ServiceNow
1 Connecting to ServiceNow
Before you can connect to data, you will need to ensure the authenticating user has the following permissions assigned at minimum, required for listing metadata. Before you can do this, the administrator of the account must elevate their role by navigating to User menu -> Elevate Roles -> check the security_admin box -> OK. For the tables listed below, the user must have both row-level permission, such as sys_db_object, as well as field-level permission, such as sys_db_object.*. For additional tables which the user wishes to access, they must have at least row-level permission.
The connection property Url is a required property on all connections.
1.1 READ sys_db_object
Access to sys_db_object is required to connect to data. You can enable access to this as follows:
Navigate to the System Security -> Access Controls (ACL). Select New to create an access control object.
For Type, select record.
For Operation, select read.
For Name, select Table [sys_db_object] in the first drop-down and --None-- in the second drop-down.
In the Requires role section, double-click the text box that says Insert a new row.... Search for and select your desired role.
Click Submit to create the ACL object.
Assign the role which has the created ACL to the authenticating user. To do this, navigate to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add your role from collection.
1.2 READ sys_glide_object
Access to the sys_glide_object is required for certain ServiceNow table metadata. You can enable access to this by repeating the above procedure, but instead selecting Field class [sys_glide_object] for the ACL's name.
1.3 READ sys_dictionary
Access to sys_dictionary is required to retrieve schema information from ServiceNow. You can enable access to this by navigating to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add "personalize_dictionary" role from collection.
2 Authenticating to ServiceNow
2.1 Authenticate using Basic Authentication
In order to authenticate using Basic Authentication you will need to provide your ServiceNow User and Password.
After setting the following connection properties, you are ready to connect:
AuthScheme: Set this to BASIC.
User: Set this to your username.
Password: Set this to your password.
Url: Set this to the base URL of your ServiceNow instance site. For example: https://MyInstance12345.service-now.com/.
InitiateOAuth: Set this to OFF to avoid entering the OAuth Authorization process.
2.2 Using OAuth
ServiceNow uses the OAuth 2.0 authentication standard. To authenticate using OAuth, you will need to register an OAuth app with ServiceNow to obtain the OAuthClientId and OAuthClientSecret. In addition to the OAuth values, you will need to specify the Url, User, and Password.
2.3 Authenticating with ADFS
Set the AuthScheme to ADFS. The following connection properties need to be set:
User: Set this to the ADFS user.
Password: Set this to ADFS password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to ADFS:
RelyingParty: This attribute is the value of the Relying Party Identifier on the ADFS server for ServiceNow.
Below is an example connection string:
AuthScheme=ADFS;User=username;Password=password;SSOLoginURL='https://sts.company.com';SSOProperties='RelyingParty=https://saml.service-now.com';Url=https://MyInstance12345.service-now.com/;
2.4 ADFS Integrated
The ADFS Integrated flow indicates you are connecting with the currently logged in Windows user credentials. To use the ADFS Integrated flow, simply do not specify the User and Password, but otherwise follow the same steps in the ADFS guide above.
2.5 Authenticating with Okta
Set the AuthScheme to Okta. The following connection properties are used to connect to Okta:
User: Set this to the Okta user.
Password: Set this to Okta password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to Okta:
APIToken (optional): Set this to the API Token that the customer created from the Okta org. It should be used when authenticating a user via a trusted application or proxy that overrides OKTA client request context.
MFAType (optional): Set this only in case you have configured MFA flow. Currently we support only the follwoing types: OktaVerify,Email and SMS.
MFAPassCode (optional): Set this only in case you have configured MFA flow. If this is set to empty/invalid the driver will initially issue a MFA challenge which will trigger the platform to send you an one-time password on your device or email, based on the configured MFA type. You need to re-issue another connection where the retrieved one-time password value is passed to MFAPassCode connection property.
The following is an example connection string:
AuthScheme=Okta;SSOLoginURL='https://example.okta.com/home/appType/0bg4ivz6cJRZgCz5d6/46';User=oktaUserName;Password=oktaPassword;Url=https://MyInstance12345.service-now.com/;
2.6 Authenticating with OneLogin
Set the AuthScheme to OneLogin. The following connection properties are used to connect to OneLogin:
User: Set this to the OneLogin user.
Password: Set this to OneLogin password for the user.
The following SSOProperties are needed to authenticate to OneLogin:
OAuthClientId: Set to the OAuthClientId, which can be obtained by selecting Developers > API Credentials > Credential > ClientId.
OAuthClientSecret: Set to the OAuthClientSecret, which can be obtained by selecting Developers > API Credentials > Credential > ClientSecret.
Subdomain: Set to the subdomain of the OneLogin user accessing the SSO app. For example, if your OneLogin URL is splinkly.onelogin.com, enter splinkly as the subdomain value.
AppId: Set to the ID of the SSO app.
Region (optional): Set to the region your OneLogin account resides in. The OneLogin API operates in multiple regions and this property is used to find the correct domain. It can take one of the following values:
US (default)
EU
The following is an example connection string: The following connection string uses an API key to connect to OneLogin:
AuthScheme=OneLogin;User=OneLoginUserName;Password=OneLoginPassword;SSOProperties='OAuthClientID=3fc8394584f153ce3b7924d9cd4f686443a52b;OAuthClientSecret=ca9257fd5cc3277abb5818cea28c06fe9b3b285d73d06;Subdomain=OneLoginSubDomain;AppId=1433920';Url=https://MyInstance12345.service-now.com/;
2.7 Authenticating with PingFederate
Set the AuthScheme to PingFederate. The following connection properties need to be set:
User: Set this to the PingFederate user.
