Improve your daily operations for IT management with the Workspace ONE ITSM Connector for ServiceNow. With the ITSM Connector for ServiceNow, helpdesk and support organizations face can access Workspace ONE UEM and Workspace ONE Assist actions from within the ServiceNow portal.

Before You Begin

To configure this connector, you must be able to access the API settings and create API configurations in Workspace ONE UEM at the Organization Group relevant to this setup (typically the latest parent group including all device and application data).

ITSM for ServiceNow supported versions:

  • ServiceNow - Quebec or later
  • Workspace ONE UEM - 2107 or later
  • Workspace ONE Assist - 21.03 or later

Determine your authentication connection. Before configuring the connection in the application, create an OAuth 2.0 client on Workspace ONE UEM or a new dedicated account. Create a role with the required security rights.

For information on the following, see:

Install the Workspace ONE ITSM Connector for ServiceNow

With the Workspace ONE ITSM Connector for ServiceNow, Workspace ONE UEM device actions can only performed on Workspace ONE UEM enrolled devices. While it is not mandatory, consider installing the Service Graph connector for VMware Workspace ONE UEM prior to installing the ITSM connector. The Service Graph connector ensures that all Workspace ONE UEM devices and their details are available in ServiceNow. For more information, see Integration with ServiceNow CMDB

To access Workspace ONE UEM and Workspace ONE Assist functionality from the ServiceNow Incidents page, download and install the VMware Workspace ONE ITSM Connector from the ServiceNow Store.

  1. Log in to your ServiceNow instance as an administrator.
  2. Install the VMware Workspace ONE ITSM Connector plugin from the plugins directory.
  3. Continue through the Guided Setup for the connector.

Configure the Workspace ONE ITSM Connector for ServiceNow

To set up the ITSM connector, you must have the necessary credentials. Search for and select the VMware Workspace ONE ITSM Connector.

To configure the ITSM connector, follow the guided setup. The following are the core configuration actions:
  • Configure the connection - Connects your ServiceNow instance to Workspace ONE UEM.
  • Configure the actions - Configures the actions available to the ITSM agents.
  • Configure the application defaults - Sets the defaults for the application behavior.
  • Assign Roles - Assigns VMware Workspace ONE ITSM Connector roles to Groups and Users.

Configure the Connection

The Workspace ONE ITSM Connector supports authentication to Workspace ONE UEM through an OAuth 2.0 client or a Basic Auth and tenant key. OAuth 2.0 is industry standard protocol for secure authentication and authorization for REST API calls.

Option 1: Configure OAuth Details

Use this option in the ServiceNow guided setup if you are using OAuth 2.0. All details for configuration are for the Workspace ONE UEM API. To complete configuration, select and update the following details:
  1. Go to the Configure OAuth Host details tab and select Configure.
  2. Update the Host text box with the hostname for the Workspace ONE UEM API.
  3. Select the Active check box.

    A warning message might display if you are switching from Basic Auth.

    All the other details on this page are preconfigured and should not be modified.

  4. Go to the Configure OAuth Client details tab and select Configure .
  5. Enter the OAuth Client details the Client ID.
  6. Update the Client Secret.
  7. Update the Token URL.

    All the other details on this page are preconfigured and should not be modified.

Option 2: Configure Basic Auth Details

Use this section in the ServiceNow guided setup if you are using Basic Auth Details. All details for configuration are for the Workspace ONE UEM API. To complete configuration, select and update the following details.

  1. Go to the Configure Basic Auth Host tab and select Configure.
  2. Update the Host text box with the hostname for the Workspace ONE UEM API.
  3. Select the Active check box.

    A warning message might display if you are switching from OAuth.

    All the other details on this page are preconfigured and should not be modified.

  4. Go to the Configure Basic Credentials tab and select Configure.
  5. Update the User Name and the Password text boxes with credentials of the Basic Auth account you created.
  6. Select Update.

    All the other details on this page are preconfigured and should not be modified.

