ServiceNow

1 Connecting to ServiceNow

Before you can connect to data, you will need to ensure the authenticating user has the following permissions assigned at minimum, required for listing metadata. Before you can do this, the administrator of the account must elevate their role by navigating to User menu -> Elevate Roles -> check the security_admin box -> OK. For the tables listed below, the user must have both row-level permission, such as sys_db_object, as well as field-level permission, such as sys_db_object.*. For additional tables which the user wishes to access, they must have at least row-level permission.

The connection property Url is a required property on all connections.

1.1 READ sys_db_object

Access to sys_db_object is required to connect to data. You can enable access to this as follows:

  1. Navigate to the System Security -> Access Controls (ACL). Select New to create an access control object.

  2. For Type, select record.

  3. For Operation, select read.

  4. For Name, select Table [sys_db_object] in the first drop-down and --None-- in the second drop-down.

  5. In the Requires role section, double-click the text box that says Insert a new row.... Search for and select your desired role.

  6. Click Submit to create the ACL object.

  7. Assign the role which has the created ACL to the authenticating user. To do this, navigate to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add your role from collection.

1.2 READ sys_glide_object

Access to the sys_glide_object is required for certain ServiceNow table metadata. You can enable access to this by repeating the above procedure, but instead selecting Field class [sys_glide_object] for the ACL's name.

1.3 READ sys_dictionary

Access to sys_dictionary is required to retrieve schema information from ServiceNow. You can enable access to this by navigating to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add "personalize_dictionary" role from collection.

2 Authenticating to ServiceNow

2.1 Authenticate using Basic Authentication

In order to authenticate using Basic Authentication you will need to provide your ServiceNow User and Password.

After setting the following connection properties, you are ready to connect:

  1. AuthScheme: Set this to BASIC.

  2. User: Set this to your username.

  3. Password: Set this to your password.

  4. Url: Set this to the base URL of your ServiceNow instance site. For example: https://MyInstance12345.service-now.com/.

  5. InitiateOAuth: Set this to OFF to avoid entering the OAuth Authorization process.

2.2 Using OAuth

ServiceNow uses the OAuth 2.0 authentication standard. To authenticate using OAuth, you will need to register an OAuth app with ServiceNow to obtain the OAuthClientId and OAuthClientSecret. In addition to the OAuth values, you will need to specify the Url, User, and Password.

For more information about connecting via OAuth authentication, refer to our Using OAuth Authentication guide.

2.3 Authenticating with ADFS

Set the AuthScheme to ADFS. The following connection properties need to be set:

  • User: Set this to the ADFS user.

  • Password: Set this to ADFS password for the user.

  • SSOLoginURL: Set this to the login url used by the SSO provider.

The following SSOProperties are needed to authenticate to ADFS:

  • RelyingParty: This attribute is the value of the Relying Party Identifier on the ADFS server for ServiceNow.

Below is an example connection string:

AuthScheme=ADFS;User=username;Password=password;SSOLoginURL='https://sts.company.com';SSOProperties='RelyingParty=https://saml.service-now.com';Url=https://MyInstance12345.service-now.com/;

2.4 ADFS Integrated

The ADFS Integrated flow indicates you are connecting with the currently logged in Windows user credentials. To use the ADFS Integrated flow, simply do not specify the User and Password, but otherwise follow the same steps in the ADFS guide above.

2.5 Authenticating with Okta

Set the AuthScheme to Okta. The following connection properties are used to connect to Okta:

  • User: Set this to the Okta user.

  • Password: Set this to Okta password for the user.

  • SSOLoginURL: Set this to the login url used by the SSO provider.

The following SSOProperties are needed to authenticate to Okta:

  • APIToken (optional): Set this to the API Token that the customer created from the Okta org. It should be used when authenticating a user via a trusted application or proxy that overrides OKTA client request context.

  • MFAType (optional): Set this only in case you have configured MFA flow. Currently we support only the follwoing types: OktaVerify,Email and SMS.

  • MFAPassCode (optional): Set this only in case you have configured MFA flow. If this is set to empty/invalid the driver will initially issue a MFA challenge which will trigger the platform to send you an one-time password on your device or email, based on the configured MFA type. You need to re-issue another connection where the retrieved one-time password value is passed to MFAPassCode connection property.

The following is an example connection string:

AuthScheme=Okta;SSOLoginURL='https://example.okta.com/home/appType/0bg4ivz6cJRZgCz5d6/46';User=oktaUserName;Password=oktaPassword;Url=https://MyInstance12345.service-now.com/;

2.6 Authenticating with OneLogin

Set the AuthScheme to OneLogin. The following connection properties are used to connect to OneLogin:

  • User: Set this to the OneLogin user.

  • Password: Set this to OneLogin password for the user.

The following SSOProperties are needed to authenticate to OneLogin:

  • OAuthClientId: Set to the OAuthClientId, which can be obtained by selecting Developers > API Credentials > Credential > ClientId.

  • OAuthClientSecret: Set to the OAuthClientSecret, which can be obtained by selecting Developers > API Credentials > Credential > ClientSecret.

  • Subdomain: Set to the subdomain of the OneLogin user accessing the SSO app. For example, if your OneLogin URL is splinkly.onelogin.com, enter splinkly as the subdomain value.

  • AppId: Set to the ID of the SSO app.

