Endpoint Central Spoke in ServiceNow Workflow Studio
ServiceNow Workflow Studio provides a unified, no-code/low-code environment to design, automate, and orchestrate business processes. With the Endpoint Central Spoke, organizations can extend Workflow Studio automations directly to managed endpoints, enabling secure, policy-driven IT operations without manual intervention.
This document explains Flow Designer, Spokes, available Endpoint Central actions, how to access them, and real-world automation use cases.
Table of Contents
What is Flow Designer?
Flow Designer is a core capability of the ServiceNow AI Platform that enables rich process automation in a consolidated design environment. It empowers process owners and administrators to streamline complex workflows without extensive coding knowledge.
Key Capabilities
- Visual Workflow Design: Create workflows using an intuitive drag-and-drop interface
- Natural Language Processing: Define automation logic using plain language
- Comprehensive Automation: Automate approvals, tasks, notifications, and record operations
- System Integration: Connect multiple systems without writing custom code
Flow Designer is commonly used to automate ITSM workflows, approvals, fulfillment tasks, and cross-application processes, making it an essential tool for modern IT service management.
What is a Spoke?
A Spoke is a scoped application that contains pre-built Workflow Studio content (actions and sub-flows) dedicated to a specific application or record type.
Key Characteristics
- Reusable Automation: Encapsulates reusable automation actions for specific systems
- Parent Application Binding: Tied to a parent application for seamless integration
- Automatic Activation: Gets activated automatically when the parent application is activated
What is Endpoint Central Spoke
Endpoint Central Spoke provides Workflow Studio actions that allow ServiceNow workflows to perform endpoint-level operations such as software deployment, status checks, and encryption key retrieval. This powerful integration enables organizations to extend their ServiceNow automation capabilities directly to managed endpoints.
Supported Workflow Studio Actions
Endpoint Central Spoke currently supports six powerful actions that enable comprehensive endpoint management automation:
- Install Software: Installs a selected software package on the target endpoint, enabling automated software deployment and fulfillment.
- Uninstall Software: Removes a selected software package from the endpoint, supporting license reclamation and security compliance.
- Look up Deployment Status: Checks the deployment or configuration status of a task executed on an endpoint to ensure successful completion.
- Look up Device Live Status: Verifies whether a device is online and reachable before executing actions, preventing automation failures.
- Look up Windows Encryption Key: Fetches the BitLocker recovery key for Windows devices, enabling secure device recovery without escalation.
- Look up Mac FileVault Key: Fetches the FileVault recovery key for macOS devices, supporting secure Mac device management and recovery.
Key Benefits
- Reduced Manual Effort: Automates routine endpoint tasks, freeing IT teams to focus on strategic initiatives
- Enhanced Security and Compliance: Ensures secure and compliant execution of sensitive operations with built-in controls
- Faster Resolution: Speeds up request fulfillment and issue resolution with automated workflows
- Zero-Touch Management: Enables true zero-touch endpoint management from onboarding to offboarding
- Improved Reliability: Prevents failures by running actions only when devices are ready and reachable
- Better User Experience: Improves the end-user experience with faster delivery and clear notifications
- Scalability: Scales easily across large environments without increasing operational overhead
Real-World Automation Use Cases
- Use Case 1: Zero-Touch Software Fulfillment from Service Requests
- Use Case 2: Automated License Reclamation and Security Cleanup
- Use Case 3: Smart Check Before Running Any Automation
- Use Case 4: Emergency Device Recovery Without L1 Escalation
- Use Case 5: MacBook Replacement and Offboarding Automation
Use Case 1: Zero-Touch Software Fulfillment from Service Requests
Scenario
An employee raises a service request: "Need VS Code and Docker Desktop for a new project." Traditionally, this would require a technician to deploy the software manually, creating delays and consuming valuable IT resources.
Automated Workflow
Trigger: The service request is approved (or auto-approved based on user role)
Actions:
- System checks whether the employee's device is online using Look up Device Live Status
- If the device is online, the required software is installed automatically
Post-Actions:
- Installation is validated using Look up Deployment Status
- Service request is updated to Completed
- Employee is notified once the software is ready
Outcome: Software is delivered automatically without any technician involvement, reducing turnaround time and manual effort while improving employee satisfaction.
Use Case 2: Automated License Reclamation and Security Cleanup
Scenario
Finance or IT identifies unused paid software licenses such as AutoCAD, Adobe, or development tools, often due to project changes or inactivity. These unused licenses represent wasted costs and potential compliance risks.
Automated Workflow
Trigger:
- A user exits a project, or
- A license audit detects prolonged inactivity
Action: The unused software is automatically removed from the device using Uninstall Software
Post-Actions:
- Asset or CMDB records are updated
- The license is reclaimed and made available for reuse
- Relevant stakeholders are notified
Outcome: Organizations reduce software costs, maintain accurate asset records, and stay compliant with licensing policies through automated license lifecycle management.
Use Case 3: Smart Check Before Running Any Automation
Scenario
Many automations fail simply because the target device is turned off, asleep, or not connected to the network. These failures waste resources and create unnecessary support tickets.
Automated Workflow
Pre-Check: Before any endpoint action runs, the system checks if the device is online using Look up Device Live Status
Decision Logic:
- If the device is online → the automation proceeds
- If the device is offline → the action is postponed and retried later, and the user is notified if needed
Outcome: Automations run more reliably, with fewer failures and retries, improving overall success rates and reducing support overhead.
Use Case 4: Emergency Device Recovery Without L1 Escalation
Scenario
A Windows user is locked out of their device after a BIOS update or TPM reset and cannot access the system. This typically requires escalation to senior support teams and creates significant downtime.
Automated Workflow
Trigger: The user raises a "Device Locked" support ticket
Action: The system retrieves the BitLocker recovery key using Look up Windows Encryption Key
Post-Actions:
- The key is automatically attached to the ticket
- It is shown only to authorized support agents
- Access to the key expires automatically after use
Outcome: Devices are recovered faster without unnecessary escalation, while maintaining strong security controls and audit trails.
Use Case 5: MacBook Replacement and Offboarding Automation
Scenario
An employee resigns and returns their MacBook, requiring secure data handling and device preparation for reuse. Manual offboarding processes are time-consuming and prone to inconsistency.
Automated Workflow
Trigger: Offboarding is initiated through HR system
Actions:
- The FileVault recovery key is retrieved for secure access
- User data is backed up as required by policy
- The device is securely wiped to remove all company data
Post-Actions:
- The asset is marked as available for reuse
- The MacBook is prepared for reassignment to a new employee
Outcome: Offboarding becomes secure, consistent, and repeatable, ensuring data protection, compliance, and faster device turnaround for new hires.
Related Documents
