Service Manager User Import / Commissioning
This is gonna sound weird and I'm sure there will be a BIG "But Why!!!" after reading this. But just bare with me...
We are in the process of implementing SCSM and I have run into a problem regarding the import if users into SCSM.
Due to the complexity of our business systems and how we provision users, we only use AD for authentication. Meaning we do not carry any user details in AD. Only Username that is an 8 digit number, display name that is the same as the username and some other non-important data.
To compensate for the lack of AD user details, I have created a "system" to get the user details into SCSM:
- I created a standard AD connector in SCSM to import the users and groups needed.
- There is a DB that gets live updated user data from our "Identity Management" systems.
- From the DB mentioned above, I create a CSV that gets placed on the SCSM WF server.
- I then use Orchestrator with an XML file and the CSV file to update the users in SCSM.
- The data includes Display Name, Location, Capacity, Manager, Email address, etc.
- The Orchestrator process is scheduled to run after the AD connector.
The problem is that everytime the AD connector runs, the data is updated and all the values that Orchestrator updated goes back to what they are in AD. I then need to re-run the Orchestrator connector to update the values.
I have automated this process and has been running without an issue the past couple of months while we tested.
Our business analyst has informed me that this is an extremely inefficient process and that I will need to find an alternative solution to get the users with details into SCSM without using the AD connector or a CSV file. It was also suggested that I use some kind of REST API and web services to get the users and groups into SCSM.
So, here is my question, is there any other way of importing users into SCSM besides the AD connector and a CSV file.
I know that Orchestrator has an API and web services that can be used, but where do I start with a runbook to get the data from our system and import into SCSM with all the needed relationships.
I also investigated the possibility of updating the relevant tables within the SCSM DB live from our "Identity management" system, but there are just too many relationships within the DB to even think about creating a process. And this will probably break in the future if MS updates SCSM in a weird and wonderful way.
To give some background, we only have one AD and we can use it to authenticate with SCSM, just not as a "source of truth" to import users. So the option of adding the needed values into AD is also not an option.
I know there will be many questions regarding our use or misuse of AD, but it is what it is and I can not change it.
If anyone made it so far into the question and have any suggestions or solutions, it will be highly appreciated.
If there are any other questions please do not hesitate to contact me.