  • Region (optional): Set to the region your OneLogin account resides in. The OneLogin API operates in multiple regions and this property is used to find the correct domain. It can take one of the following values:

    • US (default)

    • EU

The following is an example connection string: The following connection string uses an API key to connect to OneLogin:

AuthScheme=OneLogin;User=OneLoginUserName;Password=OneLoginPassword;SSOProperties='OAuthClientID=3fc8394584f153ce3b7924d9cd4f686443a52b;OAuthClientSecret=ca9257fd5cc3277abb5818cea28c06fe9b3b285d73d06;Subdomain=OneLoginSubDomain;AppId=1433920';Url=https://MyInstance12345.service-now.com/;

2.7 Authenticating with PingFederate

Set the AuthScheme to PingFederate. The following connection properties need to be set:

  • User: Set this to the PingFederate user.

  • Password: Set this to PingFederate password for the user.

  • SSOLoginURL: Set this to the login url used by the SSO provider.

The following SSOProperties are needed to authenticate to PingFederate:

  • AuthScheme (optional): The authorization scheme to be used for the IdP endpoint. The allowed values for this IdP are None or Basic.

Additionally, you can use the following SSOProperties to configure mutual SSL authentication for SSOLoginURL, the WS-Trust STS endpoint:

  • SSLClientCert

  • SSLClientCertType

  • SSLClientCertSubject

  • SSLClientCertPassword

Below is an example connection string:

AuthScheme=PingFederate;URL='https://dev103586.service-now.com';SSOLoginUrl='https://mycustomserver.com:9033/idp/sts.wst';User=admin;Password=PassValue123;

The following are the connection properties for ServiceNow. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.

Property

Description

Authentication

AuthScheme

The authorization scheme to be used when server authorization is to be performed.

Instance

The ServiceNow instance to retrieve tables from.

Password

The password used to authenticate the user.

User

The user account used to authenticate to ServiceNow.

Firewall

FirewallPassword

A password used to authenticate to a proxy-based firewall.

FirewallPort

The TCP port for a proxy-based firewall.

FirewallServer

The name or IP address of a proxy-based firewall.

FirewallType

The protocol used by a proxy-based firewall.

FirewallUser

The user name to use to authenticate with a proxy-based firewall.

Logging

Logfile

A path to the log file.

MaxLogFileCount

A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted.

MaxLogFileSize

A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end.

Verbosity

The verbosity level that determines the amount of detail included in the log file.

Misc

ConnectionLifeTime

The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed.

ConnectionString

***

DisplayValue

Based on this value, the provider retrieves the display value or the actual value from the database.

ExcludeReferenceLink

Based on this value, the additional information provided for reference fields will be suppressed or not.

MaxRows

Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.

Other

These hidden properties are used only in specific use cases.

PoolIdleTimeout

The allowed idle time for a connection before it is closed.

PoolMaxSize

The maximum connections in the pool.

PoolMinSize

The minimum number of connections in the pool.

PoolWaitTime

The max seconds to wait for an available connection.

PseudoColumns

This property indicates whether or not to include pseudo columns as columns to the table.

Readonly

You can use this property to enforce read-only access to ServiceNow from the provider.

SSLServerCert

The certificate to be accepted from the server when connecting using TLS/SSL.

SupportEnhancedSQL

This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing.

Timeout

The value in seconds until the timeout error is thrown, canceling the operation.

UseConnectionPooling

This property enables connection pooling.

OAuth

InitiateOAuth

Set this property to initiate the process to obtain or refresh the OAuth access token when you connect.

OAuthAccessToken

The access token for connecting using OAuth.

OAuthClientId

The client ID assigned when you register your application with an OAuth authorization server.

OAuthClientSecret

The client secret assigned when you register your application with an OAuth authorization server.

OAuthGrantType

The grant type for the OAuth flow.

OAuthRefreshToken

The OAuth refresh token for the corresponding OAuth access token.

OAuthSettingsLocation

The location of the settings file where OAuth values are saved when InitiateOAuth is set to GETANDREFRESH or REFRESH. Alternatively, this can be held in memory by specifying a value starting with memory://.

OAuthVerifier

The verifier code returned from the OAuth authorization URL.

Pagination

PageSize

The page size for the pagination.

Proxy

ProxyAuthScheme

The authentication type to use to authenticate to the ProxyServer proxy.

ProxyAutoDetect

This indicates whether to use the system proxy settings or not. This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings.

ProxyExceptions

A semicolon separated list of hosts or IPs that are exempt from connecting through the ProxyServer .

ProxyPassword

A password to be used to authenticate to the ProxyServer proxy.

ProxyPort

The TCP port the ProxyServer proxy is running on.

ProxyServer

The hostname or IP address of a proxy to route HTTP traffic through.

ProxySSLType

The SSL type to use when connecting to the ProxyServer proxy.

ProxyUser

A user name to be used to authenticate to the ProxyServer proxy.

3 Tables

The provider gets the metadata model in ServiceNow into a list of tables that can be queried using standard InitializeSource or Lookup activities.

Table Names:

ast_contract

ast_license_base

change_request

cmdb_ci

cmdb_metric

cmn_building

cmn_context_help

cmn_cost_center

cmn_department

cmn_location

cmn_map_page

cmn_notif_device

cmn_notif_device_variable

cmn_notif_grmember

cmn_notif_group

cmn_notif_message

cmn_notif_service_provider

cmn_other_schedule

cmn_relative_duration

cmn_schedule

cmn_schedule_blackout

cmn_schedule_condition

cmn_schedule_maintenance

cmn_schedule_page

cmn_schedule_span

cmn_timeline_page

cmn_timeline_page_style

cmn_timeline_sub_item

diagrammer_action

expert_panel

item_option_new

question

sc_category

sc_cat_item

sla

sysauto

sysauto_script

syslog

sysrule

system_db_object

system_dictionary

system_documentation

system_import_set_row

system_script_client

system_ui_policy

system_ui_policy_action

task

v_field_creator

PreviousCustomer Service & SupportNextZendesk

Last updated