If I want to track users having accounts for different SaaS products in ServiceNow (without using SAM Pro), what’s the recommended MVP / crawl practice for where to store and maintain this data? Feels like Service Models under the Product Catalog are a component of it, though I don’t have a full picture on if that’s correct and where to actually track someone having access to an online only website/application/SaaS
I’d be interested in this too.
cmdb_software_instance and cmdb_ci_spkg
That’s where we’ve tracked it when the customer does not have SAM Pro
Interesting. What made you decide there since the access is (usually) not tied to a piece of equipment? I was thinking about the alm_entitlement_user table, but may keep things as individual Requested Items due to time constraints and other needs
You can always RYO in cmdb_ci 
- but why not just use cmdb_ci_business_app for your SaaS identification? We’ve created a cmdb_ci_user_access that serves as a cross reference from cmdb_ci_business_app and cmdb_ci_user_access, that has a column for the user account on that system
Apologies…you are correct, I misread your question. We track software installed on hardware through the combination of cmdb_software_instance and cmdb_ci_spkg. For software products we track them in cmdb_software_product_model with licensing for those products in alm_license and the end user (entitlement) licensing in alm_entitlement_user
All good insight! It hit me earlier today the irony of not knowing how to track access or entitlements for SaaS/PaaS systems when SN is a PaaS itself!
What I’m taking away is that there are some good areas to store access to systems in ServiceNow, then it’s a matter of ensuring your applications are documented correctly, and building a process to help maintain accurate tracking of access if an integration with the SaaS/PaaS isn’t setup or doesn’t exist
I mean, it would be awesome if sn came with “here’s your licesning” in your instnace pre-configurd.
But contracts are hard
Absolutely. Get why SAM Pro is needed for that level. Would love a “lite” version that’s just “does this person have access, yes or no, if ever yes, what were the dates and times, and who approved (if needed)”
Shameless plug, but in case it fits your needs, checkout our store app (RBEAM). It’s an IGA-lite tool that allows customers to configure what systems (software) they need to track access to (who has access to what), but goes even deeper (eg., like Oracle Financials and all the roles / responsibilities one could have within Oracle Financials). Using RBEAM, we allow customers to define which Entitlements are tracked and which roles within those entitlements each person has access too. https://www.tygrconsulting.com/entitlement-access-management You’ll have transactions (RITMs) with all requests for access changes, who authorized it and when access (de)provisioned, etc. Interactive dashboard to support reporting / audits, etc. Check it out
