Design Considerations

Information that will help you design and plan the implementation of 1E ITSM Connect in your organization.

This page is part of the design phase of implementation.

The implementation of 1E ITSM Connect is straightforward. Assuming you have already implemented the 1E infrastructure and the 1E Core, the only significant choices required before installing 1E ITSM Connect are described below.

The Compatibility matrix for 1E and ServiceNow integration applications table contains details of all currently supported 1E ServiceNow integration apps. You can use this table as a reference to ensure the correct combination of the app for your needs. Note that each app is dependent on 1E Core app and a 1E installation.

For a full list of requirements, please refer to Requirements. Once you have made the implementation choices below, satisfied Requirements, completed Preparation steps, then you can continue with Installing.

1E Users and Roles

1E ITSM Connect provides ServiceNow with access to 1E instructions in order to ask questions about devices and run actions. It does this by using a proxy user specified in 1E which act on behalf of the 1E ITSM Connect app user in ServiceNow.

You have a choice of how to configure the proxy user in 1E, depending on whether you want ServiceNow users to run any instruction on any device, or only have access to some instructions or some devices. Either way, your 1E Administrator will need to create a 1E user with its own domain account. This proxy user can be regarded as a service account and does not require an email address.

Within 1E, access to instructions and devices are permissioned using roles.

The following table describes the 1E ITSM Connect app roles:

Role name

Additional ServiceNow roles required

Description

x_1e_connect.Tachyon_Admin

<None>

This role allows its users to configure the 1E ITSM Connect app, in addition to having the same rights as the x_1e_connect.Tachyon_User role.

ServiceNow admin users must change their application scope to 1E ITSM Connect in order to configure the app, and retrieve instructions.

x_1e_connect.Tachyon_User

ITIL (for access to ITSM incidents)

This role grants its users access to incidents and the ability to run 1E instructions.

This role maps on to the proxy 1E actioner.

x_1e_connect.Tachyon_Approver

<None>

This role allows its users to approve 1E instructions that require approval.

x_1E_core_connect.user

<None>

When adding any of the above roles to a user, the x_1E_core_connect.user role is also inherited automatically. Refer to Requirements for more details.

Instruction sets

1E question and action instructions are permissioned by assigning their instructions sets to roles. You can permission the proxy roles for All sets or specific instruction sets.

You will very likely select specific instruction sets if you are using 1E for purposes other than ServiceNow, for example integration of 1E with other 1E products such as Shopping, AppClarity, NightWatchman and more.

Your 1E administrator will need to upload instructions into 1E, and assign them to instruction sets. Each instruction can be assigned to only one instruction set. Typically, instruction set names match the names of the Product Pack zips, which tend to represent their use-cases (Product Packs are available on the 1E Exchange and uploaded into 1E by an Instruction Set administrator). Users are able to see the names of instruction sets, which helps when searching for instructions to use. Therefore, you should avoid the temptation to consolidate instructions into fewer instructions sets just to simplify the one-off process of configuring roles.

Your 1E installation should already have some instruction sets available, with at least the Platform verification instructions used to verify the installation of 1E and its Agents.

A 1E user with either Full Administrator or All Instructions Actioner role is required to add product packs; add, modify and delete instruction sets; and delete instruction definitions.

You do not need this role if a 1E administrator has already added instruction definitions for you to use.

Refer to the relevant 1E version documentation for how to upload instructions and manage Instruction Sets.

Management groups

Management groups are used by 1E as logical holders for the grouping of devices. The management groups have the following properties:

  • Each device known to 1E can be assigned to any number of management groups, or be left unassigned.

  • Roles can be associated with one or more specific management groups, so that users with those roles will only be available to target the devices in their role's management groups.

  • Management groups can only contain devices, and they are completely independent of any other management group, even if they contain the same devices.

A user with the Management Group Administrators role can create management groups in the 1E Portal using rules.

When creating a custom role for an instruction set, you must remember to assign one or more management groups to the role. This can be the built-in management group called All devices.

A user with either Global Administrators or Management Group Administrators role is required to create, delete and update management groups.

You do not need this role if a 1E administrator has already created management groups for you to use.

Refer to the relevant 1E version documentation for how to create and manage Management groups.

Options for configuring 1E ITSM Connect roles

1E roles can be System or custom. System roles have permissions on all instructions sets and all devices. Custom roles can be configured for all instruction sets or limited instruction sets, and all devices or management groups.

You have the following options for assigning 1E roles to the proxy user, which can be changed at any time.

  1. Assign proxy user to a custom role, for example called 1E ITSM Connect Actioner. In this case, assign role to All sets and All devices.

  2. To the same custom role, assign the following role (if required):

    • Specific instructions sets - to limit ServiceNow users to specific instructions, for example to prevent their access to system instructions

    • Specific management groups - to limit ServiceNow users to specific groups of devices.

Please refer to:

A 1E user with either Full Administrator or All Instructions Actioner role is required to add product packs; add, modify and delete instruction sets; and delete instruction definitions.

You do not need this role if a 1E administrator has already added instruction definitions for you to use.