Enable SaaS API Data Loss Prevention for ServiceNow Tenants

To apply DLP SaaS API rules to files in a ServiceNow tenant, you must authorize the tenant using the procedure described below. Once the tenant is authorized, for each file residing in the tenant, when Secure Access finds data in violation of an enabled SaaS API rule it will enforce the action of that rule.

Once you have authorized a ServiceNow tenant for Cloud Malware protection, you can create an app in ServiceNow to view the Cisco Quarantine table maintained in ServiceNow.

Table of Contents

Prerequisites

  • Chrome or Firefox (recommended) with pop-up blockers and ad blockers disabled (only for the duration of authorization).
  • The application scope in your ServiceNow deployment must be set to Global.
  • You must obtain the Instance Name for your ServiceNow account.
  • The user performing the installation must use a ServiceNow account with the ais_high_security_admin role and the oauth_user role .
  • You must add an OAuth Client to your ServiceNow deployment

Limitation

  • A tenant that fails to authenticate cannot be deleted.

Find the Instance Name for your ServiceNow admin Account

Perform these steps in your ServiceNow IT Service Management portal.

1.) Navigate to the All tab.

2.) Filter for Stats. Under System Diagnostics>Stats click on Stats.

3.) In the Servlet Statistics page that appears, note the value of the Instance name.

Assign the oauth_user role to the ServiceNow admin Account

Perform these steps in your ServiceNow IT Service Management portal. Make sure your account has the ais_high_security_admin role and the application scope is set to Global.

1.) Navigate to All>User Administration>Users.

2.) Search for the User ID of the admin account and click on it.

3.) Click on the Roles tab.

4.) Click Edit.

5.) Under Collection search for the role oauth_user, select it, and click > to move it to the Roles List.

6.) Click Save.

Add an OAuth Client to Your ServiceNow Deployment

Perform these steps in your ServiceNow IT Service Management portal. Make sure your account has the ais_high_security_admin role and the oauth_user role, and the application scope is set to Global.

  1. Navigate to All>System OAuth>Application Registries
  2. Click on New and select Create an OAuth API endpoint for external clients.
  3. Fill out the form that appears with the following required values (other fields are optional):
  • Name: Enter a name that will be used by the Secure Access ServiceNow Connector as a Client Id.
  • Client Secret: Enter a secret value compliant with your org policy. Take note of this value, as you will need it again when authorizing your ServiceNow tenant with Umbrella.
  • Redirect URL: https://management.api.umbrella.com/admin/v2/cloudApplicationInstances/oauth2/callback
  • Refresh Token Live Span: We recommend entering 31,536,000 seconds, which is one year. Once the refresh token expires, the ServiceNow tenant will need to be re-authorized with Secure Access.
  • Application: Global.
  1. Click Submit.

Authorize a Tenant

  1. Navigate to Admin > Authentication.
  2. Under Platforms, click ServiceNow.
  3. In the DLP subsection, click Authorize New Tenant to add a ServiceNow tenant to your Secure Access environment.

  1. In the ServiceNow Authorization dialog, check the checkbox to verify you meet the prerequisite, then click Next.
  1. Provide a name for your tenant, then click Next.
  1. Enter the following and then click Done.
  1. You are redirected to the ServiceNow OAuth login page and a message will appear notifying you that secure-access-oauth would like to connect to your ServiceNow account. Click Allow.
  2. You are redirected to Secure Access and a message appears showing the integration was successful. It may be up to 24 hours for the integration to be confirmed and appear as Authorized. Click Done to complete.

Revoke Authorization

  1. Under Action, click Revoke. You can revoke any authorized tenant.
  1. Confirm to proceed. The selected account will no longer be authorized.

View the Cisco Quarantine Table in Service Now

ServiceNow maintains information about quarantined files in a table called Cisco Quarantine. Perform these steps in your ServiceNow IT Service Management portal to create an application you can use to view that table:

1.) Filter for Studio. Under System Applications click on Studio.

2.) In the Studio interface, click Create Application.

3.) In the screens that follow, choose the following characteristics for your new application:

A.) Provide an application Name and Description.

Under Advanced settings choose Global.

Click Create.

B.) Under Roles, select ais_high_security_admin.

Click Continue.

C.) For Format select Classic.

Click Continue.

D.) For Data tables select Cisco Quarantine [u_cisco_quarantine].

Click Done with tables.

4.) On the page titled It's time to design your apps, click Start to the right of the listing for your new application.

5.) On the page titled Let's customize the design of your Classic App, click Create.


Enable SaaS API Data Loss Prevention for Microsoft 365 Tenants < Enable SaaS API Data Loss Prevention for ServiceNow Tenants > Enable SaaS API Data Loss Prevention for Slack Tenants