Enable SaaS API Data Loss Protection for ServiceNow Tenants
To apply DLP SaaS API rules to files in a ServiceNow tenant, you must authorize the tenant using the procedure described below. Once the tenant is authorized, for each file residing in the tenant, when Umbrella finds data in violation of an enabled SaaS API rule it will enforce the action of that rule.
Once you have authorized a ServiceNow tenant for Cloud Malware protection, you can create an app in ServiceNow to view the Cisco Quarantine table maintained in ServiceNow.
Table of Contents
- Prerequisites
- Limitation
- Find the Instance Name for your ServiceNow admin Account
- Assign the oauth_user role to the ServiceNow admin Account
- Add an OAuth Client to Your ServiceNow Deployment
- Authorize a Tenant
- Revoke Authorization
- View the Cisco Quarantine Table in Service Now
Prerequisites
- Chrome or Firefox (recommended) with pop-up blockers and ad blockers disabled (only for the duration of authorization).
- The application scope in your ServiceNow deployment must be set to Global.
- You must obtain the Instance Name for your ServiceNow account.
- The user performing the installation must use a ServiceNow account with the ais_high_security_admin role and the oauth_user role .
- You must add an OAuth Client to your ServiceNow deployment
Limitation
- A tenant that fails to authenticate cannot be deleted.
Find the Instance Name for your ServiceNow admin Account
Perform these steps in your ServiceNow IT Service Management portal.
1.) Navigate to the All tab.
2.) Filter for Stats. Under System Diagnostics>Stats click on Stats.
3.) In the Servlet Statistics page that appears, note the value of the Instance name.
Assign the oauth_user role to the ServiceNow admin Account
Perform these steps in your ServiceNow IT Service Management portal. Make sure your account has the ais_high_security_admin role and the application scope is set to Global.
1.) Navigate to All>User Administration>Users.
2.) Search for the User ID of the admin account and click on it.
3.) Click on the Roles tab.
4.) Click Edit.
5.) Under Collection search for the role oauth_user, select it, and click > to move it to the Roles List.
6.) Click Save.
Add an OAuth Client to Your ServiceNow Deployment
Perform these steps in your ServiceNow IT Service Management portal. Make sure your account has the ais_high_security_admin role and the oauth_user role, and the application scope is set to Global.
- Navigate to All>System OAuth>Application Registries
- Click on New and select Create an OAuth API endpoint for external clients.
- Fill out the form that appears with the following required values (other fields are optional):
- Name: Enter a name that will be used by the Umbrella ServiceNow Connector as a Client Id.
- Client Secret: Enter a secret value compliant with your org policy. Take note of this value, as you will need it again when authorizing your ServiceNow tenant with Umbrella.
- Redirect URL: https://management.api.umbrella.com/admin/v2/cloudApplicationInstances/oauth2/callback
- Refresh Token Live Span: We recommend entering 31,536,000 seconds, which is one year. Once the refresh token expires, the ServiceNow tenant will need to be re-authorized with Umbrella.
- Application: Global.
- Click Submit.
Authorize a Tenant
- Navigate to Admin > Authentication.
- Under Platforms, click ServiceNow.
- In the DLP subsection, click Authorize New Tenant to add a ServiceNow tenant to your Umbrella environment.
- In the ServiceNow Authorization dialog, check the checkbox to verify you meet the prerequisite, then click Next.
- Provide a name for your tenant, then click Next.
- Enter the following and then click Done.
- Account ID: Enter the Instance Name for your ServiceNow account.
- Client ID: Enter the Name you supplied in Step 3 of Add an OAuth Client to Your ServiceNow Deployment.
- Client Secret: Enter the Client Secret you supplied in Step 3 of Add an OAuth Client to Your ServiceNow Deployment.
- You are redirected to the ServiceNow OAuth login page and a message will appear notifying you that umbrella-oauth would like to connect to your ServiceNow account. Click Allow.
- You are redirected to Umbrella and a message appears showing the integration was successful. It may be up to 24 hours for the integration to be confirmed and appear as Authorized. Click Done to complete.
Revoke Authorization
- Under Action, click Revoke. You can revoke any authorized tenant.
- Confirm to proceed. The selected account will no longer be authorized.
View the Cisco Quarantine Table in Service Now
ServiceNow maintains information about quarantined files in a table called Cisco Quarantine. Perform these steps in your ServiceNow IT Service Management portal to create an application you can use to view that table:
1.) Filter for Studio. Under System Applications click on Studio.
2.) In the Studio interface, click Create Application.
3.) In the screens that follow, choose the following characteristics for your new application:
A.) Provide an application Name and Description.
Under Advanced settings choose Global.
Click Create.
B.) Under Roles, select ais_high_security_admin.
Click Continue.
C.) For Format select Classic.
Click Continue.
D.) For Data tables select Cisco Quarantine [u_cisco_quarantine].
Click Done with tables.
4.) On the page titled It's time to design your apps, click Start to the right of the listing for your new application.
5.) On the page titled Let's customize the design of your Classic App, click Create.
Enable SaaS API Data Loss Protection for Microsoft 365 Tenants < Enable SaaS API Data Loss Protection for ServiceNow Tenants > Manage SaaS API Data Loss Prevention for Slack Tenants
Updated about 2 months ago