item, click + ADD CATALOG ITEM

  5. Select an available item from the dropdown menu and click SAVE CHANGES

  6. Back in ServiceNow, access the Morpheus plugin from the Service Catalog

  7. Exposed Morpheus Service Catalog items are visible here for ServiceNow users with sufficient role permissions

../../_images/addCatalogItemNew.png