VMware Cloud Community
draymond10
Enthusiast
Enthusiast
‎06-27-2017 12:37 PM

Submit vRA requests with a single service account through ServiceNow

Looking for a way for our ServiceNow users to make requests to the vRealize Catalog with a single service account instead of the user logged into SNOW/vRA.  We have a few clients that are developing business logic in the form of a standard ServiceNow Catalog request.  This standard request should be triggering a vRealize Catalog request while passing blueprint parameters.  At current state of the plugin, entitlements and requests revolve around the user who is logged in.  A majority of our integrations start with business logic sitting at the ServiceNow level.

Dave

Reply
5 Replies
kbhushan05
Enthusiast
Enthusiast
‎06-28-2017 02:39 AM

Which authentication mechanism is used in this scenario ? are you using any LDAP server either on both vRA/ServiceNow or on ServiceNow only and not vRA side?

If you are not using any LDAP server, plugin will redirect you  to vRA login page which allows user to enter different credentials for vRA than ServiceNow credentials. This means your vRA user is different than that of present logged-in service now user. There user can use Single Service account.

Plugin does not have much responsibility to Authenticate, It uses OAuth2 authentication mechanism and actual authentication is done by vRA or LDAP server.

if you are planning to do it from background  script by using 'script include' , then let me know, I will help in that direction.

Reply
0 Kudos
draymond10
Enthusiast
Enthusiast
‎06-28-2017 07:44 PM

We'd ideally like to do it in the background with a script include so any help is much appreciated.  We're looking for a seamless login process where the authentication will always be the service account.  We'll also have traditional ServiceNow workflows spawning tasks to submit vRealize Catalog requests, passing values, and ideally use the service account for authentication.

We currently have both situations

- where no LDAP is configured; vRA redirects; a service account can be used.

- SSO will be configured (Ping Federate)...are other SSO products on the roadmap for support as an alternative to ADFS 2?

Reply
0 Kudos
kbhushan05
Enthusiast
Enthusiast
‎06-29-2017 12:54 AM

Is it possible for you to have, LDAP (Ping Federate / ADFS 2.0 ) only for Authentication to ServiceNow and not for vRA. Means, vRA is no more configured to any ADFS/ Ping Federate server.

If above mentioned scenario is feasible in your case,  we can make sure that , Users who have vRA access can only see the vRA login page and other users will continue to use their normal ServiceNow account. If User is allowed to access vRA, that user will be displayed with vRA login where he/she can enter Service account credentials.

Reply
0 Kudos
kmenze
Contributor
Contributor
‎03-07-2018 09:28 AM

Was just curious if you ever made any progress on getting this to work with a single service account, as that would be the way we would prefer this to operate as well. 

Reply
0 Kudos
CalsoftTechie
Enthusiast
Enthusiast
‎03-28-2018 06:17 AM

No there is no decision yet on this topic to use single service Account.

Reply
0 Kudos