Oracle Cloud Infrastructure Documentation

Self Service Using ServiceNow for Administrators

Oracle Access Governance Service Catalog administrator tasks include the following:
  • Install Oracle Access Governance Service Catalog application.
  • Configure Oracle Access Governance connection details.
  • Synchronize access bundles.
  • Synchronize request status.

Install Oracle Access Governance Service Catalog Application

To enable Oracle Access Governance Service Catalog functionality in the ServiceNow you firstly need to install the supporting ServiceNow application.

Note

Assumes that you have completed the prerequisite task Integrate with ServiceNow (UM) and configured a ServiceNow (UM) orchestrated system in authoritative mode before setting up Oracle Access Governance Service Catalog.
To install the Oracle Access Governance Service Catalog application:
  1. Navigate to the ServiceNow App Store.
  2. Search for the Oracle Access Governance Service Catalog application.
  3. Install the application referring to the ServiceNow installation documentation.

Configure OCI OAuth To Access Oracle Access Governance API

To authenticate to the OCI instance you want to integrate with you need to configure OCI OAuth access to the Oracle Access Governance API.

To configure OCI OAuth API access:

  1. Create Confidential OAuth Application
    1. Navigate to OCI Console → Identity & Security → Domains
    2. Select the Identity Domain.
    3. Select the Integrated applications tab.
    4. Select Add Application.
    5. Select the Confidential Application tile and select Launch Workflow.
    6. On the Add Confidential Application page:
      1. Enter a Name and Description. For example access-governance-rest-api-oauth.
      2. Select Submit.
  2. Configure OAuth Settings
    1. Select the integrated application you created in the previous step and select the OAuth configuration tab.
    2. Click Edit OAuth Configuration.
    3. Click Configure this application as a client now.
    4. Enable the Add resources toggle.
    5. Set Client Type: Confidential.
    6. Set Client IP Address: Anywhere.
    7. Set Token Issuance Policy: All.
    8. Click Add scope.
      1. Select the Oracle Access Governance service instance you require API access for.
      2. Click Add.
    9. Click Submit.
  3. Activate the Application
    1. In the application list, select Activate from the Actions menu.
    2. Ensure the Status changes from Inactive to Active.
  4. Assign Application Role
    1. Navigate to OCI Console → Identity & Security → Domains
    2. Select the Identity Domain.
    3. Go to the Oracle cloud services tab.
    4. Select the Oracle Access Governance service instance.
    5. Select the Application Roles tab.
    6. Select the role AG_Administrator.
    7. Select Manage applications from the Actions menu.
    8. Select Assign Applications.
    9. Select the Confidential App you created.
    10. Select Assign.

Get OAuth Token URL

Fetch the Domain URL from the OCI cloud account.

  1. In the Oracle cloud account, navigate to Identity & Security, and select Domains.
  2. Apply a compartment filter and then select the domain.
  3. On the Details tab, copy the authentication host in the Domain URL field without the port number. For example, the domain URL is, https://idcs-xxx.identity.example.com
    The authentication URL would be constructed as:
    https://idcs-xxx.identity.example.com/oauth2/v1/token

Configure Oracle Access Governance Service Catalog Application Connection

Once you have installed the Oracle Access Governance Service Catalog application in your ServiceNow instance, you need to configure connection details to integrate the application with your Oracle Access Governance service instance.

To configure the Oracle Access Governance Service Catalog application connection refer to the Oracle Access Governance Service Catalog Installation Guide.

Oracle Access Governance Service Catalog Application Scheduler

Once you have installed and configured the Oracle Access Governance Service Catalog application in your ServiceNow instance, you can refresh the status of requests and load access bundles from your Oracle Access Governance service instance.

To schedule access bundles loading:
  1. In the ServiceNow UI set the application scope to Oracle Access Governance Service Catalog.
  2. Navigate to the ServiceNow UI and search for the Oracle Access Governance Service Catalog application.
  3. Select Load Access Bundle from the ServiceNow application navigator.
  4. The Load access bundle list job is displayed. This job will load the current access bundle from Oracle Access Governance into Oracle Access Governance Service Catalog making them available for request from the ServiceNow portal page. The job allows you to perform the following tasks:
    • Load access bundles on request by selecting the Execute Now option.
    • Activate/de-activate the job
    • Set conditions for the job
    • Setup a time when the job should be run e.g. daily, weekly.
To synchronize status of access requests:
  1. Navigate to the ServiceNow UI and search for the Oracle Access Governance Service Catalog application.
  2. Select Sync Request Status from the ServiceNow application navigator.This job will synchronize access request status Oracle Access Governance to Oracle Access Governance Service Catalog ensuring that the correct status of request is shown in the ServiceNow portal page. The job allows you to perform the following tasks:
    • Synchronize on request by selecting the Execute Now option.
    • Activate/de-activate the job
    • Set conditions for the job
    • Setup a time when the job should be run e.g. daily, weekly.