To connect, set the URL and provide authentication. The URL is your Zendesk Support URL: https://{subdomain}.zendesk.com.
Zendesk uses Basic authentication or the OAuth 2 authentication standard.
Use Basic to connect to your own data. Use OAuth to allow other users to connect to their data.
To use Basic authentication, specify your email address and password or your email address and an API token. Set User to your email address and follow the steps below to provide the Password or ApiToken.
Enable password access in the Zendesk Support admin interface at Admin > Channels > API.
Manage API tokens in the Zendesk Support Admin interface at Admin > Channels > API. More than one token can be active at the same time. Deleting a token deactivates it permanently.
OAuth requires the authenticating user to interact with Zendesk using the browser. The provider facilitates this in various ways as described below.
Follow the procedure below to register a third-party application and obtain the OAuth client credentials, the OAuthClientId and OAuthClientSecret. Note that this procedure requires admin access to your Zendesk account.
In the Zendesk Support Admin interface, go to Admin > Channels > API.
Click the OAuth Clients tab on the Channels/API page and then click the plus icon (+) on the right side of the client list.
Complete the required fields to create a client.
If you are making a desktop application, set the Redirect URI to http://localhost:33333 or a different port number of your choice.
If you are making a Web application, set the Redirect URI to a page on your Web app you would like the user to be returned to after they have authorized your application.
Click Save. After the page refreshes, a new prepopulated Secret field appears on the lower side.
Use the unique identifier as the OAuthClientId and the secret value as the OAuthClientSecret.
After setting the following connection properties, you are ready to connect:
OAuthClientId: Set this to the client Id that you specified in your app settings.
OAuthClientSecret: Set this to the client secret that you specified in your app settings.
CallbackURL: Set this to the Redirect URI you specified in your app settings.
InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to manage the process to obtain the OAuthAccessToken.
When you connect, the provider opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process.
Extracts the access token from the callback URL and authenticates requests.
Obtains a new access token when the old one expires.
Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
To connect set the URL to your Jira endpoint; for example, https://yoursitename.atlassian.net.
By default the provider surfaces only system fields. To access the custom fields for Issues, set IncludeCustomFields to true. Or, you can extend the provider schemas to configure access to custom fields; Please note that the server response time can be significantly slower when custom fields are included.
Set the IncludeCustomFields property to True to expose access to all custom fields.
You can leverage Jira's "three-legged" OAuth 2.0 support (3LO) to connect to data without providing your login credentials.
AuthScheme must be set to OAuth in all OAuth flows.
To obtain the OAuth client credentials, consumer key, and consumer secret:
Log in to your JIRA Cloud site.
Navigate to application management at https://developer.atlassian.com/apps/ (not your OAuth credentials at yoursitename.atlassian.net/secure/admin/oauth-credentials, which is for self-hosted tools.)
Select Create new app, then name the application. This creates the application.
If missing, add OAuth 2.0 functionality to your application by navigating to APIS AND FEATURES > + Add > Add OAuth 2.0 (3LO).
From APIS AND FEATURES > + Add, add the Jira platform REST API to your application .
From APIS AND FEATURES > + Jira platform REST API, add the desired scopes to your application .
You'll additionally need to set up your Callback URL. Navigate to APIS AND FEATURES > OAuth 2.0 (3LO). Enter a URL that is accessible to your application and save the changes.
After setting the following connection properties, you are ready to connect:
OAuthClientId: Set to the consumer key in your application details.
OAuthClientSecret: Set to the consumer secret in your application details.
CallbackURL: Set to the callback URL found in your application details under APIS AND FEATURES > OAuth 2.0 (3LO).
InitiateOAuth: Set to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.
OAuthVersion: Set to 2.0.
Url: The URL to your JIRA endpoint; for example, https://yoursitename.atlassian.net.
When you connect, the provider opens Jira's OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:
The provider obtains an access token from Jira and uses it to request data.
