Spoke support for cloud hosting services

Spokes required for Policy authoring – integration with Microsoft Office 365

• Microsoft OneDrive Spoke – 2.1.1
• Microsoft OneDrive Spoke for Document Service Framework – 1.0.5

Spokes required for Policy authoring – integration with Microsoft SharePoint

• Microsoft OneDrive spoke 2.3.1
• Document services framework for OneDrive – 2.0.0

Spokes required for Policy authoring – integration with Google Drive

• Document Service Framework for Google Drive Spoke – 1.0.1
• Google Drive Spoke – 1.4.1

Connecting to cloud hosting services

Establish a connection with cloud hosting services

Connection with Microsoft OneDrive

You must first set up the Microsoft OneDrive to perform actions in Microsoft OneDrive from ServiceNow. For more information, see Setup Microsoft OneDrive for Document Services.

Nota:

To set up connection you require the following delegated Microsoft Azure App permissions:

• openid: Enables secure user authentication through Microsoft’s identity platform, ensuring that access to the Policy Redlining application is verified and trusted.
• profile: Provides access to the basic profile information of the user, such as their name. This information is used to personalize the redlining experience and display relevant user details within the interface.
• Files.ReadWrite: Allows the application to create, read, and update any files the user has permission to access. This is essential for opening, modifying, and saving policy documents during the redlining process on behalf of the authenticated user.
• offline_access: Grants the ability to refresh access tokens even when the user is not actively logged in. This ensures continuous access to Microsoft resources without requiring frequent re-authentication.
• User.Read: Allows the application to retrieve the signed-in user’s basic profile details. This is required for assigning or validating file permissions specific to that user during redlining activities.

Connection with Microsoft SharePoint

You must first set up the Microsoft SharePoint to perform actions in Microsoft SharePoint site from ServiceNow. For more information, see Setup Microsoft OneDrive for Document Services.

The Microsoft OneDrive setup configured in ServiceNow is the same as that is done for Microsoft SharePoint as well. However, the Microsoft Azure App permissions are required for Microsoft SharePoint.

Nota:

To set up connection you require the following Microsoft Azure App permissions:

• email
• openid
• profile
• Files.ReadWrite
• offline_access
• User.Read
• User.ReadBasic.All
• Sites.ReadWrite.All

In addition, they require Sites.Read.All permission. It allows the application to read content across SharePoint sites. This is needed to verify that the user has permission to access the document located in the specified SharePoint site URL, validate whether the user has provided a valid site url and has access to the site they are accessing.

Connection with Google Drive

To set up Google Drive as a cloud hosting service and to create or update the policy text document that resides in Google Drive, you must:

1. Set up Google Drive spoke account.
2. Integrate the Document Services with Google Drive. For more information, see Document Services Framework for Google Drive.
3. To manage documents in Google Docs from your ServiceNow instance, you must integrate the ServiceNow instance with Google docs. For more information, see Set up the Google Docs.

Setting up system properties to connect with cloud hosting services

Enable system properties to use policy redlining in Compliance Workspace

1. Navigate to All > Policy and Compliance > Administration > GRC properties.
   1. To opt Microsoft OneDrive as your cloud hosting service, select One drive in the Select a file sharing service to host documents and attachments system property list.

      If you select None in the Select a file sharing service to host documents and attachments system property list, then you can import the policy text. For more information, see Import policy text for redlining.

   2. To opt Google Drive as your cloud hosting service, select Google drive in the Select a file sharing service to host documents and attachments system property list.
   3. To opt Microsoft SharePoint, select SharePoint in the Select a file sharing service to host documents and attachments system property list.
2. Set the folder path that is to be created in Microsoft OneDrive in the Default folder path where documents and attachments will be located. You can organize files in sub-folders within this path system property list.

Provide mp_document_user role

The mp_document_user role is required to access policy redlining document-related tables. This role is required for users using the policy redlining feature to create, update, and delete the related documents.

As a sys admin you can establish the cloud hosting connection, enable system properties, and provide the mp_document_user role and compliance user (sn_compliance.user) role for the policy redlining users.