Integrating a Workflow with an ITSM Solution

Overview

Workflow Integrator (WI) enables you to integrate a SecureChange workflow with an external system using REST API requests and responses. To integrate the SecureChange workflow, you must define when and/or where in the workflow an API request should be sent to the external system, and which payload should be sent.

There is an integration point in each instance in the workflow that SecureChange needs to connect with an external system. You can define multiple integration points in a single workflow.

The integration points can be created for:

  • a step in the SecureChange workflow.

  • a general trigger that applies to the entire workflow.

Integrating the workflow includes the following stages:

  1. Select the SecureChange workflow and default outbound server.

  2. If the workflow fails to send the request to the remote server, select a recipient who will receive a notification email message.

    • Ticket Request/Step Handler: WI retrieves the relevant user from SecureChange.

    • Recipients: Type a valid email address for any user who needs to be notified of the workflow failure.

    By default, this field is disabled. To enable it, set the Outgoing SMTP Server and Sender email address in the Email Notification section in the Settings tab.

  3. Select whether the API request should be sent for a Step or a general Trigger in the workflow.

  4. Select the step or trigger.

  5. For steps only, select where to create the integration point from the following:

    1. Inbound: Integration point takes place when actions first become available in the workflow step.

    2. Outbound: Integration point takes place when actions are no longer available for the workflow step.

    3. Step Trigger: Integration point takes place when a specific trigger occurs in the step.

  6. Configure the settings for the integration point.

Steps 3-6 need to be repeated for each integration point.

If there is a conflict between a general trigger and a step trigger, WI sends the payload defined for the step trigger.

After you define and save the workflow, WI does the following steps each time an integration point is triggered in SecureChange:

  1. Performs the actions defined for the integration point.

  2. Sends the SecureChange information to the external system as a JSON template.

  3. Updates the relevant fields in the SecureChange workflow with the response from the external system.

Steps 2 and 3 depend on the integration point you created. You can also create an integration point in which SecureChange performs a set of predefined actions before and/or after the step, but does not contact an external system, such as not sending the request if the previous step was skipped or only sending an email to the ticket requester.

Workflows are integrated in the Workflow menu.

Prerequisites

Before you can integrate a SecureChange workflow, you must have the following:

  • The SecureChange workflow you want to integrate.

  • At least one external system with which to integrate. The external system needs to be able to receive requests and send responses in JSON format.

You also need to do the following:

  • Map the SecureChange placeholders to the external systems. You will use this mapping to create the payload that WI sends to the external systems. The Helper Placeholders page in the app lists all non-field related placeholders and placeholders associated with complex field data. In addition to the placeholders, you can also use field names as placeholders.
  • If you want to select a recipient who will receive a notification when a workflow fails, set the Outgoing SMTP Server and Sender email address in the Email Notification section in the Settings tab.

Integrate a SecureChange Workflow with an External System

  1. Click .

  2. From the Actions () list, select New Workflow.

  3. The following page appears.

  4. Select the following:

    • Workflow: The SecureChange workflow you want to integrate.

    • Outbound Server: The default outbound server to which WI should send the API requests. If you are integrating the workflow with multiple external systems, you can override this server when configuring the individual integration points.

  5. Select the email recipients who will receive notifications if a workflow fails.

    • Ticket Request/Step Handler: WI retrieves the relevant user from SecureChange.

    • Recipients: Type a valid email address for any user who needs to be notified of the workflow failure.

  6. Create an integration point:

    1. Select which type of integration point you want to create:
      • Step
      • OR

      • Trigger
    2. Select the workflow trigger or the workflow step.

      The workflow triggers include the following:

    3. Trigger

      Description

      Autoclose

      Custom trigger activated when the ticket is closed, but has not reached the last step of the ticket. This usually happens when the rule is fully implemented.

      Close Ticket is closed.
      Cancel Ticket is canceled.
      Reject Ticket is rejected.
      Redo Ticket is sent back to the previous step in the workflow.
      Reopen Ticket is reopened.
      Pre-assignment script

      Integration point is triggered before the step is assigned to a user.

      If you select this option, copy the following script to the Assignments tab of the relevant step in SecureChange:
      /opt/tufin/extensions/workflowintegrator/bin/rest_integration

      Automation failed An automatic step fails.
    4. If you selected Step, select where to create the integration point from the following:

      • Inbound

      • Outbound

      • Step Trigger

    5. With automatic steps, you can only create integration points for step triggers.

      If you have a step that has been skipped and the preceding step is integrated with an Outbound option, the outbound integration will not function due to SecureChange limitations. To address this, you can create an additional step before the skipped step and choose to advance the ticket to the next step in WI.
    6. In the General row, configure the following settings:

    7. Field

      Description

      Trigger Type

      Only available for step triggers.

      Select the trigger for sending the API request to the external system.

      If the step trigger conflicts with the workflow trigger, WI sends the payload defined for the step trigger

      See step 5b for trigger descriptions.

      With automatic steps, you can only select Automation Failed as the step trigger.

      URL path

      The URL to path to the external system

      If you do not want to send a request to an external system, leave this field empty.

      Request method

      The REST API request type:

      • POST: Creates a request.

      • PUT:Updates a request.

      • GET: Retrieves data and adds it to the ticket. Only available for Inbound.

      If you do not want to send a request to an external system, leave this field empty.

      Before request

      Select the actions that you want SecureChange to perform before the request is sent to the external system. You can also select actions to perform even if there is no request to send to the external system, such as sending an email or advancing to the next step.

      If you selected sending an email as a template, you will need to create an email template in the Email row (g in the image).

      After request Select the actions that you want SecureChange to perform after the request is sent to the external system.
      Overwrite server

      If you want the payload to be sent to a different outbound server than the one you defined as the default outbound server, in step 2, select the server to which the API request should be sent.

      This is relevant if you are working with multiple external systems.

    8. In the Upstream row, paste the mapping between the external system and SecureChange for the placeholders you want to send to the external system. This is the payload that is sent when SecureChange reaches the relevant integration point in the workflow.

      WI recognizes placeholders because they are wrapped with hashtags (#). WI tries to resolve all placeholders, but if it does not find the value for a given placeholder, it sends the JSON payload, including the hashtags, to the remote server.

    9. For example:

      {

      "risk_results": "#risk_status#",

      "ticket_number": "#Enter your request#",

      Click the Read more link for more information on building the JSON template.

    10. If you are creating a step integration point that is inbound, in the Response row, paste the mapping between the response from the external system and the SecureChange placeholders where you want to save the information (see previous step for example).

    11. In the Email row, create an email template. This is the email that will be sent if you defined sending an email as an action in the Before request and After request fields in the General row. For more information on how to build an email template, click the Read More link.

    12. Go to the General row and toggle the Enable switch to On.
  7. Repeat step 5 for each integration point you want to create.

  8. Click Save.