Extracts the access token from the callback URL and authenticates requests.
Saves OAuth values in the path specified in OAuthSettingsLocation. These values persist across connections.
The provider refreshes the access token automatically when it expires.
To connect to Jira you have to follow the steps below:
Generate an RSA public/private key pair. In your terminal, run the following commands:
Create application links in your account. Go to Settings > Applications > Application links.
Enter a test URL for the url field, click Create new link.
Ignore the error and click continue. You need only configure incoming calls (from the application to Jira).
In the Link applications window, filling in the fields is optional, since they are not relevant to this task. But make sure to select Create incoming link. Click Continue. to go to the next page.
Fill in the required fields:
Consumer Key: Use any string you want. This is required for the OAuthClientId connection property.
Consumer Name: Use any string you want.
Public key: Enter the key from the jira_publickey.pem file you generated earlier.
Click Continue.
To connect set the following properties:
URL (for example: https://yoursitename.atlassian.net).
OAuthClientId to the Consumer Key of your application.
OAuthClientSecret to any value (such as 'testClientSecret').
CertificateStore to the location of your private key file.
CertificateStoreType to the appropriate option based on the private key file being used. If using the generated PEM key file, set CertificateStoreType to PEMKEY_FILE.
InitiateOAuth to GETANDREFRESH.
You can establish a connection to any Jira Cloud account by setting the AuthScheme to APIToken and providing the User and APIToken. An API token is necessary for basic authentication to Cloud instances. To generate one, log in to your Atlassian account and navigate to Security > Create and manage API tokens > Create API token. The generated token will be displayed.
You can establish a connection to any Jira Server instance by setting the AuthScheme to Basic. To connect to a Server Instance provide the User and Password. (Note: Password has been deprecated for connecting to a Cloud Account and is now used only to connect to a Server Instance.)
You can establish a connection to any Jira Server instance by setting the AuthScheme to LDAP. Additionally provide the URL, User and Password of the Jira instance. (Note: LDAP Authentication is not currently supported for Cloud accounts.)
Set the AuthScheme to Crowd. The following connection properties are used to connect to Crowd:
User: The CROWD user account.
Password: The password associated with the Crowd account.
SSOLoginURL: The login URL associated with the Crowd account. You can find the IDP URL by navigating to your application -> SSO -> SSO information -> Identity provider single sign-on URL.
SSOAppName: The name of the application in which SSO is enabled.
SSOAppPassword: The password of the application in which SSO is enabled.
SSOExchangeUrl: The URL used used to exchange the SAML token for Jira cookies. This URL may have the following formats:
https://<authority of Jira instance>/plugins/servlet/samlconsumer
https://<authority of Jira instance>/plugins/servlet/samlsso
The following is an example connection string:
Set the AuthScheme to Okta. The following connection properties are used to authenticate through Okta:
User: Set to your Okta user.
Password: Set to your Okta password.
SSOLoginURL: Set to the login URL used by the SSO provider.
SSOExchangeUrl: The URL used used to exchange the SAML token for Jira cookies. This URL may have the following formats:
https://<authority of Jira instance>/plugins/servlet/samlconsumer
https://<authority of Jira instance>/plugins/servlet/samlsso
If you are:
using a trusted application or proxy that overrides the Okta client request
configuring MFA
then you need to use combinations of SSOProperties input parameters to authenticate using Okta. Otherwise, you do not need to set any of these values.
In SSOProperties when required, set these input parameters:
APIToken: When authenticating a user via a trusted application or proxy that overrides the Okta client request context, set this to the API Token the customer created from the Okta organization.
MFAType: Set this if you have configured the MFA flow. Currently we support the following types: OktaVerify, Email, and SMS.
MFAPassCode: Set this only if you have configured the MFA flow. If you set this to empty or an invalid value, the provider issues a one-time password challenge to your device or email. After the passcode is received, reopen the connection where the retrieved one-time password value is set to the MFAPassCode connection property.
