Authorize Workspace ONE Intelligence to connect and share data with third-party services in the Integrations area. Services include connecting to other systems in your Workspace ONE deployment, automation services, and trust network services. Find information about Workspace ONE UEM, Slack, ServiceNow, and App Approvals.
Enter Workspace ONE UEM API communication credentials in Workspace ONE Intelligence so that it can use the Workspace ONE UEM API server for communication with other third-party services for Workflows.
Note: Use OAuth 2.0, where available, for API communication. The process to configure OAuth 2.0 authentication is outlined in OAuth 2.0 authentication procedure.
Generate an API key in Workspace ONE UEM console. See Workflows for details.
(https://)
in the entry./API
from the URL.xxxx.xxxx.com/API
, add https://
and remove /API
to enter https://xxxx.xxxx.com
.Note: We've udpated the integration with Slack but this legacy process continues to work. For the latest integration process, see Slack Web API Integration
Configure Slack for API communication so that you can register it with Workspace ONE Intelligence and use Slack Workflow Actions.
Slack WebHook URL
in the Base URL field.Configure your ServiceNow account for API communication so that you can register ServiceNow with Workspace ONE Intelligence and use ServiceNow Workflow Actions.
See the [ServiceNow Product documentation site] (https://docs.servicenow.com/bundle/paris-application-development/page/build/applications/concept/api-rest.html) for details on how to work with REST API roles.
snc_platform_rest_api_access
role to the ServiceNow account. This API controls the Table API for Inbound REST operations.https://instance.service-now.com
for the Base URL.You can control the cost of your application licenses with the integration of the app approvals workflow in Workspace ONE Intelligence.
Many Win32 applications have expensive licenses. You can use app approvals to restrict who can install these applications and to control the cost to manage these resources.
The integration brings several systems together to process app approval requests.
App approvals start with a user requesting to install an app on a Windows device.
Use Workspace ONE Intelligence and your ServiceNow service to request and approve the installation of applications. Start configuring in ServiceNow, then add information to your ServiceNow connection in Workspace ONE Intelligence, and end with editing the app assignment in Workspace ONE UEM.
Have the listed integrations, systems, and settings configured before using app approvals.
Set up ServiceNow to handle incoming, app requests so that you can customize your instance and approval policies. This process uses the ServiceNow's Scripted REST API capability.
To start the request process, Workspace ONE Intelligence sends a request like the sample code to ServiceNow. Requests include details about users, devices, and applications requested for installation.
{
"RequestId": "bffb4469-56fb-4141-9ab0-0897f65143ba",
"RequestFor": {
"UserId": "15",
"UserAttributes": {
"user_name": "username",
"last_name": "user",
"first_name": "name",
"email": "username@example.com"
}
},
"Domain": "${domain}",
"DeviceId": 123,
"DeviceProperties": {
"name": "Device Name",
"device_udid": "F11C43E8307092418D7D5B0D9B48F235",
"platform": "Windows 10"
},
"Notes": "Notes",
"CatalogItem": {
"Id": "267",
"Name": "App Name",
"Categories": null,
"Properties": {
"package_id": "{12345A78-40C1-2702-0000-000004000000}",
"version": "9.20.0",
"platform": "WinRT"
}
},
"DueDate": 1568989813956,
"Links": {
"ApprovalNotify": {
"Url": "<CallbackURL>"
}
}
}
Scripted REST APIs
.Workspace ONE App Approval
, in the Name text box.appapproval
, and record your API namespace because you enter it in Workspace ONE Intelligence later in this process. /request
. The resource path displays as /api/<namespace>/appapproval/request
. If the path is not in this format, the request fails. To fix, check that the Scripted REST API and resource have the correct names.(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
var RequestID = request.body.data.RequestId;
var CallbackURL = request.body.data.Links.ApprovalNotify.Url;
var DeviceID = request.body.data.DeviceId;
var Notes = request.body.data.Notes;
var AppName = request.body.data.CatalogItem.Name;
var UserID = request.body.data.RequestFor.UserId;
var UserName = request.body.data.RequestFor.UserAttributes.user_name;
var FirstName = request.body.data.RequestFor.UserAttributes.first_name;
var LastName = request.body.data.RequestFor.UserAttributes.last_name;
gs.info("Request Recieved");
var create = new GlideRecord('sc_request');
create.initialize();
create.setValue('short_description',"Request for Installation of " + AppName);
create.setValue('description',FirstName + " " + LastName + " Requests Installation of " + AppName);
create.setValue('u_uem_callback_url',CallbackURL);
create.setValue('u_uem_notes',Notes);
create.setValue('u_uem_device_id',DeviceID);
create.setValue('u_uem_request_id',RequestID);
create.setValue('u_uem_user_id',UserID);
create.setValue('u_requesting_user',UserName);
create.insert();
response.setStatus(200);
})(request, response);
Add custom fields to the Request ticket with tables in ServiceNow. Custom fields help to compile the outgoing approval and rejection API requests to Workspace ONE Intelligence.
