ServiceNow
1 Connecting to ServiceNow
Before you can connect to data, you will need to ensure the authenticating user has the following permissions assigned at minimum, required for listing metadata. Before you can do this, the administrator of the account must elevate their role by navigating to User menu -> Elevate Roles -> check the security_admin box -> OK. For the tables listed below, the user must have both row-level permission, such as sys_db_object, as well as field-level permission, such as sys_db_object.*. For additional tables which the user wishes to access, they must have at least row-level permission.
The connection property Url is a required property on all connections.
1.1 READ sys_db_object
Access to sys_db_object is required to connect to data. You can enable access to this as follows:
Navigate to the System Security -> Access Controls (ACL). Select New to create an access control object.
For Type, select record.
For Operation, select read.
For Name, select Table [sys_db_object] in the first drop-down and --None-- in the second drop-down.
In the Requires role section, double-click the text box that says Insert a new row.... Search for and select your desired role.
Click Submit to create the ACL object.
Assign the role which has the created ACL to the authenticating user. To do this, navigate to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add your role from collection.
1.2 READ sys_glide_object
Access to the sys_glide_object is required for certain ServiceNow table metadata. You can enable access to this by repeating the above procedure, but instead selecting Field class [sys_glide_object] for the ACL's name.
1.3 READ sys_dictionary
Access to sys_dictionary is required to retrieve schema information from ServiceNow. You can enable access to this by navigating to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add "personalize_dictionary" role from collection.
2 Authenticating to ServiceNow
2.1 Authenticate using Basic Authentication
In order to authenticate using Basic Authentication you will need to provide your ServiceNow User and Password.
After setting the following connection properties, you are ready to connect:
AuthScheme: Set this to BASIC.
User: Set this to your username.
Password: Set this to your password.
Url: Set this to the base URL of your ServiceNow instance site. For example: https://MyInstance12345.service-now.com/.
InitiateOAuth: Set this to OFF to avoid entering the OAuth Authorization process.
2.2 Using OAuth
ServiceNow uses the OAuth 2.0 authentication standard. To authenticate using OAuth, you will need to register an OAuth app with ServiceNow to obtain the OAuthClientId and OAuthClientSecret. In addition to the OAuth values, you will need to specify the Url, User, and Password.
For more information about connecting via OAuth authentication, refer to our Using OAuth Authentication guide.
2.3 Authenticating with ADFS
Set the AuthScheme to ADFS. The following connection properties need to be set:
User: Set this to the ADFS user.
Password: Set this to ADFS password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to ADFS:
RelyingParty: This attribute is the value of the Relying Party Identifier on the ADFS server for ServiceNow.
Below is an example connection string:
|
2.4 ADFS Integrated
The ADFS Integrated flow indicates you are connecting with the currently logged in Windows user credentials. To use the ADFS Integrated flow, simply do not specify the User and Password, but otherwise follow the same steps in the ADFS guide above.
2.5 Authenticating with Okta
Set the AuthScheme to Okta. The following connection properties are used to connect to Okta:
User: Set this to the Okta user.
Password: Set this to Okta password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to Okta:
APIToken (optional): Set this to the API Token that the customer created from the Okta org. It should be used when authenticating a user via a trusted application or proxy that overrides OKTA client request context.
MFAType (optional): Set this only in case you have configured MFA flow. Currently we support only the follwoing types: OktaVerify,Email and SMS.
MFAPassCode (optional): Set this only in case you have configured MFA flow. If this is set to empty/invalid the driver will initially issue a MFA challenge which will trigger the platform to send you an one-time password on your device or email, based on the configured MFA type. You need to re-issue another connection where the retrieved one-time password value is passed to MFAPassCode connection property.
The following is an example connection string:
|
2.6 Authenticating with OneLogin
Set the AuthScheme to OneLogin. The following connection properties are used to connect to OneLogin:
User: Set this to the OneLogin user.
Password: Set this to OneLogin password for the user.
The following SSOProperties are needed to authenticate to OneLogin:
OAuthClientId: Set to the OAuthClientId, which can be obtained by selecting Developers > API Credentials > Credential > ClientId.
OAuthClientSecret: Set to the OAuthClientSecret, which can be obtained by selecting Developers > API Credentials > Credential > ClientSecret.
Subdomain: Set to the subdomain of the OneLogin user accessing the SSO app. For example, if your OneLogin URL is splinkly.onelogin.com, enter splinkly as the subdomain value.
AppId: Set to the ID of the SSO app.
Region (optional): Set to the region your OneLogin account resides in. The OneLogin API operates in multiple regions and this property is used to find the correct domain. It can take one of the following values:
US (default)
EU
The following is an example connection string: The following connection string uses an API key to connect to OneLogin:
|
2.7 Authenticating with PingFederate
Set the AuthScheme to PingFederate. The following connection properties need to be set:
User: Set this to the PingFederate user.
Password: Set this to PingFederate password for the user.
SSOLoginURL: Set this to the login url used by the SSO provider.