MFARememberDevice: Okta supports remembering devices when MFA is required. If remembering devices is allowed according to the configured authentication policies, the provider sends a device token to extend MFA authentication lifetime. This property is, by default, set to True. Set this to False only if you do not want MFA to be remembered.
Example connection string:
-openssl genrsa -out jira_privatekey.pem 1024-openssl req -newkey rsa:1024 -x509 -key jira_privatekey.pem -out jira_publickey.cer -days 365-openssl pkcs8 -topk8 -nocrypt -in jira_privatekey.pem -out jira_privatekey.pcks8-openssl x509 -pubkey -noout -in jira_publickey.cer -out jira_publickey.pem
AuthScheme=Crowd;Url=https://yoursitename.atlassian.net;SSOLoginURL='https://<authority>/crowd/console/secure/saml/sso.action';User=crowdUserName;Password=crowdPassword;SSOExchangeUrl=https://<authority of Jira instance>/plugins/servlet/samlconsumer;SSOAppName=CrowdAppName;SSOAppPassword=CrowdAppPassword;
AuthScheme=Okta;Url=https://yoursitename.atlassian.net;SSOLoginURL='https://example.okta.com/home/appType/0bg4ivz6cJRZgCz5d6/46';User=oktaUserName;Password=oktaPassword;SSOExchangeUrl=https://<authority of Jira instance>/plugins/servlet/samlconsumer;
Before you can connect to data, you will need to ensure the authenticating user has the following permissions assigned at minimum, required for listing metadata. Before you can do this, the administrator of the account must elevate their role by navigating to User menu -> Elevate Roles -> check the security_admin box -> OK. For the tables listed below, the user must have both row-level permission, such as sys_db_object, as well as field-level permission, such as sys_db_object.*. For additional tables which the user wishes to access, they must have at least row-level permission.
The connection property Url is a required property on all connections.
Access to sys_db_object is required to connect to data. You can enable access to this as follows:
Navigate to the System Security -> Access Controls (ACL). Select New to create an access control object.
For Type, select record.
For Operation, select read.
For Name, select Table [sys_db_object] in the first drop-down and --None-- in the second drop-down.
In the Requires role section, double-click the text box that says Insert a new row.... Search for and select your desired role.
Click Submit to create the ACL object.
Assign the role which has the created ACL to the authenticating user. To do this, navigate to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add your role from collection.
Access to the sys_glide_object is required for certain ServiceNow table metadata. You can enable access to this by repeating the above procedure, but instead selecting Field class [sys_glide_object] for the ACL's name.
Access to sys_dictionary is required to retrieve schema information from ServiceNow. You can enable access to this by navigating to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add "personalize_dictionary" role from collection.
In order to authenticate using Basic Authentication you will need to provide your ServiceNow User and Password.
After setting the following connection properties, you are ready to connect:
AuthScheme: Set this to BASIC.
User: Set this to your username.
Password: Set this to your password.
Url: Set this to the base URL of your ServiceNow instance site. For example: https://MyInstance12345.service-now.com/.
InitiateOAuth: Set this to OFF to avoid entering the OAuth Authorization process.
ServiceNow uses the OAuth 2.0 authentication standard. To authenticate using OAuth, you will need to register an OAuth app with ServiceNow to obtain the OAuthClientId and OAuthClientSecret. In addition to the OAuth values, you will need to specify the Url, User, and Password.
For more information about connecting via OAuth authentication, refer to our Using OAuth Authentication guide.
Set the AuthScheme to ADFS. The following connection properties need to be set:
User: Set this to the ADFS user.
Password: Set this to ADFS password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to ADFS:
RelyingParty: This attribute is the value of the Relying Party Identifier on the ADFS server for ServiceNow.
Below is an example connection string:
The ADFS Integrated flow indicates you are connecting with the currently logged in Windows user credentials. To use the ADFS Integrated flow, simply do not specify the User and Password, but otherwise follow the same steps in the ADFS guide above.
