.png)
Integrate ServiceNow with the YED API to allow your workforce to request their YubiKey in the same way they make other IT requests
Explore the docs »
·
Report Bug
·
Request Feature
Table of contents
This project will demonstrate how to integrate the YubiEnterpriseDelivery API into a ServiceNow custom application. The end goal of this project is to allow your users to use your standard IT Services tool to request a YubiKey directly from your YubiEnterprise inventory.
Yubico Enterprise Delivery (YED) is a global service that helps organizations deliver YubiKeys to remote and in-office users. Organizations can automate delivery by integrating the YED REST API into their IT and service catalog flows.
ServiceNow IntegrationHub is a centralized place to build and manage integrations which is made up of a series of “Spokes”. Spokes are self-contained scoped applications that contain all of the artifacts that make up an integration, primarily “Actions”.
Disclaimer - This project is not meant to act as a production ready solution for all organizations. It is meant to demonstrate how sample Actions/Flows that are capable of making YED requests.
Prerequisites are covered in more detail in the full walkthrough for setting up a custom application.
Provided in the link below is a full walkthrough which will guide you to:
- Create a custom application
- Create a new catalog item for ordering YubiKey
- Create the necessary Flows and Actions
- Integrate the Flow with an approval process
- Error reporting, and alerts
Note - There will be specific business requirements for your implementation. This guide will demonstrate our best practices to get you to a working solution - After you complete the guide please begin to experiment to tweak the solution to adhere to your requirements.
Because this example is meant to act as a demo, there are a few items that need to be considered to make your deployment "production ready".
This application will allow a user to order as many keys as they desire. Additional logic will need to be built to limit the number of orders based on your requirements
Our example assumes that your users information is all stored within ServiceNow. With the reality of work-from-home it's possible that the address in the users' ServiceNow account is not where they are currently working from.
You may need to create your own Catalog Form that allows a user to enter in their address.
Other items to consider for this are:
- Telephone
- Product type and quantity
Don't forget to modify the data inputs when passing the request to your YED Action
If you are allowing the user to self enter their own address, then we advise that you perform some address validation on their input. YED has a method, /validate-address, which will indicate whether an address is shippable for Yubico.
Pre-validating an address before a submission will prevent an influx of shipments appearing in the console that will not ship due to address errors
The current demo is configured for a single region PO. You will need to use the proper API token for the user’s region, e.g. North America / Canada is one region, EMEA is a different region and each have their own associated API token.
More information can be found here
It should be noted that orders made through the YED API are made directly on your production inventory. YED does not currently support "sandbox" environments with fake data/inventory. During testing and development it is crucial that you not only delete orders directly from this application, but you must login to the YED Console to verify the order was removed, and to delete any lingering test shipments - Otherwise, your order will be processed and a key from your inventory will be shipped.
Orders are not processed for shipment until 3AM PST - So ensure your developers/testers are instructed to delete their shipments prior to closing their work day. This time is centrally configured across YED and cannot be edited.
If organizations are shipping keys to both the US/Canada and to EMEA, two API tokens are required, as both regions are treated as different organizations.
A user will not be able to perform operations in a EU YED instance while logged in to their US/CAN instance (the same is true of the inverse).
Before implementing a solution you should consider how many YED organizations your company will be utilizing, and how to guide your users to the appropriate portal with the correct API key for their region.
This site will be updated in the future with Multi-Region PO Support.
More information on this can be found here
There might be two reasons for this - You might not have configured your API secret, or your YED API URL is incorrect. See this section on creating credential aliases
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the Apache-2.0 License. See LICENSE for more information.
Project Link: https://github.com/YubicoLabs/yed-spoke-example