I have spent a fair amount of time recently looking at different ways to build dynamic approvals within Service Manager. As I mentioned recently, we are in need to build approvals for change requests dynamically based on certain criteria. We are also busy automatic our new user account creation process, and for this process a dynamic approval is also required. Simplified, the process needs to work like this:
- User completes application for new user account form on a web portal
- Application is sent for approval to the line manager of the new employee
- Application is sent for approval to compliance team
- User account is created
- Notification sent to line manager and HR of new account created
The line manager is one of the fields on the application form, and is generally not the person completing the form.
We have been using an Infopath form in Sharepoint until recently, but this has provided us with a couple of challenges with the integration into both Service Manager and Orchestrator (mostly due to our environment’s configuration), and we also decided that it probably makes a whole lot more sense to use the Service Manager Self Service Portal instead.
Creating the request offering is fairly straight forward, but I found that I had to somehow add the Line Manager selected from the query results to the incident template – because this item simply would not map like any of the other prompts – and opted to add the item as a related item:
The user selected is then added as a related configuration item:
Because I am using an incident template (mostly to satisfy compliance requirements), I need to log a corresponding Service Request to facilitate the approval steps. So, my runbook looks like this now:
It is no-where near complete, but it is starting to bring the functionality that I need for this, as well as for the change management challenge. So, let’s talk through the runbook quickly:
- Get the incident raised. I extended the incident class to always include a functional area, and filter the incidents to the new user request functional area that I inserted into the template created for this purpose
- Get the related user. This step is a little tricky, because it will return all the related user items, including the user who logged the incident (affected user), so the link to the next step filters as follows:
- Now, use the Get Object activity to get the user’s CI from the CMDB.
- This is a quick format date/time step to ensure the start date entered in the application form is in a format that SC is happy with – this step is optional
- Create the service request. Again, I extended the SR class to cater for all the fields we require populated for a new user, as well as a user changing detail and leaving, so during this step, these details are populated from the incident.
- From here, I create 2 related objects, and select the Review Activity as the target class:
As we want the line manager approval to happen before the compliance approval, I set the SequenceID for each item.
- Using the great powershell script shared by Roman here with some slight modifications for our environment, we can now set the reviewers.
Note: You will need to install the SMLets components to make this work.
- Lastly, I update the status of the incident and set the Service Request as a related item.
I still have some work to do on this, obviously, as it doesn’t yet invoke the runbook that does the actual user creation, and right now there is no trigger to launch the runbook. Once I am happy with each step, I will probably replace the first Get Object to get the incident with a Monitor Object activity.
I tried first just creating the Line Manager Approval, thinking I could create the Compliance approval once the line manager has approved the request, but it turns out that this sets the Service Request to completed. I suspect I will need to set a third approval step, or potentially add a step here to create the run book activity, even if blank.
I did try and avoid using scripts in this runbook (as a personal challenge), but found that, no matter what I did, the reviewer simply did not add correctly unless I used this script.
This opens all sorts of doors now, as we have many internal processes that require approval from many different areas, so I can see we will be reusing these building blocks quite often in future.