Design Considerations

Information that will help you design and plan the implementation of 1E Service Catalog Connect in your organization.

This page is part of the design phase of implementation.

The implementation of 1E Service Catalog Connect is straightforward. Assuming you have already implemented 1E infrastructure, the only significant choices required before installing 1E Service Catalog Connect are described below.

The Compatibility matrix for 1E and ServiceNow integration applications table contains details of all currently supported 1E ServiceNow integration apps. You can use this table as a reference to ensure the correct combination of the app for your needs. Note that each app is dependent on 1E Core app and a 1E installation.

For a full list of requirements, please refer to Requirements. Once you have made the implementation choices below, satisfied requirements, completed Preparation steps, then you can continue with App Installation.

MID Server

When ServiceNow is not able to access the 1E Server (Master Stack) over the Internet, then you require a ServiceNow MID Server. In this scenario, you will install both the 1E Server and the MID Server on your local network, so that the MID Server can then access ServiceNow on the Internet, thereby acting as a bridge between the two.

You can use the same MID server for 1E Core and 1E Service Catalog Connect.

Users and roles

1E Service Catalog Connect uses 1E Shopping, and uses 1E to run instructions, each from newly created catalog items within 1E Service Catalog Connect.

The following table describes the 1E Service Catalog Connect app roles.

Role name

Additional ServiceNow roles required

Description

x_1e_service_catal.shopping_admin

n/a

This role allows its users to configure the 1E Service Catalog Connect app, in addition to having the same rights as the x_1e_service_catal.shopping_user role.

ServiceNow admin users must change their application scope to 1E Service Catalog Connect in order to configure the app.

x_1e_service_catal.shopping_user

n/a

This role grants its users access to invoke Windows 10 items and select catalog items tied with 1E instructions.

 

  • The x_1e_service_catal.shopping_user and x_1e_service_catal.shopping_admin roles are created automatically when you install the 1E Service Catalog Connect application.

  • The x_1e_core_connect.user role is automatically inherited when a user is granted any of the roles above.

Instruction sets

1E instructions are permissioned by assigning their instructions sets to roles. You can permission the roles for All sets or specific instruction sets.

You will very likely use specific instruction sets if you are using 1E for purposes other than ServiceNow, for example integration of 1E with other 1E products such as Shopping, AppClarity, NightWatchman and more.

Your 1E administrator will need to upload the relevant instructions into 1E, and assign it to an instruction set. The instruction can be assigned to only one instruction set. Typically, instruction set names match the names of the Product Pack zips, which tend to represent their use-cases. Users are able to see the names of instruction sets, which helps when searching for instructions to use. Therefore, you should avoid the temptation to consolidate instructions into fewer instructions sets just to simplify the one-off process of configuring roles.

Your 1E installation should already have some instruction sets available, with at least the Platform verification instructions used to verify the installation of 1E and its agents.

A 1E user with either Full Administrator or All Instructions Actioner role is required to add product packs; add, modify and delete instruction sets; and delete instruction definitions.

You do not need this role if a 1E administrator has already added instruction definitions for you to use.

Management groups

Management groups are used by 1E as logical holders for the grouping of devices. Management groups have the following properties:

  • Each device known to 1E can be assigned to any number of management groups, or be left unassigned.

  • Roles can be associated with one or more specific management groups, so that users with those roles will only be available to target the devices in their role's management groups.

  • Management groups can only contain devices and they are completely independent from any other management group, even if they contain the same devices.

A user with either Global Administrators or Management Group Administrators role is required to create, delete and update management groups.

You do not need this role if a 1E administrator has already created management groups for you to use.

Please refer to the relevant 1E version documentation for how to create and manage Management groups.

Options for configuring 1E Service Catalog Connect roles

1E roles can be either system or custom. System roles have permissions on all instructions sets and devices. Custom roles can be configured for all instruction sets or limited instruction sets, and all devices or management groups.

You have the following options for assigning 1E roles to the users, which can be changed at any time.

  1. Assign users to the corresponding Full Adminstrator role. This is the quickest and simplest option suitable as a temporary solution which can be changed later, or in a simple environment such as a lab, or if 1E is used only for ServiceNow where all instructions and devices are within the scope of ServiceNow.

  2. Assign a user to the corresponding custom role, for example, called 1E ITSM Connect Actioner. In each case, assign both roles to All sets and All devices.

  3. The same custom roles as option 2, but assign the roles to specific instructions sets and/or management groups.

When using custom roles, ensure you configure both roles with the same Instruction Sets and Management groups.

A user with Full Administrator role is required to add or remove users, view all roles, add, modify and delete custom roles or assign roles to any instruction sets and define their permissions.

You do not need this role if a 1E administrator has already created your users and assigned them to necessary roles.

Refer to: