DocumentationAPI ReferenceRelease Notes
Log In
Documentation

Webhook settings

Create a webhook to integrate a third-party ITSM provider to manage JIT application access requests.

EPM can integrate with any third-party ITSM platform capable of receiving incoming webhooks including:

  • JIRA
  • ServiceNow
  • Zendesk

Webhook events are captured in activity auditing.

ℹ️

Note

A standard user requires delegated access to this feature. For more information, see User management.

Create a webhook

  1. Go to Configuration Webhook Settings.

    The Webhook Settings page displays with the available webhooks.

  2. Click Create Webhook.

  3. Provide the following information:

    • Name: Enter a name for this webhook.
    • URL: Add a name and enter the URL to the ITSM tool.
    • Event: The event configured for the webhook:
      • JIT Application Access Ticket Created
      • JIT Application Access Decision Updated
    • Content Type: The content type for the template. For example, application/json.
    • Add Template: Templates are used to customize the request body for a webhook and include the events to send to your ITSM platform.
    Example template

    The formatting of each JSON object is unique to each ITSM platform. For more information, see the documentation for your ITSM platform.

    {
      "EventType": "%%EventType%%",
      "RequestId": "%%RequestId%%",
      "TenantId": "%%TenantId%%",
      "Timestamp": "%%Timestamp%%",
      "requestInfo": {
        "applicationType": "%%ApplicationType%%",
        "action": "%%Action%%",
        "workstyle": "%%Workstyle%%",
        "reason": "%%Reason%%",
        "user": "%%User%%",
        "hostName": "%%HostName%%",
        "trustedOwnership": "%%trustedOwnership%%",
        "productDescription": "%%ProductDescription%%",
        "driveType": "%%DriveType%%",
        "btZoneIdentifierExists": "%%BtZoneIdentifierExists%%",
        "productCode": "%%ProductCode%%",
        "upgradeCode": "%%UpgradeCode%%",
        "clsId": "%%ClsId%%",
        "comDisplayName": "%%ComDisplayName%%",
        "token": "%%Token%%",
        "tokenAssignmentIsShell": "%%TokenAssignmentIsShell%%",
         "uacTriggered": "%%UacTriggered%%",
        "downloadSourceUrl": "%%DownloadSourceUrl%%",
        "userLanguage": "%%UserLanguage%%",
        "sha1Hash": "%%Sha1Hash%%",
        "sha256Hash": "%%Sha256Hash%%",
        "filePathObjectId": "%%FilePathObjectId%%",
        "cmdArgs": "%%CmdArgs%%",
        "publisher": "%%Publisher%%",
        "productName": "%%ProductName%%",
        "productVersion": "%%ProductVersion%%",
        "fileVersion": "%%FileVersion%%",
        "workstyle": "%%Workstyle%%",
        "applicationGroup": "%%ApplicationGroup%%",
         "message": "%%Message%%",
        "messageId": "%%MessageId%%",
         "hostType": "%%HostType%%",
        "osName": "%%OsName%%",
        "osVersion": "%%OsVersion%%",
        "ComputerGroup": "%%ComputerGroup%%",
        "GroupId": "%%GroupId%%",
        "requestVersion": "%%RequestVersion%%",
        "hostedFilePath": "%%HostedFilePath%%",
        "parentProcess": "%%ParentProcess%%",
        "storeAppName": "%%StoreAppName%%",
        "serviceName": "%%ServiceName%%",
        "serviceAction": "%%ServiceAction%%",
        "authRequestUri": "%%AuthRequestUri%%",
        "bundleInfoDescription": "%%BundleInfoDescription%%",
        "reputationScoreDateTime": "%%ReputationScoreDateTime%%",
        "reputationScore": "%%ReputationScore%%",
        "reputationIntegrationType": "%%ReputationIntegrationType%%"
      }
    }
    
    • Authentication Type: The type of authentication used by the webhook:
      None
      Basic
      Custom
      OAuth – Client Credentials
      * OAuth – Password
    • Additional headers:
      - Name: The name of the additional header for the webhook request.
      - Value: The key-value for the additional header.
  4. Select Enable Webhook to automatically enable the webhook after it is created.

  5. Select Save Webhook.

Webhook variables

Add variables to the JSON object in the webhook template. The variables provide additional information or context around the incident. The available variables depend on the type of event and are listed here.

JIT Application Access Ticket Created
VariableDescription
ActionThe action requested (macOS) applications only. RUN, SUDO, INSTALL or DELETE
ApplicationGroupName of the Application Group matched in policy.
ApplicationTypeApplication Type of the matched application.
AuthRequestUrimacOS application property: authorization right which the app is requesting or requires to run.
BtZoneIdentifierExistsWhether the matched file has a zone identifier indicating it was downloaded from the web. (True/False)
BundleInfoDescriptionmacOS application property: description of the app bundle.
ClsIDCOM Class Identifier.
CmdArgsCommand line arguments passed when a process was launched.
ComDisplayNameCOM Class Display Name.
ComputerGroupOrganizes computers that will be assigned the same policy.
DownloadSourceUrlSource URL of the matched file, if downloaded.
DriveTypeDrive type on which the matched file was stored.
EventTypeURM_Native_Ticket_Created
FilePathObjectIdThe path to the matched file, or the object ID of COM Class.
FileVersionFile version property of the matched file.
GroupIdComputer Group unique internal system ID.
HostedFilePathWindows process event property: path to the file loaded when launching a process.
HostnameAgent Host Name stored in EPM.
HostTypeAgent Host Type stored in PMC (for example. Windows, macOS)
MessageName of the message shown by the matched rule in policy.
MessageIdID of the message shown by the matched rule in policy.
OsNameAgent operating system name stored in EPM.
OsVersionAgent operating system version stored in EPM.
ParentProcessWindows process event property: path to the parent process of a launched process.
ProductCodeProduct code GUID of .msi file.
ProductDescriptionProduct description property of the matched file.
ProductNameProduct name property of the matched file.
ProductVersionProduct version property of the matched file.
PublisherPublisher name property of the matched file.
ReasonReason for request from the EPM end user.
ReputationIntegrationTypeType of reputation score integration.
ReputationScoreReputation score at the time ticket was created.
ReputationScoreDateTimeDate and time the reputation score was captured.
RequestIdJIT Application Access request unique internal system ID. Required field to further communicate with EPM.
ServiceActionWindows service event property: action performed on the service (for example, start, stop, pause, configure).
ServiceNameName of the service where the request is triggered.
Sha1HashSHA1 hash of the matched file.
Sha256HashSHA256 hash of the matched file.
StoreAppNameWindows process event property: name of the store app launched.
TenantIdEPM Tenant ID.
TicketNumberFor example, EPM000001
TimestampDate and time the ticket event was created, in UTC (for example, yyyyMMddTHHmmssZ).
TokenName of the token to be applied by the matched rule in policy.
TokenAssignmentIsShellWhether the rule matched was an On Demand rule. (True/False)
TrustedOwnershipWhether the matched file is located in a trusted location. (True/False)
UacTriggeredWhether Windows UAC was required to run or open the matched file. (True/False)
UpgradeCodeUpgraded code GUID of .msi file.
UserEPM end user
UserLanguageEPM user’s language locale
WorkstyleName of the Workstyle matched in policy
JIT Application Access Ticket Updated
VariableDescription
EventTypeURM_NATIVE_DECISION_UPDATE
RequestIdJIT Application Access unique request internal system ID. Required field to further communicate with EPM.
TenantIdEPM Tenant ID.
TicketNumberFor example, EPM000001.
TimestampDate and time the decision event was created, in UTC (for example, yyyyMMddTHHmmssZ).
DecisionApproved or Denied.
DecisionTimeDate and time when a decision is made, in UTC (for example, yyyyMMddTHHmmssZ).
DecisionPerformedByUserName of the decision maker.
DurationNumber of seconds.
JIT Admin Ticket Created
VariableDescription
EventTypeJIT_ADMIN_TICKET_CREATED
RequestIdJIT admin request internal system ID. Required field to further communicate with EPM.
TicketNumberFor example, EPM000001.
TenantIdEPM Tenant ID.
ComputerIdID of the computer.
GroupIdID of the computer group.
ReasonMessage from end point user for escalation.
UserIdEndpoint user ID.
UserNameUser name of endpoint.
DurationRequestedDuration request by endpoint user.
TimestampDatetime decision event created in UTC (for example, yyyyMMddTHHmmssZ).
JIT Admin decision updated
VariableDescription
EventTypeJIT_ADMIN_TICKET_CREATED
RequestIdJIT admin request internal system ID. Required field to further communicate with EPM.
TicketNumberFor example, EPM000001.
TenantIdEPM Tenant ID.
StartTimeStart time of the admin access in UTC (for example, yyyyMMddTHHmmssZ).
EndTimeEnd time of the admin access in UTC (for example, yyyyMMddTHHmmssZ).
DecisionApproved or Denied.
DecisionTimeDatetime when a decision is made in UTC (for example, yyyyMMddTHHmmssZ).
DecisionPerformedByUserName of the decision maker.
DurationDuration granted by decision maker.
DurationRequestedDuration request by endpoint user.
TimestampDatetime decision event created in UTC (for example, yyyyMMddTHHmmssZ).

Send sample event

After creating the webhook, send a sample event to the ITSM to confirm the webhook is configured correctly.

  1. Select the webhook in the list, and then select Send Sample Event from the menu.

Enable the webhook

When the webhook is ready for production, select the webhook, and then select Enable Webhook.

Clear the event queue

Remove all events from the queue.

  1. Select the webhook in the list, and then select Clear Event Queue from the menu.

The Queued Events for the webhook drops to 0.

Delete the webhook

Delete a webhook.

  1. Select the webhook in the list, and then select Delete Webhook from the menu.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.