Integrations in Workspace ONE Intelligence

Authorize Workspace ONE Intelligence to connect and share data with third-party services in the Integrations area. Services include connecting to other systems in your Workspace ONE deployment, automation services, and trust network services. Find information about Workspace ONE UEM, Slack, ServiceNow, and App Approvals.

Workspace ONE UEM

Enter Workspace ONE UEM API communication credentials in Workspace ONE Intelligence so that it can use the Workspace ONE UEM API server for communication with other third-party services for Automations.

Prerequisites

Generate an API key in Workspace ONE UEM console. This process is outlined in the Automations section.

Procedure

1. Access the Workspace ONE Intelligence UI.
2. Navigate to Integrations > Automation Connectors.
3. Select Set Up for the Workspace ONE UEM process.
4. Select Provide Credentials and configure the settings.
   • Base URL - Enter your Workspace ONE UEM REST API URL, and include the protocol (https://) in the entry.
   • API User Name - Enter the user name for the specific admin you created for automation.
   • API User Password - Enter the password for the admin.
   • Workspace ONE UEM Tenant Code - Enter the API key that the Workspace ONE UEM console generated when you enabled REST API communications.

Workspace ONE UEM Integrations Card Displays Data From the Sync Status Page

You can view the Reports > Sync Status data on the Workspace ONE UEM integrations card.

See information that includes data counts and the status of importing data from Workspace ONE UEM to the cloud service. Also, see when the Workspace ONE Intelligence Connector checked in with the cloud service to get this Workspace ONE UEM data.

Slack

Configure Slack for API communication so that you can register it with Workspace ONE Intelligence and use Slack Automation Actions.

Procedure

1. In Slack Help, search for Incoming WebHooks.
2. In Slack, configure an Incoming Webhook Integration so that you can connect to Slack API and send messages.
3. Define a default channel for messages. You can override this channel when you create a message.
4. In Workspace ONE Intelligence, navigate to Integrations > Automation Connectors > Slack > Set Up.
5. On the Provide Credentials tab, enter the Slack WebHook URL in the Base URL field.
6. Select No Authentication as the Authentication Type.

ServiceNow

Configure your ServiceNow account for API communication so that you can register ServiceNow with Workspace ONE Intelligence and use ServiceNow Automation Actions.

Follow the steps in the article REST API roles.

Procedure

1. In your ServiceNow account, add the snc_platform_rest_api_access role to the ServiceNow account. This API controls the Table API for Inbound REST operations.
2. In Workspace ONE Intelligence, navigate to Integrations > Automation Connectors > ServiceNow > Set Up.
3. On the Provide Credentials tab, enter authentication credentials and enter https://instance.service-now.com for the Base URL.

App Approvals

You can control the cost of your application licenses with the integration of the app approvals workflow in Workspace ONE Intelligence.

Many Win32 applications have expensive licenses. You can use app approvals to restrict who can install these applications and to control the cost to manage these resources.

The integration brings several systems together to process app approval requests.

• Workspace ONE UEM - Manages the application and distributes it to the Workspace ONE Intelligent Hub catalog on devices.
• VMware Workspace ONE Intelligence - Communicates between your ServiceNow environment and your Workspace ONE UEM deployment.
• ServiceNow - Manages the request and the approval process.

Process for App Approvals

App approvals start with a user requesting to install an app on a Windows device.

1. Users request to install applications through the Workspace ONE Intelligent Hub app on their devices. They use the Request menu item in the catalog. If needed, users can enter a justification to initiate the app request process.
2. VMware Workspace ONE Intelligence sends requests to ServiceNow. The requests contain information about users, devices, and requested applications.
3. ServiceNow processes requests according to workflows (configured in ServiceNow) and according to company policies.
4. ServiceNow sends responses back to VMware Workspace ONE Intelligence. Responses include approvals or rejections.
   • Approvals result in the automatic installation of applications.
   • Rejections result in returns to Request states in the Workspace ONE Intelligent Hub.
5. If approved, Workspace ONE UEM sends the app to Workspace ONE Intelligent Hub for installing on the device.

Configure App Approvals

Use Workspace ONE Intelligence and your ServiceNow service to request and approve the installation of applications. Start configuring in ServiceNow, then add information to your ServiceNow connection in Workspace ONE Intelligence, and end with editing the app assignment in Workspace ONE UEM.

Prerequisites

Have the listed integrations, systems, and settings configured before using app approvals.

• Use Workspace ONE UEM version required for Workspace ONE Intelligence.
• Register Workspace ONE UEM with Workspace ONE Intelligence.
• Have a ServiceNow instance with the ServiceNow Integration Hub plugin, and Register ServiceNow with Workspace ONE Intelligence.
• Use Hub Services and use the Intelligent Hub app as your app catalog.
• Use Windows devices.
• Use native apps managed in Workspace ONE UEM (internal, public, and purchased).
• Know about app assignments in Workspace ONE UEM. Access Add Assignments and Exclusions to Applications for information on app assignments.

