Blog

Nutanix Frame + ServiceNow Step-by-Step Integration!

  • 19 April 2022
  • 0 replies
  • 437 views
Nutanix Frame + ServiceNow Step-by-Step Integration!

Nutanix and ServiceNow have built a strong partnership over the years, and the collaboration continues as we look to deliver even more benefits for our mutual customers! One example of this is to see just how easy it is to integrate the Nutanix Frame Desktop-as-a-Service with the ServiceNow workflow solution to easily onboard and provision apps and desktops to new users!

Prerequisites

  • Third-Party Identity Provider (supported by Nutanix Frame and ServiceNow)
    Note: For the purposes of this demo, we will be leveraging Okta as our Identity Provider - but you can use your supported identity provider of choice in a very similar approach.
  • Install and configure the Okta Spoke within your ServiceNow instance (requires an IntegrationHub subscription). Detailed instructions available here.
  • Nutanix Frame Subscription with one or more Organizations, Accounts, and Launchpads configured.
Okta Spoke available in the ServiceNow Store

Summary

In this demo, we have created two separate Frame Accounts for our users that belong to the same Frame Organization called SNOW:

Frame Accounts to be managed via ServiceNow
  • Engineering - This Account is hosted in AWS Ohio and provides a persistent desktop (Windows Server 2019 with AMD GPU) to Engineering users. We have also created a single Launchpad called Engineering Desktop within this Account.
  • Marketing - This Account is hosted in Azure North Central and provides a non-persistent desktop (Windows 10 with no GPU) to Marketing users. We have also created a single Launchpad called Marketing Desktop within this Account.

We would now like to manage user access to these Accounts (via their respective Launchpads) via ServiceNow.

Configuration

Step 1. [Okta] Create your desired User Groups within Okta. For the purposes of this demo, we created two groups:

  • Frame Engineering (frame-snow-engineering)
  • Frame Marketing (frame-snow-marketing)

Step 2. [ServiceNow] Within ServiceNow, browse to Okta Spoke → Okta Groups and click on Fetch Okta Groups. Available Okta Groups should populate automatically.

Frame Engineering and Frame Marketing Okta Groups populate in ServiceNow Okta Spoke

Step 3. [ServiceNow] For any Okta Groups that you want to manage via ServiceNow will need to have a corresponding ServiceNow Group created within User and Groups → Groups.

Created Frame Engineering and Frame Marketing ServiceNow Groups

Step 4. [Nutanix Frame] Add your Okta instance as SAML2 Provider at the desired hierarchy level (Customer, Organization, or Account) within your Frame tenant. For detailed instructions for integrating Okta with Frame, click here.

Okta instance added as a SAML2 Provider within Frame

Step 5. [Nutanix Frame] Add the appropriate SAML2 Permission Rule for the Engineering Account (Account Dashboard → Users → SAML2 Permissions → Add Permission) by specifying the frame-snow-engineering Okta group and granting that group the Launchpad User Role to the Engineering Desktop Launchpad.

Frame SAML2 Permission Rule for Engineering

Step 6. [Nutanix Frame] Add the appropriate SAML2 Permission Rule for the Marketing Account (Account Dashboard → Users → SAML2 Permissions → Add Permission) by specifying the frame-snow-marketing Okta group and granting that group the Launchpad User Role to the Marketing Desktop Launchpad.

Frame SAML2 Permission Rule for Marketing

Demo

Now that we have everything configured, we are ready to begin provisioning user access to Frame using ServiceNow!

Lucky for us, we just so happen to have two new hires we need to onboard!

  1. John Smith (john.smith@fra.me) - A new member of the Engineering team.
  2. Jane Miller (jane.miller@fra.me) - A new member of the Marketing team.

To do so, we need to first create the above User accounts within Okta and then do the same within ServiceNow (ensuring emails match).

Step 1. [ServiceNow] Create User for John Smith and then associate the User to the frame-snow-engineering Group.

Creating User Account for John Smith
Adding John Smith to the frame-snow-engineering Group

You can also check in Okta and verify that the user was added to the right group:

Okta also shows John Smith was added to the frame-snow-engineering Okta Group

Step 2. [ServiceNow] Create User for Jane Miller and then associate the User to the frame-snow-marketing Group.

Creating User Account for Jane Miller
Adding Jane Miller to the frame-snow-marketing Group

And that’s it!

Now let’s verify if John and Jane have access to their proper desktops within Frame.

Step 3. [Nutanix Frame] Login to Frame with John Smith via Okta and confirm he has access to the Engineering Desktop.

Click Sign in with frame-snow-test
Enter John Smith’s Okta credentials
Looks like the Engineering Desktop is available for John to access!

Step 4. [Nutanix Frame] And finally, we will login to Frame with Jane Miller via Okta and confirm she has access to the Marketing Desktop.

Click Sign in with frame-snow-test
Enter Jane Miller’s Okta credentials
And the Marketing Desktop is available for Jane to access

As you can see, with Frame, and your identity provider of choice, you can quickly and easily streamline the process of onboarding (and offboarding) users and ensure they have access to the proper desktops and apps all through the convenience of ServiceNow!


©️ 2022 Nutanix, Inc.  All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.


This topic has been closed for comments