Password: Set this to PingFederate password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to PingFederate:
AuthScheme (optional): The authorization scheme to be used for the IdP endpoint. The allowed values for this IdP are None or Basic.
Additionally, you can use the following SSOProperties to configure mutual SSL authentication for SSOLoginURL, the WS-Trust STS endpoint:
SSLClientCert
SSLClientCertType
SSLClientCertSubject
SSLClientCertPassword
Below is an example connection string:
AuthScheme=PingFederate;URL='https://dev103586.service-now.com';SSOLoginUrl='https://mycustomserver.com:9033/idp/sts.wst';User=admin;Password=PassValue123;
The following are the connection properties for ServiceNow. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.
Property
Description
Authentication
AuthScheme
The authorization scheme to be used when server authorization is to be performed.
Instance
The ServiceNow instance to retrieve tables from.
Password
The password used to authenticate the user.
User
The user account used to authenticate to ServiceNow.
Firewall
FirewallPassword
A password used to authenticate to a proxy-based firewall.
FirewallPort
The TCP port for a proxy-based firewall.
FirewallServer
The name or IP address of a proxy-based firewall.
FirewallType
The protocol used by a proxy-based firewall.
FirewallUser
The user name to use to authenticate with a proxy-based firewall.
Logging
Logfile
A path to the log file.
MaxLogFileCount
A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted.
MaxLogFileSize
A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end.
Verbosity
The verbosity level that determines the amount of detail included in the log file.
Misc
ConnectionLifeTime
The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed.
ConnectionString
***
DisplayValue
Based on this value, the provider retrieves the display value or the actual value from the database.
ExcludeReferenceLink
Based on this value, the additional information provided for reference fields will be suppressed or not.
MaxRows
Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.
Other
These hidden properties are used only in specific use cases.
PoolIdleTimeout
The allowed idle time for a connection before it is closed.
PoolMaxSize
The maximum connections in the pool.
PoolMinSize
The minimum number of connections in the pool.
PoolWaitTime
The max seconds to wait for an available connection.
PseudoColumns
This property indicates whether or not to include pseudo columns as columns to the table.
Readonly
You can use this property to enforce read-only access to ServiceNow from the provider.
SSLServerCert
The certificate to be accepted from the server when connecting using TLS/SSL.
SupportEnhancedSQL
This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing.
Timeout
The value in seconds until the timeout error is thrown, canceling the operation.
UseConnectionPooling
This property enables connection pooling.
OAuth
InitiateOAuth
Set this property to initiate the process to obtain or refresh the OAuth access token when you connect.
OAuthAccessToken
The access token for connecting using OAuth.
OAuthClientId
The client ID assigned when you register your application with an OAuth authorization server.
OAuthClientSecret
The client secret assigned when you register your application with an OAuth authorization server.
OAuthGrantType
The grant type for the OAuth flow.
OAuthRefreshToken
The OAuth refresh token for the corresponding OAuth access token.
OAuthSettingsLocation
The location of the settings file where OAuth values are saved when InitiateOAuth is set to GETANDREFRESH or REFRESH. Alternatively, this can be held in memory by specifying a value starting with memory://.
OAuthVerifier
The verifier code returned from the OAuth authorization URL.
Pagination
PageSize
The page size for the pagination.
Proxy
ProxyAuthScheme
The authentication type to use to authenticate to the ProxyServer proxy.
ProxyAutoDetect
This indicates whether to use the system proxy settings or not. This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings.
ProxyExceptions
A semicolon separated list of hosts or IPs that are exempt from connecting through the ProxyServer .
ProxyPassword
A password to be used to authenticate to the ProxyServer proxy.
ProxyPort
The TCP port the ProxyServer proxy is running on.
ProxyServer
The hostname or IP address of a proxy to route HTTP traffic through.
ProxySSLType
The SSL type to use when connecting to the ProxyServer proxy.
ProxyUser
A user name to be used to authenticate to the ProxyServer proxy.
3 Tables
The provider gets the metadata model in ServiceNow into a list of tables that can be queried using standard InitializeSource or Lookup activities.
Table Names:
ast_contract
ast_license_base
change_request
cmdb_ci
cmdb_metric
cmn_building
cmn_context_help
cmn_cost_center
cmn_department
cmn_location
cmn_map_page
cmn_notif_device
cmn_notif_device_variable
cmn_notif_grmember
cmn_notif_group
cmn_notif_message
cmn_notif_service_provider
cmn_other_schedule
cmn_relative_duration
cmn_schedule
cmn_schedule_blackout
cmn_schedule_condition
cmn_schedule_maintenance
cmn_schedule_page
cmn_schedule_span
cmn_timeline_page
cmn_timeline_page_style
cmn_timeline_sub_item
diagrammer_action
expert_panel
item_option_new
question
sc_category
sc_cat_item
sla
sysauto
sysauto_script
syslog
sysrule
system_db_object
system_dictionary
system_documentation
system_import_set_row
system_script_client
system_ui_policy
system_ui_policy_action
task
v_field_creator
Last updated