Skip to main content

Integrate change requests with ITSM

Maarten Decat
Updated

Elimity Insights allows users to indicate necessary changes in the IAM data, like an AD user that should be deleted. Those change requests are stored by Elimity Insights. In addition, you can also configure Elimity Insights to create a ticket in the ITSM system of your choice by sending out an email to an inbox for every new change request.

This article describes how to set up this integration and what format you can expect in the emails.

Configuring Elimity Insights

By default, Elimity Insights does not send out any email when a new change request is created. To configure Elimity Insights to do so, add the following configuration parameter to your configuration file:

# AccessReviewRequestedChangesEmail
# ----------------------------
#
# Data type: Email address
#
# Status: Optional
#
# Description: The email address to which notifications should be sent for 
# every change requested in an access review or in the UI.
AccessReviewRequestedChangesEmail: example@youritsmsystem.com

The format of the change request emails

The following sections provide examples of the emails that will be sent out by Elimity Insights for a new change request.

Email subject

The subject of the emails below will be of the following format if the change was requested in the UI of Elimity Insights:

Elimity / Your company: requested change

or of the following format if the change was requested in an access review:

Elimity / Your company: access review - requested change

Email body

The content type of the body of a change request email is text/plain. No HTML is included.

Example: Entity removal

The following is an example of an email that is sent out by Elimity Insights when a user requested an entity to be removed:

Source: Active Directory
Operation: Remove User
User - id: CN=User1,OU=Users,OU=Company,DC=company,DC=be
User - name: User1
User - details: https://example.elimity.com/sources/1/entity-types/ad_user/entities/CN=User1%2COU=Users%2COU=Company%2CDC=company%2CDC=be

Change - requested by: someone@elimity.com
Change - requested at: 2023-10-06T12:10:48Z
Change - comment: example reason
Change - reference: https://example.elimity.com:8081/change-requests?entityRemovalRequestId=8

Example: Attribute change

The following is an example of an email that is sent out by Elimity Insights when a user requested an attribute assignment to be changed:

Source: Active Directory
Operation: Change attribute Company for User
User - id: CN=User1,OU=Users,OU=Company,DC=company,DC=be
User - name: User1
Original value: Value before
Corrected value: Value after

Change - requested by: someone@elimity.com
Change - requested at: 2023-10-06T12:11:21Z
Change - comment: example reason
Change - reference: https://example.elimity.com/change-requests?assignmentChangeRequestId=7
User - details: https://example.elimity.com/sources/2/entity-types/ad_user/entities/CN=User1%2COU=Users%2COU=Company%2CDC=company%2CDC=be

Example: Relationship change

The following is an example of an email that is sent out by Elimity Insights when a user requested a relationship to be added (e.g., an AD group that should be assigned to an AD user) or removed (e.g., an AD group that should be revoked for an AD user):

Source: Active Directory
Operation: Remove assignment of Group to User
User - id: CN=User1,CN=Users,DC=company,DC=be
User - name: User1
Group - id: CN=AD Migrators,OU=Groups,OU=Company,DC=company,DC=be
Group - name: AD Migrators

Change - requested by: someone@elimity.com
Change - requested at: 2023-10-06T12:11:59Z
Change - comment: example reason
Change - reference: https://example.elimity.com/change-requests?relationshipRemovalRequestId=5
User - details: https://example.elimity.com/sources/2/entity-types/ad_user/entities/CN=User1%2CCN=Users%2CDC=company%2CDC=be
Group - details: https://example.elimity.com/sources/2/entity-types/ad_group/entities/CN=AD%20Migrators%2COU=Groups%2COU=Company%2CDC=company%2CDC=be

Example: Extra fields for changes requested in an access review

If a change has been requested in an access review, the emails will also contain the following information regarding that access review:

Campaign - id: 1
Campaign - name: Example campaign
Access review - id: 20
Access review - created by: someone@elimity.com
Access review - created at: 2023-10-06
Access review - comment: Some comment
Campaign - details: https://local.elimity.com:8081/campaigns/1
Access review - details: https://local.elimity.com:8081/campaigns/1/access-reviews/20
Change - reference: https://local.elimity.com:8081/campaigns/1/access-reviews/20?columnEntityId=CN%3DAdmin_ADV_USR_Crow3ndt%2COU%3DServer+Advanced+Users+Groups%2COU%3DAdmins%2COU%3DCompany%2CDC%3Dcompany%2CDC%3Dbe&rowEntityId=CN%3DMigration.8f3e7716-2011-43e4-96b1-aba62d229136%2CCN%3DUsers%2CDC%3Dcompany%2CDC%3Dbe

 

 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk