# ServiceNow
ServiceNow (opens new window) is a cloud software solution that offers a comprehensive suite of IT management software in the areas of IT service, IT operations, and IT business.
# API version
The ServiceNow connector uses ServiceNow REST APIs (opens new window).
# Supported editions and versions
The ServiceNow connector works with ServiceNow and ServiceNow Express editions.
All versions of ServiceNow is supported. However, only Istanbul (or later) supports OAuth 2.0 connection.
Version | Release date | Supports OAuth 2.0? |
---|---|---|
Washington D.C. | Q1-2024 | Yes |
Vancouver | Q3-2023 | Yes |
Utah | Q2-2023 | Yes |
Tokyo | Q4-2022 | Yes |
San Diego | Q2-2022 | Yes |
Rome | Q3-2021 | Yes |
Quebec | Mar 2021 | Yes |
Paris | Sep 2020 | Yes |
Orlando | Mar 2020 | Yes |
New York | May 2019 | Yes |
Madrid | Jan 2019 | Yes |
London | Jul 2018 | Yes |
Kingston | Nov 2017 | Yes |
Jakarta | Jul 2017 | Yes |
Istanbul | Jan 2017 | Yes |
Helsinki | May 2016 | No |
Geneva | Dec 2015 | No |
# How to connect to ServiceNow on Workato
The ServiceNow connector supports 2 types of authentication
- Username/Password (Basic authentication)
- OAuth 2.0 (Authorization code grant)
# Username/Password
Select Username/Password authentication type to connect to your ServiceNow instance with your login credentials.
Username/Password connection
Field | Description |
---|---|
Connection name | Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to. |
Authentication type | Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication and OAuth 2.0 using the authorization code grant. |
Instance name | If your ServiceNow url is https://acme.service-now.com, then instance name is acme. |
Username | Username to connect to ServiceNow. |
Password | Password to connect to ServiceNow. |
# OAuth 2.0
Select OAuth 2.0 authentication type to connect to your ServiceNow instance without using your login credentials. This authentication type allows you to grant access to Workato by obtaining a token rather than disclosing your login credentials.
Only Istanbul (or later) versions of ServiceNow supports OAuth 2.0 connection with authorization code grant flow. Make sure that your ServiceNow version supports this when selecting this authentication type.
OAuth 2.0 connection
Field | Description |
---|---|
Connection name | Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to. |
Authentication type | Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication and OAuth 2.0 using the authorization code grant. |
Instance name | If your ServiceNow url is https://acme.service-now.com, then instance name is acme. |
Client ID | Client ID to connect to use for authorization. More details about setting up Application Registry for an OAuth client below. |
Client secret | Client secret for this OAuth application. Remember to select the lock to reveal the actual secret. |
# Setting up OAuth 2.0 client
Setting up an OAuth 2.0 client requires admin role.
Before creating a client application in Application Registries, remember to activate OAuth. Refer to this guide (opens new window) for more details.
Activate OAuth plugin
Next, create an endpoint for a client application to gain access to your ServiceNow instance. Refer to this guide (opens new window) for more information. During this setup step, you will need to use the following URLs:
Field | Description |
---|---|
Redirect URL | https://www.workato.com/oauth/callback |
Logo URL | https://www.workato.com/blog/wp-content/uploads/2015/10/workato-logo-small.png |
OAuth 2.0 client
When the client application is successfully setup, use the Client ID and Client secret in when creating a ServiceNow connection in Workato. This will trigger an OAuth authorization code grant flow that opens a new browser window that requests for authorization.
Authorization window
# Roles and permissions required to connect
To use the ServiceNow connector, the connection must be established with a user that has roles with access control to the following tables.
Table | Purpose | Operation | Name |
---|---|---|---|
Tables (sys_db_object) | Tables is a table that contains a row for each table in your ServiceNow instance. This table is used to generate a list of tables to perform an action or trigger events from. | read |
sys_db_object sys_db_object.* |
Dictionary Entry (sys_dictionary) | Contains details for each table and columns in each table in your ServiceNow instance. This table is used to generate input and/or output fields when you select a table to perform and action. | read |
sys_dictionary sys_dictionary.* |
Some Base system roles (opens new window) (such as admin) will include access control to these tables. However, if you wish to grant only the minimum required access control to use the ServiceNow connector, you may want to create a custom role with these access control.
On top of these, the user must also have the necessary access control to the tables that are required in the integration use case. For example, to create an integration user that can perform standard ITIL helpdesk actions (open, update, close incidents, problems, changes, configuration management items), you will need to assign it the itil role. To grant access only to specific tables or tables besides those available in the base system roles, we recommend creating custom roles and assigning the appropriate access control as needed.
# Create a custom role
If you do not wish to use any of the Base system roles (opens new window) to connect to Workato. You can create a custom role with sufficient access control for the tables you want to work with.
First, create a role in your ServiceNow instance with a name that indicates usage with the Workato connector (For example, Workato integrator). Refer to this documentation (opens new window) for more details about creating roles. When this is completed, your new role must be given the following access control rules to use the ServiceNow connector.
Only a user with security_admin role has the ability to edit or create access control. Check with your ServiceNow administrator if you are unsure. Read more about Elevated privilege roles (opens new window).
Table | Type | Operation | Name |
---|---|---|---|
Tables | record | read |
sys_db_object sys_db_object.* |
Dictionary Entry | record | read |
sys_dictionary sys_dictionary.* |
Basic Access Control required
Next, this role should be assigned the relevant access control to use the triggers/actions you need in your integration use case. For a workflow that requires triggering of closed incident events, the user must have a custom role that includes access control to read and write to the incident table.
Table | Type | Operation | Name |
---|---|---|---|
Incident | record | read | incident |
Incident | record | write | incident |
Additional Access Control required for specific tables
Remember to elevate to a privileged role (security_admin) to edit Access Control records.
Elevate to privilege role
Granting access control rule for incident
table to custom role
# Real-time trigger
The ServiceNow connector features a set of real-time triggers for new and updated records in a selected table. This trigger uses the sys_script
table to send HTTP requests to Workato's webhook gateway when the specified event (new or new and updated records) occurs in your ServiceNow instance.
When you start a recipe with one of these triggers, a record is automatically created in the sys_script
table which points to a webhook URL unique to your recipe. Similarly, when the recipe is stopped, the same record in the sys_script
table is deleted.
To enable this feature, the user account used to establish the ServiceNow connection must be assigned roles with the following access control rules.
Table | Type | Operation | Name |
---|---|---|---|
Business Rules | record | read |
sys_script sys_script.* |
Business Rules | record | write |
sys_script sys_script.* |
Business Rules | record | create | sys_script |
Business Rules | record | delete | sys_script |
Access Control required to use real-time triggers
Last updated: 2/21/2024, 4:44:16 PM