Set up ServiceNow to Handle Incoming App Requests

Set up ServiceNow to handle incoming, app requests so that you can customize your instance and approval policies. This process uses the ServiceNow's Scripted REST API capability.

To start the request process, Workspace ONE Intelligence sends a request like the sample code to ServiceNow. Requests include details about users, devices, and applications requested for installation.

{
  "RequestId": "bffb4469-56fb-4141-9ab0-0897f65143ba",
  "RequestFor": {
    "UserId": "15",
    "UserAttributes": {
      "user_name": "username",
      "last_name": "user",
      "first_name": "name",
      "email": "username@example.com"
    }
  },
  "Domain": "${domain}",
  "DeviceId": 123,
  "DeviceProperties": {
    "name": "Device Name",
    "device_udid": "F11C43E8307092418D7D5B0D9B48F235",
    "platform": "Windows 10"
  },
  "Notes": "Notes",
  "CatalogItem": {
    "Id": "267",
    "Name": "App Name",
    "Categories": null,
    "Properties": {
      "package_id": "{12345A78-40C1-2702-0000-000004000000}",
      "version": "9.20.0",
      "platform": "WinRT"
    }
  },
  "DueDate": 1568989813956,
  "Links": {
    "ApprovalNotify": {
      "Url": "<CallbackURL>"
    }
  }
}

1. Log in to ServiceNow and search for Scripted REST APIs.
2. Add a Scripted REST API.
3. Enter a descriptive name, like Workspace ONE App Approval, in the Name text box.
4. Enter the API ID as appapproval, and record your API namespace because you enter it in Workspace ONE Intelligence later in this process.
5. Go to the Resources section and add a Resource.
6. Enter the Resource Name as Request.
7. Use POST for the HTTP Method.
8. Check that the Relative Path is /request. The resource path displays as /api/<namespace>/appapproval/request. If the path is not in this format, the request fails. To fix, check that the Scripted REST API and resource have the correct names.
9. Configure the script to match your environment. Store values as part of the ServiceNow Request. Storing the values compiles the outgoing API request after the request ticket is approved or rejected. You can customize the sample code for your deployment. You can create a cart item within a request or link the user name to your system's SYSID.

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
    var RequestID = request.body.data.RequestId;
    var CallbackURL = request.body.data.Links.ApprovalNotify.Url;
    var DeviceID = request.body.data.DeviceId;
    var Notes = request.body.data.Notes;
    var AppName = request.body.data.CatalogItem.Name;
    var UserID = request.body.data.RequestFor.UserId;
    var UserName = request.body.data.RequestFor.UserAttributes.user_name;
    var FirstName = request.body.data.RequestFor.UserAttributes.first_name;
    var LastName = request.body.data.RequestFor.UserAttributes.last_name;
    gs.info("Request Recieved");
    var create = new GlideRecord('sc_request');
    create.initialize();
    create.setValue('short_description',"Request for Installation of " + AppName);
    create.setValue('description',FirstName + " " + LastName + " Requests Installation of " + AppName);
    create.setValue('u_uem_callback_url',CallbackURL);
    create.setValue('u_uem_notes',Notes);
    create.setValue('u_uem_device_id',DeviceID);
    create.setValue('u_uem_request_id',RequestID);
    create.setValue('u_uem_user_id',UserID);
    create.setValue('u_requesting_user',UserName);
     
    create.insert();
     
    response.setStatus(200);
})(request, response);

Add Custom Fields to the Request Ticket ServiceNow

Add custom fields to the Request ticket with tables in ServiceNow. Custom fields help to compile the outgoing approval and rejection API requests to Workspace ONE Intelligence.

1. Search Tables in the ServiceNow navigation bar and select System Definition > Tables.

2. Search for the Table Name sc_request and open to view column details. If you search on the table label, the table's label is request.

3. Add columns by adding required values the system returns to Workspace ONE Intelligence, and add their respective value in the API request.

   • ApprovalNotify.URL = UEM Callback URL
   • DeviceId = UEM Device ID
   • RequestId = UEM Request ID

4. Add optional values. If you change the default Column Name, update your script to use the updated column name.

   • UserId = UEM User ID
   • user_name = Requesting User
   • Notes = UEM Notes

   Type	Column Label	Column Name	Max Length
   String	UEM Callback URL	u_uem_callback_url	2048
   Integer	UEM Device ID	u_uem_device_id	NA
   String	UEM Request ID	u_uem_request_id	40
   Integer	UEM User ID	u_uem_user_id	NA
   String	Requesting User	u_requesting_user	40
   String	UEM Notes	u_uem_notes	4000

5. Select Update and save the table.

6. Optionally, you can use Form Sections in the System UI to hide columns and values from the UI. Hiding columns and values sets them to be used only in API requests.