The following SSOProperties are needed to authenticate to PingFederate:
AuthScheme (optional): The authorization scheme to be used for the IdP endpoint. The allowed values for this IdP are None or Basic.
Additionally, you can use the following SSOProperties to configure mutual SSL authentication for SSOLoginURL, the WS-Trust STS endpoint:
SSLClientCert
SSLClientCertType
SSLClientCertSubject
SSLClientCertPassword
Below is an example connection string:
|
The following are the connection properties for ServiceNow. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.
Property
|
Description
|
Authentication | |
AuthScheme | The authorization scheme to be used when server authorization is to be performed. |
Instance | The ServiceNow instance to retrieve tables from. |
Password | The password used to authenticate the user. |
User | The user account used to authenticate to ServiceNow. |
Firewall | |
FirewallPassword | A password used to authenticate to a proxy-based firewall. |
FirewallPort | The TCP port for a proxy-based firewall. |
FirewallServer | The name or IP address of a proxy-based firewall. |
FirewallType | The protocol used by a proxy-based firewall. |
FirewallUser | The user name to use to authenticate with a proxy-based firewall. |
Logging | |
Logfile | A path to the log file. |
MaxLogFileCount | A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted. |
MaxLogFileSize | A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end. |
Verbosity | The verbosity level that determines the amount of detail included in the log file. |
Misc | |
ConnectionLifeTime | The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed. |
ConnectionString | *** |
DisplayValue | Based on this value, the provider retrieves the display value or the actual value from the database. |
ExcludeReferenceLink | Based on this value, the additional information provided for reference fields will be suppressed or not. |
MaxRows | Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time. |
Other | These hidden properties are used only in specific use cases. |
PoolIdleTimeout | The allowed idle time for a connection before it is closed. |
PoolMaxSize | The maximum connections in the pool. |
PoolMinSize | The minimum number of connections in the pool. |
PoolWaitTime | The max seconds to wait for an available connection. |
PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
Readonly | You can use this property to enforce read-only access to ServiceNow from the provider. |
SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
SupportEnhancedSQL | This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing. |
Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
UseConnectionPooling | This property enables connection pooling. |
OAuth | |
InitiateOAuth | Set this property to initiate the process to obtain or refresh the OAuth access token when you connect. |
OAuthAccessToken | The access token for connecting using OAuth. |
OAuthClientId | The client ID assigned when you register your application with an OAuth authorization server. |
OAuthClientSecret | The client secret assigned when you register your application with an OAuth authorization server. |
OAuthGrantType | The grant type for the OAuth flow. |
OAuthRefreshToken | The OAuth refresh token for the corresponding OAuth access token. |
OAuthSettingsLocation | The location of the settings file where OAuth values are saved when InitiateOAuth is set to GETANDREFRESH or REFRESH. Alternatively, this can be held in memory by specifying a value starting with memory://. |
OAuthVerifier | The verifier code returned from the OAuth authorization URL. |
Pagination | |
PageSize | The page size for the pagination. |
Proxy | |
ProxyAuthScheme | The authentication type to use to authenticate to the ProxyServer proxy. |
ProxyAutoDetect | This indicates whether to use the system proxy settings or not. This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings. |
ProxyExceptions | A semicolon separated list of hosts or IPs that are exempt from connecting through the ProxyServer . |
ProxyPassword | A password to be used to authenticate to the ProxyServer proxy. |
ProxyPort | The TCP port the ProxyServer proxy is running on. |
ProxyServer | The hostname or IP address of a proxy to route HTTP traffic through. |
ProxySSLType | The SSL type to use when connecting to the ProxyServer proxy. |
ProxyUser | A user name to be used to authenticate to the ProxyServer proxy. |
3 Tables
The provider gets the metadata model in ServiceNow into a list of tables that can be queried using standard InitializeSource or Lookup activities.
Table Names:
|
ast_contract
|
ast_license_base
|
change_request
|
cmdb_ci
|
cmdb_metric
|
cmn_building
|
cmn_context_help
|
cmn_cost_center
|
cmn_department
|
cmn_location
|
cmn_map_page
|
cmn_notif_device
|
cmn_notif_device_variable
|
cmn_notif_grmember
|
cmn_notif_group
|
cmn_notif_message
|
cmn_notif_service_provider
|
cmn_other_schedule
|
cmn_relative_duration
|
cmn_schedule
|
cmn_schedule_blackout
|
cmn_schedule_condition
|
cmn_schedule_maintenance
|
cmn_schedule_page
|
cmn_schedule_span
|
cmn_timeline_page
|
cmn_timeline_page_style
|
cmn_timeline_sub_item
|
diagrammer_action
|
expert_panel
|
item_option_new
|
question
|
sc_category
|
sc_cat_item
|
sla
|
sysauto
|
sysauto_script
|
syslog
|
sysrule
|
system_db_object
|
system_dictionary
|
system_documentation
|
system_import_set_row
|
system_script_client
|
system_ui_policy
|
system_ui_policy_action
|
task
|
v_field_creator
|
Last updated