Nutanix and ServiceNow have built a strong partnership over the years, and the collaboration continues as we look to deliver even more benefits for our mutual customers! One example of this is to see just how easy it is to integrate the Nutanix Frame Desktop-as-a-Service with the ServiceNow workflow solution to easily onboard and provision apps and desktops to new users!
- Third-Party Identity Provider (supported by Nutanix Frame and ServiceNow) Note: For the purposes of this demo, we will be leveraging Okta as our Identity Provider - but you can use your supported identity provider of choice in a very similar approach.
- Install and configure the Okta Spoke within your ServiceNow instance (requires an IntegrationHub subscription). Detailed instructions available here.
- Nutanix Frame Subscription with one or more Organizations, Accounts, and Launchpads configured.
In this demo, we have created two separate Frame Accounts for our users that belong to the same Frame Organization called SNOW:
- Engineering - This Account is hosted in AWS Ohio and provides a persistent desktop (Windows Server 2019 with AMD GPU) to Engineering users. We have also created a single Launchpad called Engineering Desktop within this Account.
- Marketing - This Account is hosted in Azure North Central and provides a non-persistent desktop (Windows 10 with no GPU) to Marketing users. We have also created a single Launchpad called Marketing Desktop within this Account.
We would now like to manage user access to these Accounts (via their respective Launchpads) via ServiceNow.
Step 1. [Okta] Create your desired User Groups within Okta. For the purposes of this demo, we created two groups:
- Frame Engineering (frame-snow-engineering)
- Frame Marketing (frame-snow-marketing)
Step 2. [ServiceNow] Within ServiceNow, browse to Okta Spoke → Okta Groups and click on Fetch Okta Groups. Available Okta Groups should populate automatically.
Step 3. [ServiceNow] For any Okta Groups that you want to manage via ServiceNow will need to have a corresponding ServiceNow Group created within User and Groups → Groups.
Step 4. [Nutanix Frame] Add your Okta instance as SAML2 Provider at the desired hierarchy level (Customer, Organization, or Account) within your Frame tenant. For detailed instructions for integrating Okta with Frame, click here.
Step 5. [Nutanix Frame] Add the appropriate SAML2 Permission Rule for the Engineering Account (Account Dashboard → Users → SAML2 Permissions → Add Permission) by specifying the frame-snow-engineering Okta group and granting that group the Launchpad User Role to the Engineering Desktop Launchpad.
Step 6. [Nutanix Frame] Add the appropriate SAML2 Permission Rule for the Marketing Account (Account Dashboard → Users → SAML2 Permissions → Add Permission) by specifying the frame-snow-marketing Okta group and granting that group the Launchpad User Role to the Marketing Desktop Launchpad.
Now that we have everything configured, we are ready to begin provisioning user access to Frame using ServiceNow!
Lucky for us, we just so happen to have two new hires we need to onboard!
- John Smith (firstname.lastname@example.org) - A new member of the Engineering team.
- Jane Miller (email@example.com) - A new member of the Marketing team.
To do so, we need to first create the above User accounts within Okta and then do the same within ServiceNow (ensuring emails match).
Step 1. [ServiceNow] Create User for John Smith and then associate the User to the frame-snow-engineering Group.
You can also check in Okta and verify that the user was added to the right group:
Step 2. [ServiceNow] Create User for Jane Miller and then associate the User to the frame-snow-marketing Group.
Step 3. [Nutanix Frame] Login to Frame with John Smith via Okta and confirm he has access to the Engineering Desktop.
Step 4. [Nutanix Frame] And finally, we will login to Frame with Jane Miller via Okta and confirm she has access to the Marketing Desktop.
And that's it!
Now let's verify if John and Jane have access to their proper desktops within Frame.
As you can see, with Frame, and your identity provider of choice, you can quickly and easily streamline the process of onboarding (and offboarding) users and ensure they have access to the proper desktops and apps all through the convenience of ServiceNow!