Service Now DUO Integration

sachin_namjoshi · ‎02-19-2019

DUO Security application allows users to access their company network remotely using DUO token.

DUO provides REST API which can be consumed by external application to create users, enroll users, creating token for users in DUO application.

This document mentions detailed steps to integrate service now with DUO REST API so that you can use service now catalog item, workflow and python scripts to automate below use cases for service now DUO Integration.

A) Create Users

B) Enroll User

C) Adding User to DUO Group ( File Generation)

Purpose of this blog is to document code needed to integrate Service now with DUO REST API

A) Create User

Python Script:

"""

JSON format for the input parameters, all paremeters are required

"{

'ikey':'xxx',

'skey':'xxx',

'host':'api-xxxxxx.duosecurity.com',

'username':'xxxx',

'realname':'Tom Alter',

'email':'tomalter@gmail.com',

'alias1':tomr', #login name

'alias2':'global\tomr',

'notes':'test account',

'firstname':'Tom',

'lastname':'Alter'

}"

ARGS

ikey - integration key

skey - secret key

host - admin api url

username - Username

realname - User's real name (optional)

status - User's status, defaults to ACTIVE

notes - Comment field (optional)

email - Email address (optional)

firstname - User's given name for ID Proofing (optional)

lastname - User's surname for ID Proofing (optional)

alias1..alias4 - Aliases for the user's primary username (optional)

Returns newly created user object.

"""

#!/usr/bin/python

from __future__ import absolute_import

from __future__ import print_function

import pprint

import sys

import json

import duo_client

from six.moves import input

#jsonData = json.loads(sys.argv[1].replace("'", '"'))

#print(str(jsonData))

IKEY=sys.argv[1]

SKEY=sys.argv[2]

HOST=sys.argv[3]

USERNAME=sys.argv[4]

REALNAME=sys.argv[5]

EMAIL=sys.argv[6]

ALIAS1=sys.argv[7]

ALIAS2=sys.argv[8]

NOTES=sys.argv[9]

FIRSTNAME=sys.argv[10]

LASTNAME=sys.argv[11]

# Configuration and information about objects to create.

admin_api = duo_client.Admin(

ikey=IKEY,

skey=SKEY,

host=HOST,

)

# Create and return a new user object.

user = admin_api.add_user(

username=USERNAME,

realname=REALNAME,

email=EMAIL,

alias1=ALIAS1,

alias2=ALIAS2,

notes=NOTES,

firstname=FIRSTNAME,

lastname=LASTNAME,

)

#print('Created user:')

pprint.pprint(user)

Workflow Activity To Run Python Script:

var dataObj = {

'ikey': 'xxx',

'skey': 'xxx',

'host': 'xxx.duosecurity.com',

'username': current.variable_pool.requested_for.email,

'realname': current.variable_pool.requested_for.name,

'email': current.variable_pool.requested_for.email,

'alias1': current.variable_pool.requested_for.user_name,

'alias2': 'global\\'+current.variable_pool.requested_for.user_name,

'notes': current.number,

'firstname': current.variable_pool.requested_for.first_name,

'lastname': current.variable_pool.requested_for.last_name

};

var filePath = "scripts\\Python\\DUO\\create_user.py";

var midServer = 'mid.server.'+gs.getProperty("mid.server.rba_default");

var commandLine = "python "+filePath +" "+ dataObj.ikey +" "+ dataObj.skey +" "+ dataObj.host +" "+ dataObj.username +' \"'+ dataObj.realname +'\" ' +dataObj.email +" "+ dataObj.alias1 +" "+ dataObj.alias2 +' \"'+ dataObj.notes +'\"'+" "+ '\"' +dataObj.firstname+ '\"' +" "+ '\"' +dataObj.lastname+ ' \"';

var eccResponse = new CommandProbe(gs.getProperty("mid.server.rba_default"), "127.0.0.1").execute(true, commandLine);

var retObj = new Object();

retObj.output = JSON.stringify(eccResponse.output).replace("\n","");

retObj.error = eccResponse.error;

if(retObj.error && retObj.error != null){

current.work_notes = retObj.error;

activity.result = "failed";

} else{

activity.result = "success";

var jsonOutput = new JSON().decode(JSON.parse(retObj.output));

workflow.scratchpad.user_id = jsonOutput .user_id;

}

B) Enroll User

Python Script:

"""

