Use Workspace ONE Intelligence and your ServiceNow service to request and approve the installation of applications. Start configuring in ServiceNow, then add information to your ServiceNow connection in Workspace ONE Intelligence, and end with editing the app assignment in Workspace ONE UEM.

Prerequisites

Have the listed integrations, systems, and settings configured before using app approvals.

Procedure

  1. Set up ServiceNow to handle incoming, app requests so that you can customize your instance and approval policies. This process uses the ServiceNow's Scripted REST API capability.
    To start the request process, Workspace ONE Intelligence sends a request like the sample code to ServiceNow. Requests include details about users, devices, and applications requested for installation.
    {
      "RequestId": "bffb4469-56fb-4141-9ab0-0897f65143ba",
      "RequestFor": {
        "UserId": "15",
        "UserAttributes": {
          "user_name": "username",
          "last_name": "user",
          "first_name": "name",
          "email": "username@example.com"
        }
      },
      "Domain": "${domain}",
      "DeviceId": 123,
      "DeviceProperties": {
        "name": "Device Name",
        "device_udid": "F11C43E8307092418D7D5B0D9B48F235",
        "platform": "Windows 10"
      },
      "Notes": "Notes",
      "CatalogItem": {
        "Id": "267",
        "Name": "App Name",
        "Categories": null,
        "Properties": {
          "package_id": "{12345A78-40C1-2702-0000-000004000000}",
          "version": "9.20.0",
          "platform": "WinRT"
        }
      },
      "DueDate": 1568989813956,
      "Links": {
        "ApprovalNotify": {
          "Url": "<CallbackURL>"
        }
      }
    }
    1. Log in to ServiceNow and search for Scripted REST APIs.
    2. Add a Scripted REST API.
    3. Enter a descriptive name, like Workspace ONE App Approval, in the Name text box.
    4. Enter the API ID as appapproval, and record your API namespace because you enter it in Workspace ONE Intelligence later in this process.

    5. Go to the Resources section and add a Resource.
    6. Enter the Resource Name as Request.
    7. Use POST for the HTTP Method.
    8. Check that the Relative Path is /request.
      The resource path displays as /api/<namespace>/appapproval/request.
      Important: If the path is not in this format, the request fails. To fix, check that the Scripted REST API and resource have the correct names.
    9. Configure the script to match your environment.

      Store values as part of the ServiceNow Request. Storing the values compiles the outgoing API request after the request ticket is approved or rejected.

      You can customize the sample code for your deployment. You can create a cart item within a request or link the user name to your system's SYSID.

      (function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
          var RequestID = request.body.data.RequestId;
          var CallbackURL = request.body.data.Links.ApprovalNotify.Url;
          var DeviceID = request.body.data.DeviceId;
          var Notes = request.body.data.Notes;
          var AppName = request.body.data.CatalogItem.Name;
          var UserID = request.body.data.RequestFor.UserId;
          var UserName = request.body.data.RequestFor.UserAttributes.user_name;
          var FirstName = request.body.data.RequestFor.UserAttributes.first_name;
          var LastName = request.body.data.RequestFor.UserAttributes.last_name;
          gs.info("Request Recieved");
          var create = new GlideRecord('sc_request');
          create.initialize();
          create.setValue('short_description',"Request for Installation of " + AppName);
          create.setValue('description',FirstName + " " + LastName + " Requests Installation of " + AppName);
          create.setValue('u_uem_callback_url',CallbackURL);
          create.setValue('u_uem_notes',Notes);
          create.setValue('u_uem_device_id',DeviceID);
          create.setValue('u_uem_request_id',RequestID);
          create.setValue('u_uem_user_id',UserID);
          create.setValue('u_requesting_user',UserName);
           
          create.insert();
           
