ITSM Integration

Integrating KeeperPAM with ITSM platforms such as ServiceNow

Overview

KeeperPAM integrates seamlessly with ITSM platforms (such as ServiceNow) to automate privileged access management within IT service workflows, eliminating manual credential handling and reducing security risks.

Examples include:

  • Automated secret retrieval and credential rotation

  • User provisioning and team/role assignments

  • Time-based access grants to servers and applications

  • Shared folder creation and user assignments

  • Compliance reporting and audit event retrieval

Below are the primary integration methods supported by KeeperPAM.


1. Secret Retrieval via Keeper Secrets Manager

Keeper provides a native integration with ServiceNow MID Servers that allows secure retrieval of secrets from Keeper Secrets Manager.

Setup Overview:

  • Install Keeper Secrets Manager SDK and plugin on the ServiceNow MID Server

  • Use a configured Secrets Manager Application with scoped access

  • Authenticate the MID server using a One-Time Access Token (OTA) or application credentials

  • Use secrets in orchestration scripts and automation tasks

Benefits:

  • Secrets are never stored in ServiceNow

  • Zero-trust access to secrets using Keeper’s cloud vault

  • Supports audit logging, fine-grained access, and secret rotation

For more details, see the ServiceNow integration for Keeper Secrets Manager


2. Access Assignment via Keeper Commander CLI

ITSM platforms like ServiceNow can assign access to privileged resources or perform password rotation using Keeper Commander CLI, executed from a MID Server.

Setup Steps:

  1. Install a ServiceNow MID Server on a Windows or Linux machine

  2. Install Keeper Commander

  3. Authenticate Keeper Commander with a persistent session

  4. In ServiceNow Flow Designer, use a Run PowerShell or Run Command activity.

Example Commands:

To grant a user with 1-hour access to a Linux server:

share-record --expire-in 1h -e user@company.com servers/Linux001

Rotate a specific password:

pam action rotate --record-uid <RECORD_UID>

Invite a user to Keeper

enterprise-user --add user@example.com

Create a Shared Folder and Add User

mkdir some_team_folder -sf -s
share-folder some_team_folder -e user@example.com -p off

Benefits:

  • Automates just-in-time access provisioning

  • No secrets stored in ServiceNow

  • Integrates with approval flows and service catalog items

This method offers the most flexibility. Any Keeper Commander action can be scripted and triggered via the MID Server.

For more information on this method, see the Keeper Commander setup guide and see the list of available commands.


3. Commander Service Mode REST API

Customers can enable Commander Service Mode to expose a secure internal REST API that accepts HTTP commands for executing Keeper actions.

Setup Summary:

  • Install Keeper Commander and run in Service Mode

  • Restrict access to the API on internal networks only

  • Create a Service Mode configuration that defines which commands are allowed

  • Use HTTPS requests to trigger actions like:

    • Inviting users to Keeper

    • Adding or removing users from teams

    • Rotating passwords

    • Initiating BreachWatch scans

    • Sharing access to vault records

Benefits:

  • REST API for ITSM, ticketing, and custom automation platforms

  • Full command support via HTTPS

  • Flexible and platform-agnostic

Security note: This API is self-hosted by the customer and should be secured with internal-only access and firewall restrictions.

For more information, see the Commander Service Mode setup guide.


Integration Summary

Integration Type
Use Case
Platform
Setup Location
Security Model

Secrets Manager MID Server

Securely retrieve secrets

ServiceNow

MID Server

Zero-trust vault access

Commander CLI via Flow Designer

Access assignment, password rotation

Any ITSM platform.

MID Server

CLI-based automation

Commander Service Mode API

REST-based command execution

Any ITSM platform.

Internal server

Internal-only REST interface

Last updated

Was this helpful?