Integrations in Workspace ONE Intelligence

Authorize Workspace ONE Intelligence to connect and share data with third-party services in the Integrations area. Services include connecting to other systems in your Workspace ONE deployment, automation services, and trust network services. Find information about Workspace ONE UEM, Slack, ServiceNow, and App Approvals.

Workspace ONE UEM

Enter Workspace ONE UEM API communication credentials in Workspace ONE Intelligence so that it can use the Workspace ONE UEM API server for communication with other third-party services for Workflows.

Note: Use OAuth 2.0, where available, for API communication. The process to configure OAuth 2.0 authentication is outlined in OAuth 2.0 authentication procedure.

Prerequisites

Generate an API key in Workspace ONE UEM console. See Workflows for details.

Procedure

  1. Access the Workspace ONE Intelligence UI.
  2. Navigate to Integrations > Data Sources.
  3. Select Set Up for the Workspace ONE UEM process.
  4. Select Provide Credentials and configure the settings.
    • Base URL - Enter your Workspace ONE UEM REST API URL.
      • Include the protocol (https://) in the entry.
      • Remove /API from the URL.
      • For example, if your URL displays as xxxx.xxxx.com/API, add https:// and remove /API to enter https://xxxx.xxxx.com.
    • API User Name - Enter the user name for the specific admin you created to automate workflows.
    • API User Password - Enter the password for the admin.
    • Workspace ONE UEM Tenant Code - Enter the API key that the Workspace ONE UEM console generated when you enabled REST API communications.

Slack

Note: We've udpated the integration with Slack but this legacy process continues to work. For the latest integration process, see Slack Web API Integration

Configure Slack for API communication so that you can register it with Workspace ONE Intelligence and use Slack Workflow Actions.

Procedure

  1. In Slack Help, search for Incoming WebHooks.
  2. In Slack, configure an Incoming Webhook Integration so that you can connect to Slack API and send messages.
  3. Define a default channel for messages. You can override this channel when you create a message.
  4. In Workspace ONE Intelligence, navigate to Integrations > Workflow Connectors > Slack > Set Up.
  5. On the Provide Credentials tab, enter the Slack WebHook URL in the Base URL field.
  6. Select No Authentication as the Authentication Type.

ServiceNow

Configure your ServiceNow account for API communication so that you can register ServiceNow with Workspace ONE Intelligence and use ServiceNow Workflow Actions.

See the [ServiceNow Product documentation site] (https://docs.servicenow.com/bundle/paris-application-development/page/build/applications/concept/api-rest.html) for details on how to work with REST API roles.

Procedure

  1. In your ServiceNow account, add the snc_platform_rest_api_access role to the ServiceNow account. This API controls the Table API for Inbound REST operations.
  2. In Workspace ONE Intelligence, navigate to Integrations > Workflow Connectors > ServiceNow > Set Up.
  3. On the Provide Credentials tab, enter authentication credentials and enter https://instance.service-now.com for the Base URL.

App approvals

You can control the cost of your application licenses with the integration of the app approvals workflow in Workspace ONE Intelligence.

Many Win32 applications have expensive licenses. You can use app approvals to restrict who can install these applications and to control the cost to manage these resources.

The integration brings several systems together to process app approval requests.

  • Workspace ONE UEM - Manages the application and distributes it to the Workspace ONE Intelligent Hub catalog on devices.
  • VMware Workspace ONE Intelligence - Communicates between your ServiceNow environment and your Workspace ONE UEM deployment.
  • ServiceNow - Manages the request and the approval process.

Process for app approvals

App approvals start with a user requesting to install an app on a Windows device.

