Admin By Request (ABR) Service Request Automation → Ivanti
Overview
This automation playbook manages the creation and updating of "Admin By Request" (ABR) service requests in Ivanti ITSM, triggered by scheduled or external events. It ensures that ABR requests are properly created, validated, and updated, integrating with Passwordstate for credential management and Ivanti for ticket lifecycle.
High-Level Flow
- Retrieve Ivanti API credentials from Passwordstate
- Fetch active ABR service requests from Ivanti
- Check for existing requests matching the current AdminByReqId
- If no matching request exists:
- Validate the user in Ivanti
- Create a new ABR service request with all relevant parameters
- If a matching request exists:
- Retrieve related tasks
- Add a note to the existing task
Execution Flow
sequenceDiagram
participant Scheduler as Scheduler/External Trigger
participant AAP as Ansible Automation
participant PWS as Passwordstate
participant Ivanti as Ivanti ITSM
Scheduler->>AAP: Trigger ABR request playbook
AAP->>PWS: Get Ivanti API credentials
PWS-->>AAP: API credentials
AAP->>Ivanti: Fetch active ABR service requests
Ivanti-->>AAP: List of active requests
alt No matching request
AAP->>Ivanti: Validate user
Ivanti-->>AAP: User info
AAP->>Ivanti: Create new ABR service request
Ivanti-->>AAP: New request created
else Matching request exists
AAP->>Ivanti: Retrieve related tasks
Ivanti-->>AAP: Task info
AAP->>Ivanti: Add note to existing task
Ivanti-->>AAP: Note added
endComponents
Ivanti ITSM
- Service Request Management: Handles creation and updating of ABR service requests and related tasks.
- Task Notes: Allows adding status updates to existing tasks.
Passwordstate
- Credential Storage: Stores Ivanti API credentials securely, retrieved at runtime.
Playbook Logic
Variables
pws_ivanti_api_key: Title of the API key in Passwordstateivanti_request_offering: Name of the ABR request template in Ivanti
Main Steps
- Get Ivanti API Key from Passwordstate
-
Retrieves API credentials for Ivanti from Passwordstate using the provided key title.
-
Fetch Active Ivanti Service Requests
-
Queries Ivanti for active service requests matching the ABR offering.
-
Set Facts for Existing Requests
-
Filters active requests to find any matching the current
AdminByReqId. -
Create New Service Request (if needed)
- Validates the user in Ivanti by email.
-
Creates a new service request with all ABR parameters if no match is found.
-
Add Note to Existing Service Request (if found)
- Retrieves tasks related to the existing service request.
- Finds the 'Goedkeuring ABR' task and adds a note with the latest request details.
Task Input & Output
Input Parameters
AdminByReqId: Unique identifier for the ABR requestAdminByReqUser: User email for whom admin rights are requestedAdminByReqAuditLogLink: Link to the ABR audit logAdminByReqComputer: Target computerAdminByReqFile: File involved in the requestAdminByReqReason: Reason for the requestAdminByReqRequestTime: Timestamp of the request
Output Actions
- On New Request: Creates a new Ivanti service request and assigns it to the Systeemsoftware team
- On Existing Request: Adds a note to the related task with updated information
Error Handling & Idempotency
- Uses facts and filters to ensure duplicate requests are not created
- Ignores errors on user validation to allow for fallback or manual intervention
- All credentials are handled with
no_log: truefor security
Benefits
- Automates ABR request lifecycle in Ivanti
- Prevents duplicate service requests
- Ensures audit trail via task notes
- Integrates securely with Passwordstate for credential management
- Reduces manual overhead for ITSM operations
Notes
- The playbook is designed to be idempotent and safe for repeated runs
- All sensitive operations are delegated to localhost for security
- Task notes provide traceability for request updates