JSON format for the input parameters, all paremeters are required

"{

'ikey':'xxx',

'skey':'xxx',

'host':'api-xxxxxx.duosecurity.com',

'username':'tomalter@gmail.com',

'email':'tomalter@gmail.com'

}"

ARGS

ikey - integration key

skey - secret key

host - admin api url

username - Username

email - Email address

valid_secs - Seconds before the enrollment link expires

(if 0 it never expires)

Returns nothing

"""

#!/usr/bin/python

from __future__ import absolute_import

from __future__ import print_function

import pprint

import sys

import json

import duo_client

from six.moves import input

#jsonData = json.loads(sys.argv[1].replace("'", '"'))

#print(str(data))

IKEY=sys.argv[1]

SKEY=sys.argv[2]

HOST=sys.argv[3]

USERNAME=sys.argv[4]

EMAIL=sys.argv[5]

# Configuration and information about objects to create.

admin_api = duo_client.Admin(

ikey=IKEY,

skey=SKEY,

host=HOST,

)

#enroll user and enrollment email

admin_api.enroll_user(

username=USERNAME,

email=EMAIL,

valid_secs=86400,

)

#print('Enrollment email has been to user at ', user['email'])

Workflow Activity to call Python Script

var dataObj = {

'ikey': 'xxx',

'skey': 'xxx',

'host': 'xxx.duosecurity.com',

'username': current.variable_pool.requested_for.email,

'email': current.variable_pool.requested_for.email

};

var filePath = "scripts\\Python\\DUO\\enroll_user_and_email.py";

var midServer = 'mid.server.'+gs.getProperty("mid.server.rba_default");

var commandLine = "python "+filePath +" "+ dataObj.ikey +" "+ dataObj.skey +" "+ dataObj.host +" "+ dataObj.username +" "+ dataObj.email;

var eccResponse = new CommandProbe(gs.getProperty("mid.server.rba_default"), "127.0.0.1").execute(true, commandLine);

var retObj = new Object();

retObj.output = JSON.stringify(eccResponse.output).replace("\n","");

retObj.error = eccResponse.error;

if(retObj.error && retObj.error != null){

current.work_notes = retObj.error;

activity.result = "failed";

} else{

activity.result = "success";

}

C). Add User to DUO Group

Python Script:

"""

JSON format for the input parameters, all paremeters are required

"{

'ikey':'xxx',

'skey':'xxx',

'host':'api-xxxxxxxx.duosecurity.com',

'user_id':'xxx',

'group_id':'xxx'

}"

ARGS

ikey - integration key

skey - secret key

host - admin api url

user_id - User ID

group_id - Group ID

Returns nothing

"""

#!/usr/bin/python

from __future__ import absolute_import

from __future__ import print_function

import pprint

import sys

import json

import duo_client

from six.moves import input

#jsonData = json.loads(sys.argv[1].replace("'", '"'))

#print(str(data))

IKEY=sys.argv[1]

SKEY=sys.argv[2]

HOST=sys.argv[3]

USERID=sys.argv[4]

GROUPID=sys.argv[5]

# Configuration and information about objects to create.

admin_api = duo_client.Admin(

ikey=IKEY,

skey=SKEY,

host=HOST,

)

#add user to group

admin_api.add_user_group(

user_id=USERID,

group_id=GROUPID,

)

Workflow Activity to execute Python Script:

var dataObj = {

'ikey': 'xxx',

'skey': 'xxx',

'host': 'api-xxx.duosecurity.com',

'user_id': workflow.scratchpad.user_id,

'group_id': 'xxx'

};

var filePath = "scripts\\Python\\DUO\\add_user_to_group.py";

var midServer = 'mid.server.'+gs.getProperty("mid.server.rba_default");

var commandLine = "python "+filePath +" "+ dataObj.ikey +" "+ dataObj.skey +" "+ dataObj.host +" "+ dataObj.user_id +" "+ dataObj.group_id;

var eccResponse = new CommandProbe(gs.getProperty("mid.server.rba_default"), "127.0.0.1").execute(true, commandLine);

var retObj = new Object();

retObj.output = JSON.stringify(eccResponse.output).replace("\n","");

retObj.error = eccResponse.error;

if(retObj.error && retObj.error != null){

current.work_notes = retObj.error;

activity.result = "failed";

} else{

activity.result = "success";

}

Regards,

Sachin

ServiceNow Community servicenow community

Service Now DUO Integration

Dynamic Script Action within Flow Designer

Washington DC Features for Developers

A Huge Success! Recap of Our ServiceNow Delhi Meetup Q1-2024