Set the AuthScheme to Okta. The following connection properties are used to connect to Okta:
User: Set this to the Okta user.
Password: Set this to Okta password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to Okta:
APIToken (optional): Set this to the API Token that the customer created from the Okta org. It should be used when authenticating a user via a trusted application or proxy that overrides OKTA client request context.
MFAType (optional): Set this only in case you have configured MFA flow. Currently we support only the follwoing types: OktaVerify,Email and SMS.
MFAPassCode (optional): Set this only in case you have configured MFA flow. If this is set to empty/invalid the driver will initially issue a MFA challenge which will trigger the platform to send you an one-time password on your device or email, based on the configured MFA type. You need to re-issue another connection where the retrieved one-time password value is passed to MFAPassCode connection property.
The following is an example connection string:
Set the AuthScheme to OneLogin. The following connection properties are used to connect to OneLogin:
User: Set this to the OneLogin user.
Password: Set this to OneLogin password for the user.
The following SSOProperties are needed to authenticate to OneLogin:
OAuthClientId: Set to the OAuthClientId, which can be obtained by selecting Developers > API Credentials > Credential > ClientId.
OAuthClientSecret: Set to the OAuthClientSecret, which can be obtained by selecting Developers > API Credentials > Credential > ClientSecret.
Subdomain: Set to the subdomain of the OneLogin user accessing the SSO app. For example, if your OneLogin URL is splinkly.onelogin.com, enter splinkly as the subdomain value.
AppId: Set to the ID of the SSO app.
Region (optional): Set to the region your OneLogin account resides in. The OneLogin API operates in multiple regions and this property is used to find the correct domain. It can take one of the following values:
US (default)
EU
The following is an example connection string: The following connection string uses an API key to connect to OneLogin:
Set the AuthScheme to PingFederate. The following connection properties need to be set:
User: Set this to the PingFederate user.
Password: Set this to PingFederate password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to PingFederate:
AuthScheme (optional): The authorization scheme to be used for the IdP endpoint. The allowed values for this IdP are None or Basic.
Additionally, you can use the following SSOProperties to configure mutual SSL authentication for SSOLoginURL, the WS-Trust STS endpoint:
SSLClientCert
SSLClientCertType
SSLClientCertSubject
SSLClientCertPassword
Below is an example connection string:
The following are the connection properties for ServiceNow. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.
The provider gets the metadata model in ServiceNow into a list of tables that can be queried using standard InitializeSource or Lookup activities.
AuthScheme=ADFS;User=username;Password=password;SSOLoginURL='https://sts.company.com';SSOProperties='RelyingParty=https://saml.service-now.com';Url=https://MyInstance12345.service-now.com/;
AuthScheme=Okta;SSOLoginURL='https://example.okta.com/home/appType/0bg4ivz6cJRZgCz5d6/46';User=oktaUserName;Password=oktaPassword;Url=https://MyInstance12345.service-now.com/;
AuthScheme=OneLogin;User=OneLoginUserName;Password=OneLoginPassword;SSOProperties='OAuthClientID=3fc8394584f153ce3b7924d9cd4f686443a52b;OAuthClientSecret=ca9257fd5cc3277abb5818cea28c06fe9b3b285d73d06;Subdomain=OneLoginSubDomain;AppId=1433920';Url=https://MyInstance12345.service-now.com/;
AuthScheme=PingFederate;URL='https://dev103586.service-now.com';SSOLoginUrl='https://mycustomserver.com:9033/idp/sts.wst';User=admin;Password=PassValue123;
Property
Description
Authentication
AuthScheme
The authorization scheme to be used when server authorization is to be performed.
Instance
The ServiceNow instance to retrieve tables from.
Password
The password used to authenticate the user.
User
The user account used to authenticate to ServiceNow.
Firewall
FirewallPassword
A password used to authenticate to a proxy-based firewall.