Search Tables
in the ServiceNow navigation bar and select System Definition > Tables.
Search for the Table Name sc_request
and open to view column details. If you search on the table label, the table's label is request.
Add columns by adding required values the system returns to Workspace ONE Intelligence, and add their respective value in the API request.
ApprovalNotify.URL
= UEM Callback URLDeviceId
= UEM Device IDRequestId
= UEM Request IDAdd optional values. If you change the default Column Name, update your script to use the updated column name.
UserId
= UEM User IDuser_name
= Requesting UserNotes
= UEM NotesType | Column Label | Column Name | Max Length |
---|---|---|---|
String | UEM Callback URL | u_uem_callback_url | 2048 |
Integer | UEM Device ID | u_uem_device_id | NA |
String | UEM Request ID | u_uem_request_id | 40 |
Integer | UEM User ID | u_uem_user_id | NA |
String | Requesting User | u_requesting_user | 40 |
String | UEM Notes | u_uem_notes | 4000 |
Select Update and save the table.
Optionally, you can use Form Sections in the System UI to hide columns and values from the UI. Hiding columns and values sets them to be used only in API requests.
approval_status
and drag it into the approval value.ApprovalStatus
.(function execute(inputs, outputs) {
var approval_lc = inputs.approval_status;
outputs.ApprovalStatus = approval_lc.toUpperCase();
})(inputs, outputs);
Content-Type =application/json
.Text
.{
"data":{
"request_id": "action-Request ID",
"device_id": "action-Device ID",
"approval_status": "step-Script step-ApprovalStatus",
"updated_by": "action-Updated By",
"notes" : "action-Notes",
"updated_at" : "action-Updated At"
}
}
[Approval - is one of - Approved, Rejected] and [UEM Callback URL - is not empty]
.Statuses in the Workspace ONE UEM console and in the Workspace ONE Intelligent Hub on devices represent specific steps in the request and approval process for app approvals.
Admins can view the status of an app approval in the Workspace ONE UEM console, in Apps & Books and in Device Details > Apps tab.
Status | Description |
---|---|
Pending Approval | The user requested to install an application. Through Workspace ONE Intelligence, ServiceNow created a ticket for the admin to approve the installation. The ticket awaits approval in the ServiceNow system. |
Install Command Dispatched | The admin approved installation. Through Workspace ONE Intelligence, Workspace ONE UEM sent an installation command to the database. The device consumed the command. |
Installed | The device reported to Workspace ONE UEM that the application installed successfully. |
Rejected | The admin rejected the ServiceNow ticket for installation. The user must request to install the application again. |
Expired | The admin did not approve or reject the ServiceNow ticket within 14 days. The user must request to install the application again. |
Error | The app approval system encountered an error somewhere in the process. The error stopped the process. The user must request to install the application again. |
Users access the app through the Workspace ONE Intelligent Hub. They select Request to initiate an installation. After initiating a request, the Workspace ONE Intelligent Hub displays a status to identify where in the process the request for installation exists.
Status | Description |
---|---|
Request | The admin uploaded the application and enabled Require Approval to Install in the app assignment. |
Pending | Workspace ONE Intelligence received a request from Workspace ONE UEM and sent the request to ServiceNow. ServiceNow created a ticket for approval of installation. The system awaits the admin approval. |
Installing | The admin approved the ServiceNow ticket for installation and the Workspace ONE UEM database has initiated an installation command. |
Installed | The device reported back to Workspace ONE UEM that the application successfully installed. |