DocumentationAPI ReferenceRelease Notes
Log In
Documentation

ServiceNow

Suggest Edits

How is the ServiceNow integration useful?

In the default configuration, when a user runs an application you are targeting with the ServiceNow rule script, they are presented with the option to raise an incident in ServiceNow or cancel the request. The ticket in ServiceNow includes:

  • Caller
  • Short Description
  • Description including the business justification, the program name, program publisher, program path, Challenge Response Code, and the business justification the end user provided.

You can then action the incident in ServiceNow and supply the end user with a Challenge Response Code. The end user can then start the application and enter the Challenge Response Code to run the application.

The Endpoint Privilege Management for Windows ServiceNow integration can be used with Endpoint Privilege Management for Windows version 5.3 and later. You can download the integration from the BeyondTrust Support Portal.

Important information

The ServiceNow integration is comprised of two files:

  • Log-ServiceNowIncident.ps1
  • ServiceNowSettings.json

Prerequisites

ServiceNow

You must have the following information available:

  • the URL of your ServiceNow instance (for example, instancename.service-now.com)
  • the username and password of a user that has the ServiceNow itil role
    Users with the itil role can open, update, and close incidents as required.
  • a Challenge / Response message
  • corresponding accounts for all end users in ServiceNow (so that EPM for Windows and Mac can successfully raise the incident)

EPM for Windows policy

In your Endpoint Privilege Management for Windows policy, you must have:

  • a Workstyle that targets the ServiceNow rule script
  • an Application Group that contains the applications you want to target
  • a message configured for Challenge / Response

See the next sections, "In the Policy Editor" and "In the Application Rule" for instructions.

In the Policy Editor

  1. Open the Policy Editor in EPM for Windows and Mac.
  2. Create a Message and configure it for Challenge / Response. Call this message Allow Message (with Challenge). If you do not have an existing Shared Key, ensure you configure one before you continue.
  3. Create an Application Group called ServiceNow Applications and populate it with application definitions you want your end users to raise a ServiceNow ticket for.
  4. Create a Workstyle called ServiceNow and add an Application Rule.

In the Application Rule

  1. Set the Target Application Group to ServiceNow Applications.
  2. From the Run a Rule Script list, select Manage Scripts.
  3. From the Rule Scripts node, click Import Script.
  4. Navigate to the ServiceNow integration script Log-ServiceNowIncident.ps1 you downloaded previously and click Open.
  5. Click Settings, and then Import Settings. Navigate to the ServiceNowSettings.json file you downloaded previously.
  6. At the top of the ServiceNowSettings.json file, navigate to the Authentication section and make the following changes:
    • Replace the URL with your ServiceNow URL in the form yourinstance.service-now.com, ensuring you remove the asterisks. Do not use HTTPS. This is a restriction of the ServiceNow API. The secure connection is managed by the client.
    • Replace the Username and Password with your ServiceNow user credentials with the itil permission, ensuring you remove the asterisks.
  7. Click Save and then Close on the Script Manager. The ServiceNowSettings.json file is now associated with your ServiceNow rule script Log-ServiceNowIncident.ps1. Any time you use the ServiceNow rule script, the same Settings file is automatically assigned to it. Any edits to the Settings file need to be made in one place, and they will be used in all instances of that rule script.
  8. Set the Default Action to Allow Execution.
  9. Set the Default End User Message to Allow Message (with Challenge).
  10. Set the Default Access Token to Add Admin Rights.
  11. Set Raise an Event to On, and click OK to finish configuring the Application Rule.
  12. Verify the Workstyle is enabled, so you can test the ServiceNow integration.

In ServiceNow

You can confirm the ServiceNow integration is working by running an application that will match on the ServiceNow Applications Application Group. When the ServiceNow script runs successfully, a dialog box like the one below is displayed. A Settings error message may be displayed.

The first time the end user sees this message they will enter their business justification, and click Submit Report.

Once they receive the Challenge Response Code, they can run the application. Then they can click Enter Response Code to enter the Challenge Response Code and run the application.

ServiceNow integration error codes

Error CodeSymptom
SVN-STG-001Authentication values are not configured in the ServiceNowSettings.json file.
SVN-VSN-001
SVN-VSN-002		Either the Endpoint Privilege Management for Windows or the Endpoint Privilege Management Policy Editor versions are not high enough to support Power Rules.
SVN-URL-001The instance of ServiceNow in the ServiceNowSettings.json file cannot be reached.
SVN-USR-001The end user trying to create the incident in ServiceNow does not have an account in ServiceNow.
SVN-INC-001The incident was not created successfully.

Updated 3 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.