Mike Tierney
Hello and welcome to another episode of Better Ways We IGA: tips and tricks for getting the most out of ServiceNow native identity. I'm here today with Matt Salt, one of our senior solution consultants over in the UK. Good to see you, Matt.
Matthew Salt
Good to see you, Mike.
Mike Tierney
And you had a very specific topic that you wanted to talk about today and it had to do with creating crucial links between data that's commonly found on the ServiceNow platform and identity data.
Tell me some more about that, Matt.
Matthew Salt
Yeah, absolutely. So one of the themes that's appearing and sort of starting to appear the more we talk to customers is that they're really trying to find that that comprehensive way to manage both identity data and that wider enterprise system data that is common on ServiceNow, and they want to do that in that single source of truth on one platform. And when we sort of dig into those conversations, it's clear that's really driven by industry regulations and audits. And as part of those regulations and audits, our customers really need demonstrate that identity data within the system is live, it's accurate but also crucially connected to that wider enterprise data and what that means is actually our customers aren't siloing and isolating data sources. They're bringing all of that together and creating those important connections between the data.
Mike Tierney
Put that into context from an identity perspective, what are we talking about?
Matthew Salt
So from the identity perspective, so typically we'd be concerned with the recertification of system access and entitlements. But there is that growing interest in our customer base of being able to provide more functionality in the same interface, so being able to actually review and amend fields on specific records within our identity warehouse within that same interface and that's where the term ‘metadata review’ is starting to come from because our customers see those fields on the records as metadata. More specifically, I'm talking about really being able to set, manage and validate those crucial links with the ServiceNow CMDB.
A link in CIs and software entitlements to identity entitlements via fields on the entitlement form and the entitlement record in our identity warehouse.
And that's made so much easier, obviously because we are all on one platform and able to make those links on ServiceNow.
Mike Tierney
So that that sounds like that might branch into benefits from a software asset management perspective too. I know that's not what we're talking about today, but maybe we'll get to that in the future.
So let's take a look.
Matthew Salt
So we're jumping into our employee service center or ESC in one of our demo instances. You can see it's just been configured to be our own Clear Skye branding. I'm going to jump into my access governance topic and straight to my access reviews.
Typically the way we create access reviews really means that we can set data filters and review types to really hone in on the data set we want to review.
And as a part of that really create additional new actions that trigger appropriate updates to fields and records and also workflows off the back of them.
So by creating a few new review templates and a couple of new review actions, I'm able to deliver a couple of these metadata reviews. Normally we'd be concerned with something like an Active Directory group review, where I'm jumping into the review and I'm keeping or removing access from a specific account or a specific entitlement.
Matthew Salt
Here what we're looking at today are our metadata reviews. First and foremost, let's look at the link into Cis and the link into software entitlements. A simple review here gives me a couple of options. Firstly, on the connection admin entitlement, I'm going to look up a server. So this is a reference to the service CIs in the CMDB. I'm presented with all those that I can select and I'll just randomly select one and hit submit. Secondly, on the SLA admin record, I'm able to assign a software entitlement. By selecting the action again. I'm presented with a reference to the software entitlements. I'll select software 001 and press submit. Now when I submit this review and confirm the submission, this will then fire off automatically to our identity warehouse and update the two entitlement records in the back end. And if there's any onward workflows to target systems to update fields there as well; they all trigger. Now that's one really simple example. The other example that that maybe is even simpler than that is reassigning owners and updating descriptions. So again, we're looking at some really simple entitlements here and being able to make changes on them through the same review interface delivered via our review engine.
Mike Tierney
And you said something right there that that I think is important. We have a review engine, not an access review engine, and that that's what we built with this sort of thing in mind.
Matthew Salt
So moving into the other really simple example here, we're just reassigning owners and updating descriptions. So you can have these actions as complex and referenced into ServiceNow as you like, but also some of the really simple fields on our forms can be updated as well. So for the Chicago building access, I'm just going to acknowledge everything's OK for the Chicago emergency communication. I'm going to update description. And for the Chicago users entitlement, I'm going to assign it to a new owner and let's just give it to Andy Test for now. Again, in the same way that the previous access review submitted when I pressed submit here, I'll confirm the submission and all of these updates will be presented automatically within the Identity warehouse. Now how we validate all of this is we jump into administrative portal. I'm already in the entitlements view. I'll just give this a very quick refresh. And you can see here all of the changes that we've made because I filtered the entitlements by when they've been last updated. So the SLA admin entitlement, we added a software entitlement to it. And crucially, the connection admin entitlement. We added a configuration item in the form of that server.
Mike Tierney
So, Matt, I think what you just showed really first it shows the power of having identity data on platform, right, and the ability to make those crucial linkages that we talked about at the outset.
Mike Tierney
I think second you showed something there, maybe without intending to with that ability to review things like descriptions, even though we're we were talking about this in the context of a review engine, is really powerful in the context of an access certification campaign, because a lot of times people don't really know what they're reviewing, but if you do a pre review and you make sure your descriptions are cleaned up and easy to understand, it's going to make your access certifications go faster. I think there's one more benefit there that that I'm going to leave it to you to explain because I think you'll do a better job than I will.
Matthew Salt
As we said this is definitely great for meeting that requirement that customers have and that discussion we're having around creating those crucial links. But beyond that, the links themselves provide a number of sort of the more tangible business benefits. So when we look at linking CIs for example, you can see that impact zone of users and entitlements that are affected. If there's a problem with the server, you know it helps to prioritize our customers response efforts to outages. And then you sort of touched on it earlier around the software asset management side of things. If we're linking those software entitlements to identity entitlements, actually you know the thing we talk about most in software asset management is harvesting licenses when a user leaves the organization. We extend that to actually we know there are entitlements associated with user accounts. If that user is not logged into that account for six, nine months, why do they still have a license? Can we not harvest that license earlier than anticipated? And drive some more cost savings and benefits for our customers. So this is really how our customers sort of see our review engine and the power of the review engine can bring to start with and therefore the benefit of Clear Skye and having identity on ServiceNow as a whole.
Mike Tierney
That was great, Matt. And here's just a quick look at the architecture that makes that all possible. If you want to learn more, you can click on the link in the post associated with this video. And that is this week's episode of Better Ways. We IGA like to thank everybody for joining us.
