We’re releasing our first Centrify Privilege Service app for ServiceNow. It’s a clean, simple integration that allows authorized IT admins to ask for access to password checkouts and remote sessions managed by Privilege Service, all from within the familiar ServiceNow user interface.
All you need to make this work for your organization is (a) Centrify Privilege Service and (b) your ServiceNow ITSM portal. Our new Privileged Access Request app for ServiceNow is free, so there’s no need for additional budget to connect these two services and start taking advantage of the app’s functionality.
Here’s how it works.
- Configure your Privilege Service and ServiceNow tenants to securely authenticate and work with each other. (We have a great configuration guide and Support team for this.)
- Tell ServiceNow which users you want in the approvals group for the ServiceNow request approval workflow.
- Tell Privilege Service which users you want to be able to ask for access to resources and accounts.
- Your IT admins simply load the (free) Centrify Privileged Access Request app from the ServiceNow Service Catalog into their ServiceNow work space.
From there, your IT admins can ask for approval to checkout a privileged account password, or launch a remote management session using a shared account, entirely from within ServiceNow. They’re required to include a reason for the request, which is logged in ServiceNow and forwarded to the approvals group.
Requesting access to an account password from ServiceNow
The ServiceNow workflow engine runs the approval cycle. The approvals group in ServiceNow is notified that they have a request to process. They approve (or deny) access from within the ServiceNow interface. The approvals group can grant temporary access (the default) or give the admin permanent access to the account in Privilege Service.
The approvals group in ServiceNow approves or denies the request
When a request is approved, the admin gets notification within their ServiceNow work space and an automated e-mail.
The e-mail includes a link that takes the admin directly into the Privilege Service password checkout screen.
The admin checks out the password from Privilege Service
This works exactly the same way for request, approval, and access to remote management sessions using shared accounts.
There are options for automatic approval if the admin already has permanent access to the account in Privilege Service, or if you want to grant a user automatic access to all accounts (but still logging everything the user asks for).
Of course, the request and approval process is fully logged by ServiceNow, and checkouts and remote sessions are logged by Privilege Service. And, you can optionally add session monitoring in Privilege Service to capture video of everything your admins do in these sessions.
If you’re a ServiceNow customer, or you’re thinking about ServiceNow for your ITSM needs, check out our new integration for Privilege Service. You’ll find it in the ServiceNow Service Catalog. Just search for the new Privileged Access Request app from Centrify.