Admin By Request (ABR) Service Request Processing → Ivanti Automation

Overview

This automation processes and closes Admin By Request (ABR) service requests in Ivanti ITSM, based on the status of ABR requests in the ABR system. It ensures that Ivanti tasks are updated and closed automatically when ABR requests are approved or denied, reducing manual intervention and maintaining accurate ticket status.

High-Level Flow

Retrieve Ivanti API credentials from Passwordstate
Fetch all active ABR service requests from Ivanti
For each service request, fetch related 'Goedkeuring ABR' tasks
Extract AdminByReqId and AssignmentID for all relevant tasks
Retrieve ABR API credentials from Passwordstate
For each AdminByReqId, check the status in the ABR system
If the ABR request is no longer pending approval, close the corresponding Ivanti task with the appropriate resolution

Execution Flow

sequenceDiagram
    participant Scheduler as Scheduler/External Trigger
    participant AAP as Ansible Automation
    participant PWS as Passwordstate
    participant Ivanti as Ivanti ITSM
    participant ABR as Admin By Request API

    Scheduler->>AAP: Trigger ABR process playbook
    AAP->>PWS: Get Ivanti API credentials
    PWS-->>AAP: API credentials
    AAP->>Ivanti: Fetch active ABR service requests
    Ivanti-->>AAP: List of active requests
    AAP->>Ivanti: Fetch 'Goedkeuring ABR' tasks
    Ivanti-->>AAP: Task info
    AAP->>PWS: Get ABR API credentials
    PWS-->>AAP: ABR API credentials
    AAP->>ABR: Check status for each AdminByReqId
    ABR-->>AAP: Status info (approved/denied/pending)
    alt Not pending approval
        AAP->>Ivanti: Close task with resolution
        Ivanti-->>AAP: Task closed
    end

Components

Ivanti ITSM

Service Request Management: Handles active ABR service requests and related tasks.
Task Closure: Closes tasks automatically when ABR status changes.

Passwordstate

Credential Storage: Stores Ivanti and ABR API credentials securely, retrieved at runtime.

Admin By Request (ABR) API

Status Check: Provides the current status of each ABR request (pending, approved, denied, etc.).

Playbook Logic

Variables

pws_ivanti_api_key: Title of the API key in Passwordstate
ivanti_request_offering: Name of the ABR request template in Ivanti

Main Steps

Get Ivanti API Key from Passwordstate
Retrieves API credentials for Ivanti from Passwordstate using the provided key title.
Fetch Active Ivanti Service Requests
Queries Ivanti for active service requests matching the ABR offering.
Fetch Active Ivanti Tasks
For each service request, fetches related 'Goedkeuring ABR' tasks.
Extract Task and Request IDs
Gathers AdminByReqId and AssignmentID for all relevant tasks.
Get ABR API Credentials
Retrieves ABR API credentials from Passwordstate.
Check ABR Request Status
For each AdminByReqId, checks the status in the ABR system using PowerShell and the ABR API.
Close Ivanti Task if Not Pending
If the ABR request is approved or denied, closes the corresponding Ivanti task with a detailed resolution message.

Task Input & Output

Input Parameters

AdminByReqId: Unique identifier for the ABR request
AssignmentID: Ivanti task number

Output Actions

On Approval/Denial: Closes the Ivanti task with a resolution message including status, approver/denier, reason, and response time

Error Handling & Idempotency

Only closes tasks when ABR status is not 'Pending approval'
All credentials are handled with no_log: true for security
Playbook is safe for repeated runs; only updates tasks as needed

Benefits

Automates closure of ABR-related Ivanti tasks
Ensures ticket status in Ivanti matches real ABR request status
Reduces manual overhead for ITSM operations
Provides detailed resolution messages for audit and traceability

Notes

The playbook is designed to be idempotent and safe for repeated runs
All sensitive operations are delegated to localhost for security
PowerShell is used to interact with the ABR API and process status
Task closure includes all relevant status and audit information