  1. Users request to install applications through the Workspace ONE Intelligent Hub app on their devices. They use the Request menu item in the catalog. If needed, users can enter a justification to initiate the app request process.
  2. VMware Workspace ONE Intelligence sends requests to ServiceNow. The requests contain information about users, devices, and requested applications.
  3. ServiceNow processes requests according to workflows (configured in ServiceNow) and according to company policies.
  4. ServiceNow sends responses back to VMware Workspace ONE Intelligence. Responses include approvals or rejections.
    • Approvals result in the automatic installation of applications.
    • Rejections result in returns to Request states in the Workspace ONE Intelligent Hub.
  5. If approved, Workspace ONE UEM sends the app to Workspace ONE Intelligent Hub for installing on the device.

Configure app approvals

Use Workspace ONE Intelligence and your ServiceNow service to request and approve the installation of applications. Start configuring in ServiceNow, then add information to your ServiceNow connection in Workspace ONE Intelligence, and end with editing the app assignment in Workspace ONE UEM.

Prerequisites

Have the listed integrations, systems, and settings configured before using app approvals.

  • Use Workspace ONE UEM version required for Workspace ONE Intelligence.
  • Register Workspace ONE UEM with Workspace ONE Intelligence.
  • Have a ServiceNow instance with the ServiceNow Integration Hub plugin, and Register ServiceNow with Workspace ONE Intelligence.
  • Use Hub Services and use the Intelligent Hub app as your app catalog.
  • Use Windows devices.
  • Use native apps managed in Workspace ONE UEM (internal, public, and purchased).
  • Know about app assignments in Workspace ONE UEM. Access Add Assignments and Exclusions to Applications for information on app assignments.

Set up ServiceNow to handle incoming app requests

Set up ServiceNow to handle incoming, app requests so that you can customize your instance and approval policies. This process uses the ServiceNow's Scripted REST API capability.

To start the request process, Workspace ONE Intelligence sends a request like the sample code to ServiceNow. Requests include details about users, devices, and applications requested for installation.

{
  "RequestId": "bffb4469-56fb-4141-9ab0-0897f65143ba",
  "RequestFor": {
    "UserId": "15",
    "UserAttributes": {
      "user_name": "username",
      "last_name": "user",
      "first_name": "name",
      "email": "username@example.com"
    }
  },
  "Domain": "${domain}",
  "DeviceId": 123,
  "DeviceProperties": {
    "name": "Device Name",
    "device_udid": "F11C43E8307092418D7D5B0D9B48F235",
    "platform": "Windows 10"
  },
  "Notes": "Notes",
  "CatalogItem": {
    "Id": "267",
    "Name": "App Name",
    "Categories": null,
    "Properties": {
      "package_id": "{12345A78-40C1-2702-0000-000004000000}",
      "version": "9.20.0",
      "platform": "WinRT"
    }
  },
  "DueDate": 1568989813956,
  "Links": {
    "ApprovalNotify": {
      "Url": "<CallbackURL>"
    }
  }
}
  1. Log in to ServiceNow and search for Scripted REST APIs.
  2. Add a Scripted REST API.
  3. Enter a descriptive name, like Workspace ONE App Approval, in the Name text box.
  4. Enter the API ID as appapproval, and record your API namespace because you enter it in Workspace ONE Intelligence later in this process. In ServiceNow, while adding a scripted REST API, see the API ID and the API namespace menu items for your Workspace ONE Intelligence app approval.
  5. Go to the Resources section and add a Resource.
  6. Enter the Resource Name as Request.
  7. Use POST for the HTTP Method.
  8. Check that the Relative Path is /request. The resource path displays as /api/<namespace>/appapproval/request. If the path is not in this format, the request fails. To fix, check that the Scripted REST API and resource have the correct names.
  9. Configure the script to match your environment. Store values as part of the ServiceNow Request. Storing the values compiles the outgoing API request after the request ticket is approved or rejected. You can customize the sample code for your deployment. You can create a cart item within a request or link the user name to your system's SYSID.
(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
    var RequestID = request.body.data.RequestId;
    var CallbackURL = request.body.data.Links.ApprovalNotify.Url;
    var DeviceID = request.body.data.DeviceId;
    var Notes = request.body.data.Notes;
    var AppName = request.body.data.CatalogItem.Name;
    var UserID = request.body.data.RequestFor.UserId;
    var UserName = request.body.data.RequestFor.UserAttributes.user_name;
    var FirstName = request.body.data.RequestFor.UserAttributes.first_name;
    var LastName = request.body.data.RequestFor.UserAttributes.last_name;
    gs.info("Request Recieved");
    var create = new GlideRecord('sc_request');
    create.initialize();
    create.setValue('short_description',"Request for Installation of " + AppName);
    create.setValue('description',FirstName + " " + LastName + " Requests Installation of " + AppName);
    create.setValue('u_uem_callback_url',CallbackURL);
    create.setValue('u_uem_notes',Notes);
    create.setValue('u_uem_device_id',DeviceID);
    create.setValue('u_uem_request_id',RequestID);
    create.setValue('u_uem_user_id',UserID);
    create.setValue('u_requesting_user',UserName);
     
