How to synchronize Active Directory passwords with ServiceNow using ADSelfService Plus

Solution

ServiceNow provides cloud-based IT Service Management (ITSM) software that comes bundled with user self-service options to meet the various needs of enterprises.

With the help of ADSelfService Plus's Real-time Password Synchronizer, users can now log in to their ServiceNow accounts with their Active Directory passwords. This will enable users to use the same set of credentials across both the platforms, thereby eliminating the need to remember multiple passwords.

Prerequisites:

You will need a ServiceNow user account that has read and write privileges assigned to both sys_user.user_password and sys_user.locked_out. If not, those privileges can be configured manually.

Configuration Steps:

• Login to the ADSelfService Plus web console with admin credentials.
• Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application.
• A list of applications supported by ADSelfService Plus are displayed. Click on ServiceNow. (Alternatively, you can search for ServiceNow using the search bar provided.) The configuration page of ServiceNow is displayed.

  

• Enter the Application Name.
• In the Instance Name field, enter the instance URL of the ServiceNow account.
• Select the desired policy from the Assign Policies drop-down list.
  Note: Password synchronization will only be enabled for users who are part of the selected policy.
• Check the box next to Enable Password Sync.
• Type the Username and Password of a ServiceNow account that has sufficient privilege to reset passwords and unlock accounts.
• Click Add Application.

  

Assigning privileges to ServiceNow account to reset password: 

• Login to the ServiceNow web-console with admin credentials.
• From the System Administrator drop-down menu, select Elevate Roles.

  

• Select the security_admin checkbox and click OK.

  

• Now select the Access Control tab from the System Security module.

  

• In the Search field of the Name module, type sys_user.user_password. From the list displayed, select the sys_user.user_password field with read operation.

  

• Click Insert a new row to add a new role. Click Update.

  

• Back in the Search list, select the sys_user.user_password field with write operation. Add a new role by selecting Insert a new row and Update the changes.

Assigning privileges to ServiceNow account to unlock account:

• In the Search field of the Name module, type sys_user.locked_out. From the list displayed, select the sys_user.locked_out field with read operation. Add a new role by selecting Insert a new row and Update the changes.
• Back in the Search list, select the  sys_user.locked_out field with write operation. Add a new role by selecting Insert a new row and Update the changes.

  Note: If you are using ServiceNow-Kingston please add user_admin role to the user.

Like this tip? Get the most of ADSelfService Plus by checking out more tips and tricks here.