Enable Email Notification on Impersonation Event

Today marks another milestone in my professional career.  I’m going to begin writing blog posts about a great new Information Technology Service Management (ITSM) tool called ServiceNow.  We recently contracted with ServiceNow at my employer and I’m thoroughly impressed with the solution.  I’m so impressed that I’ve decided to pursue my certification in various aspects of the ServiceNow solution and have now completed my ServiceNow System Administrator training (in preparation for my Certified System Administrator).

This first article is going to be about a solution that I implemented while in my System Administrator training:  Notification of Impersonation Events.

What is an Impersonation Event?  ServiceNow provides the ability for someone with the admin role to impersonate another user (log into the system as them, but without knowing their credentials).  This is an incredibly powerful capability, providing a great tool to troubleshoot issues and understand what your users are seeing.  However, as Ben Parker once said, “With great power, comes great responsibility.”  I decided I wanted to know if any of the administrators in our environment were performing Impersonations and when.

Logging the Event

The first step in being notified of Impersonation Events is to know when they’re happening.  For this part of the tutorial I’m going to just walk you through the Practical Application Lab from the System Administrator Training for ServiceNow.  We didn’t actually do the lab in the class, but it was provided in our book if we wanted to try it (which I did).

There is a ServiceNow Community article on performing the setup, fortunately someone already did the bulk of the work for you in an update set.  The PAL in our class manual had you download the update set from here, http://community.servicenow.com/files/lmpersonation%20tracker.zip.  I’ve had lots of problems with that URL, so I’m hosting a copy of the Update Set here on my Blog as well.  This is the file I downloaded from the ServiceNow Community site, though the link appears dead now.  The update set was built by Arlen Vartazarian.

  1. Download Arlen’s update set here.
  2. Once you have the Zip file downloaded, unpack it and you should have an Impersonation tracker.xml file.
  3. Within your ServiceNow instance, navigate to System Update Sets > *Retrieved Update Sets*.
  4. Under Related Links select Import Update Set from XML.
  5. Browse… to the Impersonation tracker.xml file and upload it.
  6. Select the Impersonation tracker update set and under Actions on selected rows… select Preview Update Set.
  7. You should receive a Progress screen and see State:  Complete  and Completion code:  Success.
  8. Click Return to the update set record.
  9. You can now Commit the update set by clicking Commit Update Set.
    ServiceNowImpUpdateSet
  10. You should again receive a Progress screen and see State:  Complete and Completion code:  Success.
  11. Going back to System Update Sets > Retrieved Update Sets should show the Impersonation tracker as Committed.

Now that you’ve installed the Update Set you should be logging all of the Impersonation events.  To be sure, you should test it.

Testing the Event Log

To test our newly installed Impersonation tracker:

  1. Log into your ServiceNow instance as a user with the admin role.
  2. Click the small lock icon in your Application/Update bar:
    ServiceNowLock
  3. Select a user to impersonate and click OK:
    ServiceNowImpersonate
  4. Now repeat the steps and go back to your normal user account.
  5. As your admin role user, navigate to System Policy > Event Log from the navigation pane.
  6. If you search for “impersonation” you should see your impersonation.start and impersonation.end events:
    ServiceNowEvents

Now you know that your Impersonation tracker is performing correctly.  Time to build a notification.

Building the Notification

There are a couple of ways you can build a notification.  You could build a Workflow and have it watch the Event Log and trigger on the impersonation.start event, but there’s a better way.

  1. Navigate to System Policy > Email > Notifications
  2. Create a New Email Notification and configure according to the graphic:
    ServiceNowNotify
  3. Under the Who will receive tab, select the appropriate person or group to receive the notifications
  4. Under the What it will contain tab, write the message you want to receive when these events fire, below is probably the minimum:
    ServiceNowWhatItWill

Now whenever an impersonation.start event occurs, you should receive an email like the following:

ServiceNowEmail

certification cloudcomputing howto ServiceNow
Tweet Post Share Update Email RSS

Leader, Mentor, Challenger, Educator, Network Engineer, System Administrator, Developer, Hacker, Writer, Diver, and Technology Explorer.