  7. Go to the Configure Tenant Code tab and select Configure.
  8. Update the Value text box with the Tenant Code for the Workspace ONE UEM API. The Tenant Code for your instance appears in your Workspace ONE UEMinstance under Settings > System > Advanced > API > REST API > AirWatchAPI .
  9. Select Update.

Validate Connection Details

After configuring the OAuth or the Basic Auth details, validate the connection. This section is read-only and shows the previously configured key values.

When using OAuth 2.0, select Verify OAuth Token. A message appears confirming that a token can be retrieved. If an error is reported, then verify and fix the credentials. Repeat until it succeeds.

When using OAuth 2.0 or Basic Auth, select Test Connection. The connection to Workspace ONE UEM is verified. The version of the Workspace ONE UEMplatform appears. If there is an error code and error message, then the connection failed. If necessary, verify and update credentials.

Mark each tab as complete before configuring the actions.

Configure the Actions

Configure all the actions available to the ServiceNow ITSM agents. By default, all actions are available. Edit to remove actions that you do not need.

For more information, see Device Actions .

Configure the Application Defaults

Configure the Workspace ONE UEM Note application default settings. The Note application is useful for audits. Configuring this setting adds a note to a device in Workspace ONE UEM after performing every successful action. The note details the time, action, and the ServiceNow user that performed the action.

Assign Roles

After configuring the Application Defaults, you must assign roles. The Workspace ONE ITSM Connector application has three preconfigured roles:
Role Description
WS1UEMStandard This role appears in the system as x_vmw_ws1uem.ws1uemstandard.
WS1UEMAdvanced This role appears in the system as x_vmw_ws1uem.ws1uemadvanced.
WS1ConsoleViewer This role appears in the system as x_vmw_ws1uem.ws1consoleviewer. This role is independent of the WS1UEMStandard and WS1UEMAdvanced roles.
The WS1UEMStandard and WS1UEMAdvanced control what actions are available to the ServiceNow ITSM agents. With the WS1ConsoleViewer role, you can access the Workspace ONE UEM console from the Incident form if you need further investigation or actions.
Action WS1UEMStandard WS1UEMAdvanced
Change Passcode Yes Yes
Lock Device Yes Yes
Remote Assist Yes Yes
Request Logs Yes Yes
Send Message Yes Yes
Soft Reset Yes Yes
Sync Device Yes Yes
Device Wipe No Yes
Enterprise Wipe No Yes
  1. Go to the Assign roles to User Groups or Assign roles to User tab and select Configure.
  2. Select the User or User Group.
  3. Go to the Role tab and select Edit to add the required roles.
  4. Select Save.

Access-based New User Roles

Access-based roles for a new user in Workspace ONE UEM. For a new Workspace ONE UEM user, give the user the following permissions for a proper connection between the ITSM connector and Workspace ONE:

Category Edit Read
API > REST > Devices > REST API MDM Devices Yes No
API > REST >Devices > REST API Devices Write Yes No
API > REST >Devices > REST API Devices Execute Yes No
API > REST >Devices > REST API Devices Advanced Yes No
API > REST >Devices > REST API Devices Read No Yes
Assist Yes No
Device Management > Device Details > Messaging > Device Send Message Yes No
Device Management > Device Details > Messaging > Device Send Message Yes No
Device Management > Device Details > Messaging > Device Send Message Push Notification Yes No
Device Management > Device Details > Lock > Remote Device Lock Yes No
Device Management > Device Details > Enterprise Wipe > Device Remote mdm Yes No
Device Management > Device Details > Enterprise Wipe > Enterprise Reset Yes No
Device Management > Device Details > Device Wipe > Device Wipe Yes No
Device Management > Device Details > Passcode Yes No
Device Management > Device Details > Request Check-in Yes No
Device Management > Device Details > Remote Control Yes No
Device Management > Device Details > Remote View - Device Details Yes No
API > REST > Users > REST API Users Read No Yes