Skip to main content
banner image
venafi logo

Self-Service ITSM Access: Spotlight on the Difenda and Venafi Integration for ServiceNow

Self-Service ITSM Access: Spotlight on the Difenda and Venafi Integration for ServiceNow

July 6, 2021 | Mark Sanders

Many organizations have successfully implemented the Venafi solutionsPlatform to address their machine identity management challenges, but users of ServiceNow generally centralize all IT processes within that single platform. Operating the two solutions separately for managing certificate requests and deployment presents several challenges:

  • Users have two systems. One system handles requests, and the inventory of certificates or deployment locations are in another
  • One system becomes the “source of truth,” while the other becomes a duplication
  • The manual deployment necessary for certificate deployments removes all the benefits of automation
The Difenda Machine Identity Management Solution for ServiceNow

With sponsorship from the Machine Identity Management Development Fund, ServiceNow experts, Difenda, took up the task of integrating ServiceNow with Venafi.  Difenda, a Canada-based managed security services provider serving customers across North America and Latin America since 2008, has been a partner of Venafi in the world of machine identity management for the last seven years.

ServiceNow is an industry leader in IT service management (ITSM) leader, and Venafi is the category-creator and leader of machine identity management. Integrating these two vital services provides users a seamless experience with a self-service and user-enabled way of requesting digital certificates—essentially achieving an easily adoptable machine identity management-as-a-service program. The resulting integration between ServiceNow and Venafi allows users to leverage Venafi’s certificate lifecycle management and automation deployment, while also enjoying a ServiceNow-centric ITSM experience on the platform they know with the core features they love.

Difenda choseelected three fundamental philosophies when building the integrated app to optimize adoption and enablement:

  1. A ServiceNow-centric experience
  2. Leveraging existing ITSM modules for managing machine identity lifecycles
  3. Control objectives achieved using ServiceNow’s access control framework

Let’s break them down.

ServiceNow Centric Experience

The ServiceNow application has a portal view. Forms can be integrated into the service catalog and requests can be entirely managed out of ServiceNow. Users can perform everyday tasks directly related to machine identities directly within the application. Whether that means creating a new certificate request, manually renewing a certificate, or accessing a list of all certificates a team is responsible for. Important data is available in this one application. Organizations that successfully implement this integrated solution do not have to actually go to Venafi for normal activities of the Trust Protection Platform. This unified experience means a user can do everything from the ServiceNow console.

Leveraging Existing ITSM Processes

ServiceNow offers request management, task approvals for various workflows, a CMDB with information on servers and applications, change management, and incident management as part of its core features. The question then was to make it possible to manage machine identities using capabilities already built into ServiceNow.  Here’s Difenda’s approach:

  • Associate Certificates with CI
    This provides that self-service capability, because ServiceNow application owners that would typically approve a change associated with the application are the ones actually approving a certificate request. This promotes decentralized lifecycle management and gives each team more visibility and control over their certificates.
  • Alignment with CMDB data
    To perform automated deployments in ServiceNow using the Difenda machine identity management application, users can create a new installation request and select a server or a load balancer or a network object from their CMDB. This pulls information such as IP address, environment, location, and operating system to create that device object in Venafi. Every time it is renewed or redeployed, it is always using the latest information from the CMDB and can be updated in Venafi. This allows users to fully take advantage of CMDB and align with the existing organization structure.  
  • Approve requests through Change Management
    Deployment requests can also integrate with change management, and it’s possible to indicate if an installation request should be approved via a change. This selection auto-generates a change request, the changes numbers are tracking, and it will be processed and deployed via Venafi once that request is approved. It can also be updated and closed while it’s still pending.
  • Auto create Incidents
    Within the integrated Difenda and Venafi app, users can also create incidents for expiring certificates, improving visibility and control over certificates and reducing outages.
Security and Control

As always, the goal of Difenda’s integration was to leverage as many of ServiceNow’s existing capabilities as possible to provide users a seamless experience in utilizing its ITSM alongside Venafi’s machine identity management services. Out of the box with ServiceNow, application certificates are only accessible to owners, support groups, and approved groups. Individual users can tweak preferences to allow a wider framework, but the ServiceNow control framework is leveraged for maximum security. There are also unique roles that offer users various levels of access. So along with the functionality that comes with ServiceNow, full control of access is given to the application owner or custodian to support decentralized management of machine identities.

The Difenda Machine Identity Management integration for ServiceNow is available now. Visit Difenda on the Venafi Marketplace for more information or go straight to the ServiceNow app store.

Related Posts

Like this blog? We think you will love this.
Featured Blog

Orchestration and Automation are Critical for Machine Identities

The challenges of identity-based zero trust security

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Mark Sanders
Mark Sanders
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more