We have several computer assets that are deployed to a service account “svc” in ServiceNow. A service account from my understanding, is an account that is given to someone by approval with a password that never changes that can be used to log into multiple devices. The devices deployed to a service account could be devices that never turn off and need to stay on to run a program for a specific department.
These devices are not assigned to an individual user, so in the event that we need to track the location for these types of assets because a “virus” or data breach was detected on the device, who do we know to contact to help us locate the device if its assigned to a service account instead of an individual user in ServiceNow? Another scenario, what if we assign to a manager, and that manager leaves the company, how do we know who do we contact then to locate the device?
What is the best approach in managing these types of “shared” devices? Your feedback is greatly appreciated.
Devices should be associated with a user, either directly or indirectly. ServiceNow utilizes several fields that associate a user or group with a device, such as Assigned To, Managed By, Owned By, and Support Group.
Shared devices are a common use case. There are a number of ways to handle this, but key is to associate a user at some level (in some tracking field) that you can go to and attest the device. ServiceNow provides a choice list field called Asset Function to indicate that it is a shared device. You can enforce ServiceNow workflow so that when Asset Function = Shared, that the Assigned To may remain blank but another field must be populated. In our case, we require the Owned By field to be populated if the Asset Function is set to Shared, indicating a shared device.
For the concern about assigning it to a manager, and that manager leaves the company: That is the same concern as assigning an individual device to a user and that user leaves. Use the same onboarding/offboarding change processes as you would for a user. To partially address this, we align on using groups for some of the fields rather than individual users. For example, we use Managed By Group (an assignment group) vs Managed By (a user record). The assignment group has an indicated manager and the process for replacing an assignment group’s manager when the manager moves/leaves the team is solid.
I agree with Dan. He laid out pretty much text book on the what I’d consider best approach.