ServiceNow
Prerequisites
- Select Client Credentials Grant Type for your environment
- If glide.oauth.inbound.client.credential.grant_type.enabled system property exists and set to true, you can skip this step.
Follow the instructions to enable it - A Security Administrator must create the connector
Configuration
- Log in to your ServiceNow instance with administrator privileges.
- You can configure the connector using one of the following methods. Both methods require you to create an OAuth API endpoint.
Option 1: Use update set
- In Insights, select Update Set for installation method.
- Download the update set.
- Follow ServiceNow documentation, Save an update set as a local XML file, to apply the update set in your ServiceNow instance.
Option 2: Manual configuration
- Navigate to System Security > Users and Groups > Roles.
- Create a new role named bt_read_only.
- Select the created bt_read_only role.
- In the Contains Roles tab, select Edit.
- Assign the following roles:
- snc_read_only
- sn_aia.viewer
- fd_read
- Navigate to System Security > Access Control (ACL).
- Create additional rules granting read-only access for bt_read_only role to the following tables:
- sys_user
- sys_user_has_role
- sys_user_group
- sys_user_grmember
- sys_group_has_role
- sys_user_role
- sys_audit
- sys_audit_delete
- syslog_transaction
- sn_aia_team_member
- sys_security_acl
- sys_package
- sys_scope_privilege
- sys_scope_privilege.*
- sys_scope
- sys_scope.*
- sys_security_operation
- sys_generative_ai_model_config
- sys_generative_ai_provider_mapping
Option 1 and Option 2: required steps
The following steps are required when using either option 1 or option 2 above.
You must elevate your role ServiceNow to security_admin to perform these actions.
- In Servicenow, under access control policies (ACL) search for the table
sys_security_acl, look for entries with the namesys_security_aclwith a Deny Unless as the Decision Type and read as the operation. - Delete these ACL's.
- In the same ACL section, search for the table name
sys_security_operation, find entries with thesys_security_operationname and the Deny Unless Decision Type and read as the operation. - Delete these ACL's.
- In Servicenow, go to System Definition > Tables.
- Search for the
sys_packagetable name. Click in the table and click the Application Access tab. - Check the box labeled Allow access to this table via web services.
- Save your changes.
Create an OAuth API endpoint
When creating an OAuth API endpoint, there are two workflows available:
- Creating a new inbound integration (Option 1)
-or- - Creating an API endpoint for external clients (Option 2)
To create the OAuth API endpoint:
- Navigate to System Security > Users and Groups > Users.
- Create the service account and fill in the following details:
- User ID: BT-SP-Connector
- First Name: BT-SP-Connector
- Assign the bt_read_only role to the user.
- Navigate to System OAuth > Application Registry.
Option 1: New inbound integration experience
- Select New > New Inbound Integration Experience > New integration > OAuth - Client Credentials grant.
- Fill in the following details:
- Name: BT-SP-Connector
- OAuth application user: BT-SP-Connector
- Copy the Client ID and Client Secret.
- Select Save.
- In Insights, enter the Domain, Client ID, and Client Secret in the appropriate fields.
Option 2: OAuth API endpoint for external client
- Select New > Create an OAuth API endpoint for external clients.
- Fill in the following details:
- Name: BT-SP-Connector
- Client Type: Integration as a Service
- Default Grant type: Client Credentials
- OAuth Application User: bt-sp-connector
- Auth Scope: useraccount
- Select Submit.
- Select the created BT-SP-Connector application.
- Copy the Client ID and Client Secret.
- In Insights, enter the Domain, Client ID, and Client Secret.
Updated about 1 month ago
