NELM is a ServiceNow-native application designed to manage the complete non-employee lifecycle for contractors, vendors, consultants, and other external users. It governs onboarding, access requests, approvals, contract extensions, lifecycle changes, and offboarding through structured workflows.
Integrated with IdentityBridge, NELM automates provisioning and deprovisioning across connected systems while maintaining a complete audit trail for every request, approval, access change, and lifecycle action.
Pricing Note:
Pricing is based on active non-employee identities managed through NELM. Enterprise pricing is available for high-volume deployments, custom workflow requirements, and advanced integration needs. Free trials may require approval to support proper onboarding and configuration.
The Non-Employee Lifecycle Manager (NELM) is a ServiceNow-native application that brings structure, governance, and visibility to the complete non-employee lifecycle.
- End-to-end non-employee lifecycle management, from initial onboarding through offboarding, within a single governed platform
- Individual and bulk access request handling through structured, validated workflows with full approval and audit coverage
- Configurable approval workflows supporting manager, group, and multi-level approval chains with automatic request routing
- Automated provisioning and deprovisioning through integration with IdentityBridge systems via secure API
- Scheduled synchronization of user identities, organizations, and entitlements between ServiceNow and connected systems
- Consistent access policy enforcement across all non-employee requests, with every action recorded in a time-stamped audit trail
- Real-time visibility into request status across every stage of the lifecycle for all stakeholders
Initial Release
Platform: ServiceNow ( Xanadu, Yokohama, Zurich versions recommended) with System Administrator access for initial setup.
Required Plugins: Service Portal – Core, Approval Engine, Flow Designer – Designer, and Service Catalog Scoped API must all be active; MID Server is required if outbound HTTP is not directly permitted from the instance.
Other Requirements:
Network & Credentials: Outbound HTTPS connectivity to IdentityBridge endpoints is required, along with valid IdentityBridge credentials (Base URL, Token Endpoint, Client ID, and Client Secret) before API configuration can be completed.
System Table Access: The application scope must have cross-table read/write access to sys_user, sc_req_item, sysapproval_approver, sys_dictionary, ecc_agent, sc_task, sys_hub_flow, sys_choice, sc_request, and sys_properties.
System Property: The global property glide.http.outbound.max_timeout.enabled must be set to false to prevent outbound request timeouts during IdentityBridge integration.
Integration User: If a MID Server is used, a dedicated non-interactive integration user with the mid_server role must be created and associated with the MID Server record.