In February of this year, we announced a new integration with ServiceNow called VMware Workspace ONE ITSM Connector, which enables helpdesk agents to perform Workspace ONE UEM device commands and launch Workspace ONE Assist remote support sessions directly from a ServiceNow incident, streamlining service-desk operations. Since then, we’ve made several exciting enhancements to the Workspace ONE ITSM (IT service management) Connector for ServiceNow, including adding employee self-service options, additional Workspace ONE UEM actions, more granular role-based action control, and support for Linux and shared devices.
Employee Self-Service within the ServiceNow Service Catalog
The Workspace ONE ITSM Connector for ServiceNow enables helpdesks to track and resolve issues in the fastest, most efficient way possible. However, customers have asked how we can better enable end users to resolve common device issues for themselves, without having to contact support. Organizations using ServiceNow typically utilize the Service Catalog so that end users can self-serve IT requests without interacting with a live service desk specialist. We are happy to announce that Workspace ONE UEM self-service commands can now be enabled in the ServiceNow Service Catalog to help resolve common device issues.
The following screenshot shows the ServiceNow Service Catalog with the new Workspace ONE self-service tile.
Figure 1: Example ServiceNow Service Catalog That Includes VMware Workspace ONE Actions
The following screenshot shows the menu that appears when end users click the Workspace ONE tile in the ServiceNow Service Catalog.
Figure 2: Available Workspace ONE UEM Self-Service Actions Within the ServiceNow Service Catalog
The following screenshot shows the result when an end user selects, for example, the View Encryption Recovery Key action from the Workspace ONE UEM self-service menu.
Figure 3: Example Result of an Encryption Recovery Key Service Request for a Device
Once the Workspace ONE ITSM Connector has been configured in the ServiceNow console, the administrator can add Workspace ONE UEM actions to the self-service catalog. To learn how to configure the connector, watch the Workspace ONE ITSM Connector Feature Walk-through video on VMware Digital Workspace Tech Zone.
The following screenshot shows the new configuration option in the ServiceNow console for enabling self-service actions.
Figure 4: New Options in the Workspace ONE ITSM Connector Setup to Configure the ServiceNow Service Catalog
New Workspace ONE UEM Actions Within ServiceNow Incidents
The Workspace ONE ITSM Connector now supports several new actions directly in a ServiceNow incident:
- Add Device: Send a formatted email to the end user with the details necessary to enroll their device.
- Find Device: Send an alert tone to a device to help the end user find their device.
- View Encryption Key: Help the end user unlock encrypted devices by accessing the BitLocker recovery key, for Windows devices, and the FileVault recovery key, for macOS devices.
Note that the list of available Workspace ONE UEM actions changes, depending on the device platform type. For example, the following screenshot shows actions specific to Android devices.
Figure 5: Actions for Android Within the ServiceNow Incidents Screen, Including New Add Device and Find Device
The following screenshot shows an example of actions available for macOS devices.
Figure 6: Actions for macOS Within the ServiceNow Incidents Screen, Including the New View Encryption Key Action
The following screenshot shows the result when a service-desk agent selects, for example, the View Encryption Key action from the Workspace ONE UEM incident tab.
Figure 7: Result After the Service-Desk Agent Submits the View Encryption Key Request
Granular Workspace ONE UEM Action-Based Role Assignment
The Workspace ONE ITSM Connector ensures that support reps, regardless of level or tier, have easy access to the Workspace ONE features they need to assist employees. With role-based access control, IT can specify which Workspace ONE UEM features can be accessed in ServiceNow by help-desk role or support level. Initially, the Workspace ONE ITSM Connector had only three user roles:
- WS1UEMStandard: Contains all the basic actions that an ITSM agent can perform on devices. These actions include Change Passcode, Lock Device, Remote Assist, Request Logs, Send Message, Soft Reset, and Sync Device.
- WS1UEMAdvanced: Contains all the actions included with the WS1UEMStandard role, along with the Device Wipe and Enterprise Wipe actions.
- WS1UEMConsoleViewer: Enables a button on the ServiceNow Incident form that allows the ITSM agent to open a Workspace ONE UEM console window. (Note that this role is independent of the WS1UEMStandard and WS1UEMAdvanced roles.)
Now, each Workspace ONE UEM action has its own role, so that each action can be assigned to user groups or individual users. The following screenshot details the role names for each specific action.
Figure 8: Configuration Page for Role-Based Assignment of Workspace ONE UEM Actions to Service Desk Users or Groups
Workspace ONE ITSM Connector Now Supports Linux Devices
Now from within the ServiceNow Incident screen, a service desk agent can send commands to enrolled Linux endpoints. These commands include:
- Enterprise Wipe: Unenroll the device and remove apps deployed by Workspace ONE UEM.
- Remote Assist: Initiate a Workspace ONE Assist remote support session.
- Add Device: Send an email to the end user with details to enroll a new device.
Figure 9: Available Workspace ONE UEM Actions for a Linux Endpoint Within a ServiceNow Incident
Review the following resources to learn more about Workspace ONE Linux management:
- Introducing Workspace ONE for Linux Endpoint Management
- Workspace ONE UEM Linux Management Feature Walkthrough
- Linux Management Has Arrived
Workspace ONE ITSM Connector Now Supports Shared Devices
When the Workspace ONE ITSM Connector was originally released, any device actions required the email address of the ServiceNow incident caller—that is, the end user requesting support—to match the device email address in Workspace ONE UEM. Now, IT can enable or disable this validation check during connector setup to support devices shared by multiple employees, which have been staged and configured by IT instead of a specific end user.
Figure 10: Workspace ONE ITSM Connector with Email Validation Check Disabled to Accommodate Shared Devices
Stay tuned for more Workspace ONE ITSM Connector enhancements next year! In the meantime, be sure to check out these resources to learn more: