Setting up the ServiceNow approvals integration
Read time: 7 minutes
Last edited: Nov 01, 2024
Overview
This topic explains how to configure the LaunchDarkly ServiceNow integration for flag approvals.
Prerequisites
In order to complete this topic, you must meet the following prerequisites:
- You must have a LaunchDarkly account with a Writer, Admin, Owner, or a custom role that allows the
createIntegration
action on theintegration
resource. - You must have an existing ServiceNow account with the admin role.
- You must have a ServiceNow Client ID. To learn how to create these, search for "Get the Client ID and Client Secret" in ServiceNow's documentation and choose the article for your ServiceNow version.
- You must have a secret for an OAuth API endpoint for external clients. To learn how to create these, search for "Create an OAuth API endpoint for external clients" in ServiceNow's documentation and choose the article for your ServiceNow version.
- You must have an existing ServiceNow standard change template that you want to use for all proposed changes originating from LaunchDarkly. We recommend creating a dedicated template for LaunchDarkly changes. To learn how to propose a new standard change template, search for "Propose a standard change template" in ServiceNow's documentation and choose the article for your ServiceNow version.
- If you do not use a ServiceNow standard change template, we recommend using the Custom approvals integration instead.
- If your ServiceNow instance has IP address access control enabled, you must create inbound ServiceNow IP access control rules corresponding to the
outboundAddresses
from LaunchDarkly's public IP list. To learn how to create IP access control rules, search for "IP Address Access Control" in ServiceNow's documentation and choose the article for your ServiceNow version.
Set up the ServiceNow integration in LaunchDarkly
To use the ServiceNow integration to perform flag approvals, you must first establish an OAuth connection between your LaunchDarkly and ServiceNow accounts.
After you create the connection, you can either:
- configure automatic approvals, or
- configure manual approvals approvals.
To establish an OAuth connection:
- Log in to ServiceNow.
- Complete ServiceNow's instructions for creating an endpoint for external clients, including saving the redirect URL.
- Navigate to the LaunchDarkly Integrations page and find "ServiceNow."
- Click Configure. The integration menu appears.
- Click Connect to ServiceNow. An OAuth provider registration dialog appears.
- Copy the Redirect URL to your clipboard.
- In ServiceNow, set the Redirect URL to the redirect URL saved to your clipboard in step 2. Ensure you are following the directions for your ServiceNow version.
- In LaunchDarkly's OAuth provider registration dialog, enter your ServiceNow host URL. For example, if your ServiceNow instance is hosted at
https://launchdarkly.service-now.com
, enterhttps://launchdarkly.service-now.com
. - Enter the Client ID and Client Secret for the client you created in step 5.
- Click Register OAuth Provider.
- Click Allow. ServiceNow may prompt you to log in to your ServiceNow account at this step.
Your LaunchDarkly and ServiceNow accounts are now connected. Next, enable the ServiceNow approvals integration for your LaunchDarkly environment.
Configure a LaunchDarkly environment to use ServiceNow for approvals
By default, LaunchDarkly's approvals request feature only creates approval requests in LaunchDarkly. You can change this behavior so LaunchDarkly creates change requests in ServiceNow. To do this, you must update your chosen environment's approval settings.
Here's how:
- Click the project dropdown. The project menu appears:
- Select Project settings.
- Select Environments. The Environments list appears.
- Click the overflow menu on the environment you wish to configure.
- Select Approval settings. The "Approval settings for environment" panel appears.
- Change the Approval system from "LaunchDarkly" to "ServiceNow."
- Select the ServiceNow standard change template you wish to utilize for all proposed changes in this environment. All change requests created by LaunchDarkly will include relevant details for the Short description, Justification, and Requested by fields. We recommend choosing a template with all other change request fields pre-populated.
- (Optional) Fill in the Detailed information column name field with the name of the ServiceNow Change Request column you would like LaunchDarkly to populate with detailed approval request information. This field defaults to
justification
if you do not provide a value. - (Optional) Select the Require approvals for this environment checkbox to require approval for flag targeting changes in this environment. If you select this, then you must also choose:
- Whether to require approval for all flags, or only for flags matching the provided tags. While tags are global across environments, this setting applies only to flags in the current environment.
- Whether to allow scheduled changes for a flag to be deleted without approval in this environment.
- Choose whether to Automatically apply flag changes in LaunchDarkly when associated external change requests are approved.
- Click Save settings.
Create a LaunchDarkly workflow in ServiceNow for manual approvals
You can create your workflow using either of these two ServiceNow workflow creation methods:
- Flow Designer
- Workflow Editor
To learn more, search for "Flow Designer" and "Workflow Editor" in ServiceNow's documentation and choose the articles for your ServiceNow version.
The screenshots below are from the Flow Designer, but you can create a workflow the same triggers, actions, and conditions using the Workflow Editor if you prefer.
To create a LaunchDarkly approvals workflow in ServiceNow:
- Create a new Workflow Trigger for record "Created" on the "Change Request [change_request]" table. To learn how to do this, search for "Create Security Operations workflow triggers" in ServiceNow's documentation and choose the article for your ServiceNow version.
- Set two conditions on your trigger: "State"
is
"New" and "Standard Change Template version," "Template," "Name"is
"LaunchDarkly template."
- Add a new "Ask For Approval" Action on your Trigger Change Request Record and set the approval rules.
- Add an
if
condition that requires Approval Stateis
"Approved."
- Add two "Update Change Request Record" Actions as extensions of the
if
condition.
- Set the first Action to "Update Record" with "State" "Scheduled" on the latest version of the triggering Change Request Record.
- Set the second Action to "Update Record" with "State" "Implement" on the latest version of the triggering Change Request Record.
ServiceNow requires change request records to move through states in a certain order, so you must create two separate actions that move the record "State" first to "Scheduled" and then to "Implement." The record must end in the "Implement" state for LaunchDarkly to process the approval.
- As an extension of the
else
condition, add an "Update Change Request Record" Action that moves the "State" to "Canceled." LaunchDarkly uses this state to determine that the approval request has been rejected.
You can now request manual approvals in ServiceNow for flag changes in LaunchDarkly.
Create a LaunchDarkly workflow in ServiceNow for automatic approvals
Automatic approval workflows create a correlating ServiceNow Change Request for any LaunchDarkly flag changes. Automatic approvals are for record-keeping only and no actual approval is requested. Automatic approval workflows resemble manual approval workflows but without the approval Action.
To create an automatic approval workflow:
- Create a new Workflow Trigger for record "Created" on the "Change Request [change_request]" table. To learn how to do this, search for "Create Security Operations workflow triggers" in ServiceNow's documentation and choose the article for your ServiceNow version.
- Set two conditions on your trigger:
- "State"
is
"New" - "Standard Change Template version," "Template," "Name"
is
"LaunchDarkly auto-approve template"
- Add two "Update Change Request Record" Actions as extensions of the
if
condition. - On the first Action, set the Action to "Update Record" on the latest version of the triggering Change Request Record. Set "State" to "Scheduled."
- On the second Action, set the Action to "Update Record" on the latest version of the triggering Change Request Record. Set "State" to "Implemented."
ServiceNow requires change request records to move through states in a certain order, so you must create two separate actions that move the record "State" first to "Scheduled" and then to "Implement." The record must end in the "Implement" state for LaunchDarkly to be able to process the record.
You can now track your LaunchDarkly flag changes in ServiceNow.