FirewallPort
The TCP port for a proxy-based firewall.
FirewallServer
The name or IP address of a proxy-based firewall.
FirewallType
The protocol used by a proxy-based firewall.
FirewallUser
The user name to use to authenticate with a proxy-based firewall.
Logging
Logfile
A path to the log file.
MaxLogFileCount
A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted.
MaxLogFileSize
A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end.
Verbosity
The verbosity level that determines the amount of detail included in the log file.
Misc
ConnectionLifeTime
The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed.
ConnectionString
***
DisplayValue
Based on this value, the provider retrieves the display value or the actual value from the database.
ExcludeReferenceLink
Based on this value, the additional information provided for reference fields will be suppressed or not.
MaxRows
Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.
Other
These hidden properties are used only in specific use cases.
PoolIdleTimeout
The allowed idle time for a connection before it is closed.
PoolMaxSize
The maximum connections in the pool.
PoolMinSize
The minimum number of connections in the pool.
PoolWaitTime
The max seconds to wait for an available connection.
PseudoColumns
This property indicates whether or not to include pseudo columns as columns to the table.
Readonly
You can use this property to enforce read-only access to ServiceNow from the provider.
SSLServerCert
The certificate to be accepted from the server when connecting using TLS/SSL.
SupportEnhancedSQL
This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing.
Timeout
The value in seconds until the timeout error is thrown, canceling the operation.
UseConnectionPooling
This property enables connection pooling.
OAuth
InitiateOAuth
Set this property to initiate the process to obtain or refresh the OAuth access token when you connect.
OAuthAccessToken
The access token for connecting using OAuth.
OAuthClientId
The client ID assigned when you register your application with an OAuth authorization server.
OAuthClientSecret
The client secret assigned when you register your application with an OAuth authorization server.
OAuthGrantType
The grant type for the OAuth flow.
OAuthRefreshToken
The OAuth refresh token for the corresponding OAuth access token.
OAuthSettingsLocation
The location of the settings file where OAuth values are saved when InitiateOAuth is set to GETANDREFRESH or REFRESH. Alternatively, this can be held in memory by specifying a value starting with memory://.
OAuthVerifier
The verifier code returned from the OAuth authorization URL.
Pagination
PageSize
The page size for the pagination.
Proxy
ProxyAuthScheme
The authentication type to use to authenticate to the ProxyServer proxy.
ProxyAutoDetect
This indicates whether to use the system proxy settings or not. This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings.
ProxyExceptions
A semicolon separated list of hosts or IPs that are exempt from connecting through the ProxyServer .
ProxyPassword
A password to be used to authenticate to the ProxyServer proxy.
ProxyPort
The TCP port the ProxyServer proxy is running on.
ProxyServer
The hostname or IP address of a proxy to route HTTP traffic through.
ProxySSLType
The SSL type to use when connecting to the ProxyServer proxy.
ProxyUser
A user name to be used to authenticate to the ProxyServer proxy.
Table Names:
ast_contract
ast_license_base
change_request
cmdb_ci
cmdb_metric
cmn_building
cmn_context_help
cmn_cost_center
cmn_department
cmn_location
cmn_map_page
cmn_notif_device
cmn_notif_device_variable
cmn_notif_grmember
cmn_notif_group
cmn_notif_message
cmn_notif_service_provider
cmn_other_schedule
cmn_relative_duration
cmn_schedule
cmn_schedule_blackout
cmn_schedule_condition
cmn_schedule_maintenance
cmn_schedule_page
cmn_schedule_span
cmn_timeline_page
cmn_timeline_page_style
cmn_timeline_sub_item
diagrammer_action
expert_panel
item_option_new
question
sc_category
sc_cat_item
sla
sysauto
sysauto_script
syslog
sysrule
system_db_object
system_dictionary
system_documentation
system_import_set_row
system_script_client
system_ui_policy
system_ui_policy_action
task
v_field_creator