Configure an Action in ServiceNow

1. In ServiceNow, go to Flow Designer > New > Action to configure an action for a workflow. ServiceNow workflows send an approval or rejection response to Workspace ONE Intelligence.
2. Enter a name and metadata in Action Properties.
3. Define Inputs for the action.
   • Request ID
   • Device ID
   • Updated By
   • Notes
   • Updated At
   • Callback URL
   • Approval
4. Add a Script step by selecting the plus sign (+) in the Action Outline section. Then, got to Utilities > Script Step. The script step converts the approval status string to uppercase to prepare for the API call.
   • Define the input variable as approval_status and drag it into the approval value.
   • Add the sample code that converts the approval status to uppercase.
   • Define the output variable as ApprovalStatus.

(function execute(inputs, outputs) {
var  approval_lc = inputs.approval_status;
 
outputs.ApprovalStatus = approval_lc.toUpperCase();
})(inputs, outputs);

5. Add a REST step to the action. - Use the Callback URL variable as the Base URL value. - Use POST as the HTTP Method. - Add the header Content-Type =application/json. - Define the Request Type as Text. - Enter the Request Body payload like the sample code. Replace values in the sample code with your data variables. - Save the action.

{
"data":{
    "request_id": "action-Request ID", 
    "device_id": "action-Device ID", 
    "approval_status": "step-Script step-ApprovalStatus", 
    "updated_by": "action-Updated By", 
    "notes" : "action-Notes", 
    "updated_at" : "action-Updated At"
    }
}

Create a Workflow in ServiceNow

1. In ServiceNow, create a workflow with the approval action, depending on your organization's approval policies.
2. In the Flow Designer, select New.
3. Populate metadata that includes properties for Flow, Application, and Run As.
4. To create a trigger, use Updated to find changes in the ticket statuses.
5. Select Request[sc_request] as the Table.
6. Define a Condition as [Approval - is one of - Approved, Rejected] and [UEM Callback URL - is not empty].
7. Select Once for Run Trigger.
8. Add the AppApproval action.
9. Add appropriate values from the request table that match the required action inputs.
10. Save and activate the workflow.

Add Scripted REST API Namespace to Intelligence

1. In Workspace ONE Intelligence, go to Integrations > Automation Connectors > ServiceNow.
2. Edit the connection to include the API Namespace. You recorded this value while adding the Scripted REST API to ServiceNow.

Require Approval

1. To require approval, edit the app assignment in Workspace ONE UEM. Editing an app assignment to require approval enables users to request to install apps with the Workspace ONE Intelligent Hub on Windows devices.
2. In the Workspace ONE UEM console, navigate to the appropriate app and edit the assignment.
3. Enable Require Approval To Install.
   In the Workspace ONE Intelligent Hub on the device, users select the Request menu item in the catalog. Users can enter a justification to initiate the app request process. After the request is approved by the appropriate individual through ServiceNow, the app is installed.

App Approval Statuses

Statuses in the Workspace ONE UEM console and in the Workspace ONE Intelligent Hub on devices represent specific steps in the request and approval process for app approvals.

Workspace ONE UEM App Approval Statuses

Admins can view the status of an app approval in the Workspace ONE UEM console, in Apps & Books and in Device Details > Apps tab.

Status	Description
Pending Approval	The user requested to install an application. Through Workspace ONE Intelligence, ServiceNow created a ticket for the admin to approve the installation. The ticket awaits approval in the ServiceNow system.
Install Command Dispatched	The admin approved installation. Through Workspace ONE Intelligence, Workspace ONE UEM sent an installation command to the database. The device consumed the command.
Installed	The device reported to Workspace ONE UEM that the application installed successfully.
Rejected	The admin rejected the ServiceNow ticket for installation. The user must request to install the application again.
Expired	The admin did not approve or reject the ServiceNow ticket within 14 days. The user must request to install the application again.
Error	The app approval system encountered an error somewhere in the process. The error stopped the process. The user must request to install the application again.

Workspace ONE Intelligent Hub App Approval Statuses

Users access the app through the Workspace ONE Intelligent Hub. They select Request to initiate an installation. After initiating a request, the Workspace ONE Intelligent Hub displays a status to identify where in the process the request for installation exists.

Status	Description
Request	The admin uploaded the application and enabled Require Approval to Install in the app assignment.
Pending	Workspace ONE Intelligence received a request from Workspace ONE UEM and sent the request to ServiceNow. ServiceNow created a ticket for approval of installation. The system awaits the admin approval.
Installing	The admin approved the ServiceNow ticket for installation and the Workspace ONE UEM database has initiated an installation command.
Installed	The device reported back to Workspace ONE UEM that the application successfully installed.