          response.setStatus(200);
      })(request, response);
  2. Add custom fields to the Request ticket with tables in ServiceNow. Custom fields help to compile the outgoing approval and rejection API requests to Workspace ONE Intelligence.
    1. Search Tables in the ServiceNow navigation bar and select System Definition > Tables.
    2. Search for the Table Name sc_request and open to view column details.
      If you search on the table label, the table's label is request.
    3. Add columns.
      • Add required values the system returns to Workspace ONE Intelligence, and add their respective value in the API request.
        • ApprovalNotify.URL = UEM Callback URL
        • DeviceId = UEM Deivce ID
        • RequestId = UEM Request ID
      • Add optional values.
        • UserId = UEM User ID
        • user_name = Requesting User
        • Notes = UEM Notes
      Type Column Label Column Name Max Length
      String UEM Callback URL u_uem_callback_url 2048
      Integer UEM Device ID u_uem_device_id NA
      String UEM Request ID u_uem_request_id 40
      Integer UEM User ID u_uem_user_id NA
      String Requesting User u_requesting_user 40
      String UEM Notes u_uem_notes 4000
      Note: If you change the default Column Name, update your script to use the updated column name.
    4. Select Update and save the table.
    5. Optionally, you can use Form Sections in the System UI to hide columns and values from the UI. Hiding columns and values sets them to be used only in API requests.
  3. In ServiceNow, go to Flow Designer > New > Action to configure an action for a workflow.
    ServiceNow workflows send an approval or rejection response to Workspace ONE Intelligence.
    1. Enter a name and metadata in Action Properties.

    2. Define Inputs for the action.
      • Request ID
      • Device ID
      • Updated By
      • Notes
      • Updated At
      • Callback URL
      • Approval

    3. Add a Script step by selecting the plus sign (+) in the Action Outline section. Then, got to Utilities > Script Step. The script step converts the approval status string to uppercase to prepare for the API call.
      1. Define the input variable as approval_status and drag it into the approval value.
      2. Add this sample code that converts the approval status to uppercase.
        (function execute(inputs, outputs) {
        var  approval_lc = inputs.approval_status;
         
        outputs.ApprovalStatus = approval_lc.toUpperCase();
        })(inputs, outputs);
      3. Define the output variable as ApprovalStatus.

    4. Add a REST step to the action.
      1. Use the Callback URL variable as the Base URL value.
      2. Use POST as the HTTP Method.
      3. Add the header Content-Type =application/json.
      4. Define the Request Type as Text.
      5. Enter the Request Body payload like the sample code. Replace values in the sample code with your data variables.
        {
        "data":{
            "request_id": "action-Request ID", 
            "device_id": "action-Device ID", 
            "approval_status": "step-Script step-ApprovalStatus", 
            "updated_by": "action-Updated By", 
            "notes" : "action-Notes", 
            "updated_at" : "action-Updated At"
            }
        }

    5. Save the action.
  4. In ServiceNow, create a workflow with the approval action, depending on your organization's approval policies.
    1. In the Flow Designer, select New.
    2. Populate metadata that includes properties for Flow, Application, and Run As.

    3. To create a trigger, use Updated to find changes in the ticket statuses.

    4. Select Request[sc_request] as the Table.
    5. Define a Condition as [Approval - is one of - Approved, Rejected] and [UEM Callback URL - is not empty]
    6. Select Once for Run Trigger.

    7. Add the AppApproval action.

    8. Add appropriate values from the request table that match the required action inputs.

    9. Save and activate the workflow.
  5. In Workspace ONE Intelligence, add the Scripted REST API Namespace.
    1. In Workspace ONE Intelligence, go to Settings > Integrations > ServiceNow.
    2. Edit the connection to include the API Namespace.
      You recorded this value while adding the Scripted REST API to ServiceNow.

  6. To require approval, edit the app assignment in Workspace ONE UEM.
    Editing an app assignment to require approval enables users to request to install apps with the Workspace ONE Intelligent Hub on Windows 10 devices.
    1. In the Workspace ONE UEM console, navigate to the appropriate app and edit the assignment.
    2. Enable Require Approval To Install.