    create.insert();
     
    response.setStatus(200);
})(request, response);

Add custom fields to the request ticket ServiceNow

Add custom fields to the Request ticket with tables in ServiceNow. Custom fields help to compile the outgoing approval and rejection API requests to Workspace ONE Intelligence.

  1. Search Tables in the ServiceNow navigation bar and select System Definition > Tables.

  2. Search for the Table Name sc_request and open to view column details. If you search on the table label, the table's label is request.

  3. Add columns by adding required values the system returns to Workspace ONE Intelligence, and add their respective value in the API request.

    • ApprovalNotify.URL = UEM Callback URL
    • DeviceId = UEM Device ID
    • RequestId = UEM Request ID
  4. Add optional values. If you change the default Column Name, update your script to use the updated column name.

    • UserId = UEM User ID
    • user_name = Requesting User
    • Notes = UEM Notes
    Type Column Label Column Name Max Length
    String UEM Callback URL u_uem_callback_url 2048
    Integer UEM Device ID u_uem_device_id NA
    String UEM Request ID u_uem_request_id 40
    Integer UEM User ID u_uem_user_id NA
    String Requesting User u_requesting_user 40
    String UEM Notes u_uem_notes 4000
  5. Select Update and save the table.

  6. Optionally, you can use Form Sections in the System UI to hide columns and values from the UI. Hiding columns and values sets them to be used only in API requests.

Configure an action in ServiceNow

  1. In ServiceNow, go to Flow Designer > New > Action to configure an action for a workflow. ServiceNow workflows send an approval or rejection response to Workspace ONE Intelligence.
  2. Enter a name and metadata in Action Properties. In the ServiceNow UI, configure the Action Properties window for your Workspace ONE Intelligence app approval.
  3. Define Inputs for the action.
    • Request ID
    • Device ID
    • Updated By
    • Notes
    • Updated At
    • Callback URL
    • Approval In the ServiceNow UI, see the Inputs tab for the action in the Workspace ONE Intelligence app approval.
  4. Add a Script step by selecting the plus sign (+) in the Action Outline section. Then, got to Utilities > Script Step. The script step converts the approval status string to uppercase to prepare for the API call.
    • Define the input variable as approval_status and drag it into the approval value.
    • Add the sample code that converts the approval status to uppercase.
    • Define the output variable as ApprovalStatus.
(function execute(inputs, outputs) {
var  approval_lc = inputs.approval_status;
 
outputs.ApprovalStatus = approval_lc.toUpperCase();
})(inputs, outputs);

In the ServiceNow UI, see the Script step tab with the inputs-outputs code in the Script text field.

  1. Add a REST step to the action.
    • Use the Callback URL variable as the Base URL value.
    • Use POST as the HTTP Method.
    • Add the header Content-Type =application/json.
    • Define the Request Type as Text.
    • Enter the Request Body payload like the sample code. Replace values in the sample code with your data variables.
    • Save the action.
{
"data":{
    "request_id": "action-Request ID", 
    "device_id": "action-Device ID", 
    "approval_status": "step-Script step-ApprovalStatus", 
    "updated_by": "action-Updated By", 
    "notes" : "action-Notes", 
    "updated_at" : "action-Updated At"
    }
}

In the ServiceNow UI, see the Rest step tab with the request body code in the Request Content section.

