Configure Azure to connect ITSM tools using Secure Export
This article provides information about how to configure the Azure in order to use "Secure Export". In order to use "Secure Export", follow these steps:
- Register your app with Azure AD.
- Define Service principal.
- Create a Secure Webhook action group.
- Configure your partner environment. Secure Export supports connections with the following ITSM tools:
Register with Azure Active Directory
Follow these steps to register the application with Azure AD:
Follow the steps in Register an application with the Microsoft identity platform.
In Azure AD, select Expose application.
Select Set for Application ID URI.
Define service principal
The Action Group service is a first party application therefore it has permission to acquire authentication tokens from your AAD application in order to authentication with Service now. As an optional step you can define application role in the created app’s manifest, which can allow you to further restrict, access in a way that only certain applications with that specific role can send messages. This role has to be then assigned to the Action Group service principal (Requires tenant admin privileges).
This step can be done through the same PowerShell commands.
Create a Secure Webhook action group
After your application is registered with Azure AD, you can create work items in your ITSM tool based on Azure alerts, by using the Secure Webhook action in action groups.
Action groups provide a modular and reusable way of triggering actions for Azure alerts. You can use action groups with metric alerts, Activity Log alerts, and Azure Log Analytics alerts in the Azure portal. To learn more about action groups, see Create and manage action groups in the Azure portal.
To add a webhook to an action, follow these instructions for Secure Webhook:
In the Azure portal, search for and select Monitor. The Monitor pane consolidates all your monitoring settings and data in one view.
Select Alerts > Manage actions.
Select Add action group, and fill in the fields.
Enter a name in the Action group name box, and enter a name in the Short name box. The short name is used in place of a full action group name when notifications are sent using this group.
Select Secure Webhook.
Select these details:
- Select the object ID of the Azure Active Directory instance that you registered.
- For the URI, paste in the webhook URL that you copied from the ITSM tool environment.
- Set Enable the common Alert Schema to Yes.
The following image shows the configuration of a sample Secure Webhook action:
Configure the ITSM tool environment
The configuration contains two steps:
- Get the URI for the secure export definition.
- Definitions according to the flow of the ITSM tool.