Integrating Incode with ServiceNow ITSM

Overview

This guide explains how to integrate Incode Workforce identity verification into ServiceNow IT Service Management (ITSM) workflows. By embedding verification into the help desk process, agents can confirm the caller’s identity before completing sensitive IT actions (like MFA resets, password unlocks, or privileged access requests).

We’ll cover:

The user journey for IT service requests
Integration architecture with ServiceNow ITSM
How to configure OIDC with our integration partner, IdRamp https://store.servicenow.com/store/app/ecfc2f621b646a50a85b16db234bcb85
Directory sync considerations with your IAM

User Journey in ITSM

When an employee calls the IT help desk, the agent needs a quick and reliable way to confirm their identity. Here’s how the workflow looks with Incode:

Employee calls the help desk with a request (e.g., “I can’t access my account, please reset my MFA”).
Agent triggers IDV from ServiceNow – Inside the ServiceNow ITSM console, the help desk agent clicks a button to initiate Incode verification for the employee.
Employee receives verification link (via SMS or email) and completes document + selfie check with Incode (this can be ANY mobile device or email).
Real-time results in ServiceNow – As soon as the employee finishes, the verification status (pass/fail, risk score, selfie match, claims match) is returned to ServiceNow and displayed to the agent.
Agent decision:
- Success → The agent proceeds with fulfilling the request (e.g., resetting MFA).
- Failure → The agent denies the request and can escalate the case.

This workflow ensures agents can trust who’s on the other end of the phone, preventing social engineering and impersonation attacks.

Integration Architecture

1. ServiceNow + IdRamp (OIDC)

We partner with IdRamp to simplify the ServiceNow ITSM integration. Customers provide OIDC Client ID & Secret to IdRamp, who brokers the connection between ServiceNow and Incode.

📺 Watch a full demo of the integration here:

2. Directory Sync

Even with IdRamp OIDC in place, Incode still syncs with the customer’s IAM directory (e.g., Azure AD, Okta, Ping). This ensures:

User lifecycle management → Verification is tied to IAM records.
Role-based routing → Only users in certain groups may require extra checks.
Return verification with selfie match – When a user verifies, Incode runs a 1:1 selfie match against the the initial verification result (Doc + Selfie) to confirm the identity belongs to the directory record.
Claims Match – Incode cross-checks verified legal identity attributes (e.g., name, date of birth, phone, email) against the IAM directory record to ensure alignment.
Audit trail → Verification results are logged against the IAM identity record.

Example Flow in ServiceNow

Trigger – Employee requests MFA reset in ServiceNow ITSM.
Redirect – ServiceNow (via IdRamp OIDC) redirects the employee to Incode.
Verification – Incode performs document + selfie identity check.
Callback – Incode posts verification status back to IdRamp, which ServiceNow consumes.
Decision – If verified, the request auto-resolves or escalates to IT support; if failed, the request is denied.

Benefits

Secure IT Workflows – Stop fraudulent password resets and insider threats.
Low Friction – Verification is only triggered when needed.
Easy Integration – Turnkey integration with ServiceNow ITSM.
Identity-Centric – Results stay in sync with the customer’s IAM directory.

Next Steps

Review the IdRamp video demo.
Work with your Incode Solutions Engineer to configure OIDC Client ID & Secret.
Enable directory sync between Incode and your IAM (Entra ID, Okta, etc.).
Deploy Incode verification into ServiceNow workflows (MFA resets, privileged access requests, HR-driven IT requests).

With Incode + ServiceNow ITSM + IdRamp, you can secure IT requests with biometric verification, directly embedded into the IT service lifecycle.