Create a workflow in ServiceNow

  1. In ServiceNow, create a workflow with the approval action, depending on your organization's approval policies.
  2. In the Flow Designer, select New.
  3. Populate metadata that includes properties for Flow, Application, and Run As.
  4. To create a trigger, use Updated to find changes in the ticket statuses. In the ServiceNow UI, see the Updated tab that displays trigger types.
  5. Select Request[sc_request] as the Table.
  6. Define a Condition as [Approval - is one of - Approved, Rejected] and [UEM Callback URL - is not empty].
  7. Select Once for Run Trigger. In the ServiceNow UI, see the Run Trigger field after the Condition in the request update.
  8. Add the AppApproval action. In the ServiceNow UI, find the app approval and add it to the action for the flow.
  9. Add appropriate values from the request table that match the required action inputs. In the ServiceNow UI, view the example request table matched to action inputs.
  10. Save and activate the workflow.

Add scripted REST API namespace to Intelligence

  1. In Workspace ONE Intelligence, go to Integrations > Data Sources > ServiceNow.
  2. Edit the connection to include the API Namespace. You recorded this value while adding the Scripted REST API to ServiceNow.

Require approval

  1. To require approval, edit the app assignment in Workspace ONE UEM. Editing an app assignment to require approval enables users to request to install apps with the Workspace ONE Intelligent Hub on Windows devices.
  2. In the Workspace ONE UEM console, navigate to the appropriate app and edit the assignment.
  3. Enable Require Approval To Install. In the Workspace ONE UEM console, configure the app to require an approval before installation.
    In the Workspace ONE Intelligent Hub on the device, users select the Request menu item in the catalog. Users can enter a justification to initiate the app request process. After the request is approved by the appropriate individual through ServiceNow, the app is installed.

App approval statuses

Statuses in the Workspace ONE UEM console and in the Workspace ONE Intelligent Hub on devices represent specific steps in the request and approval process for app approvals.

Workspace ONE UEM app approval statuses

Admins can view the status of an app approval in the Workspace ONE UEM console, in Apps & Books and in Device Details > Apps tab.

Status Description
Pending Approval The user requested to install an application. Through Workspace ONE Intelligence, ServiceNow created a ticket for the admin to approve the installation. The ticket awaits approval in the ServiceNow system.
Install Command Dispatched The admin approved installation. Through Workspace ONE Intelligence, Workspace ONE UEM sent an installation command to the database. The device consumed the command.
Installed The device reported to Workspace ONE UEM that the application installed successfully.
Rejected The admin rejected the ServiceNow ticket for installation. The user must request to install the application again.
Expired The admin did not approve or reject the ServiceNow ticket within 14 days. The user must request to install the application again.
Error The app approval system encountered an error somewhere in the process. The error stopped the process. The user must request to install the application again.

Workspace ONE Intelligent Hub app approval statuses

Users access the app through the Workspace ONE Intelligent Hub. They select Request to initiate an installation. After initiating a request, the Workspace ONE Intelligent Hub displays a status to identify where in the process the request for installation exists.

Status Description
Request The admin uploaded the application and enabled Require Approval to Install in the app assignment.
Pending Workspace ONE Intelligence received a request from Workspace ONE UEM and sent the request to ServiceNow. ServiceNow created a ticket for approval of installation. The system awaits the admin approval.
Installing The admin approved the ServiceNow ticket for installation and the Workspace ONE UEM database has initiated an installation command.
Installed The device reported back to Workspace ONE UEM that the application successfully installed.
check-circle-line exclamation-circle-line close-line
Scroll to top icon