ServiceNow

ServiceNow (opens new window) is a cloud software solution that offers a comprehensive suite of IT management software in the areas of IT service, IT operations, and IT business.

API version

The ServiceNow connector uses ServiceNow REST APIs (opens new window).

Supported editions and versions

The ServiceNow connector works with ServiceNow and ServiceNow Express editions.

All versions of ServiceNow is supported. However, only Istanbul (or later) supports OAuth 2.0 connection.

Version	Release date	Supports OAuth 2.0?
Washington D.C.	Q1-2024	Yes
Vancouver	Q3-2023	Yes
Utah	Q2-2023	Yes
Tokyo	Q4-2022	Yes
San Diego	Q2-2022	Yes
Rome	Q3-2021	Yes
Quebec	Mar 2021	Yes
Paris	Sep 2020	Yes
Orlando	Mar 2020	Yes
New York	May 2019	Yes
Madrid	Jan 2019	Yes
London	Jul 2018	Yes
Kingston	Nov 2017	Yes
Jakarta	Jul 2017	Yes
Istanbul	Jan 2017	Yes
Helsinki	May 2016	No
Geneva	Dec 2015	No

How to connect to ServiceNow on Workato

The ServiceNow connector supports 2 types of authentication

1. Username/Password (Basic authentication)
2. OAuth 2.0 (Authorization code grant)

Username/Password

Select Username/Password authentication type to connect to your ServiceNow instance with your login credentials.

Username/Password connection

Field	Description
Connection name	Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to.
Authentication type	Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication and OAuth 2.0 using the authorization code grant.
Instance name	If your ServiceNow url is https://acme.service-now.com, then instance name is acme.
Username	Username to connect to ServiceNow.
Password	Password to connect to ServiceNow.

OAuth 2.0

Select OAuth 2.0 authentication type to connect to your ServiceNow instance without using your login credentials. This authentication type allows you to grant access to Workato by obtaining a token rather than disclosing your login credentials.

Only Istanbul (or later) versions of ServiceNow supports OAuth 2.0 connection with authorization code grant flow. Make sure that your ServiceNow version supports this when selecting this authentication type.

OAuth 2.0 connection

Field	Description
Connection name	Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to.
Authentication type	Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication and OAuth 2.0 using the authorization code grant.
Instance name	If your ServiceNow url is https://acme.service-now.com, then instance name is acme.
Client ID	Client ID to connect to use for authorization. More details about setting up Application Registry for an OAuth client below.
Client secret	Client secret for this OAuth application. Remember to select the lock to reveal the actual secret.

Setting up OAuth 2.0 client

Setting up an OAuth 2.0 client requires admin role.

Before creating a client application in Application Registries, remember to activate OAuth. Refer to this guide (opens new window) for more details.

Activate OAuth plugin

Next, create an endpoint for a client application to gain access to your ServiceNow instance. Refer to this guide (opens new window) for more information. During this setup step, you will need to use the following URLs:

Field	Description
Redirect URL	https://www.workato.com/oauth/callback
Logo URL	https://www.workato.com/blog/wp-content/uploads/2015/10/workato-logo-small.png

OAuth 2.0 client

When the client application is successfully setup, use the Client ID and Client secret in when creating a ServiceNow connection in Workato. This will trigger an OAuth authorization code grant flow that opens a new browser window that requests for authorization.

Authorization window

Roles and permissions required to connect

To use the ServiceNow connector, the connection must be established with a user that has roles with access control to the following tables.

Table	Purpose	Operation	Name
Tables (sys_db_object)	Tables is a table that contains a row for each table in your ServiceNow instance. This table is used to generate a list of tables to perform an action or trigger events from.	read	sys_db_object sys_db_object.*
Dictionary Entry (sys_dictionary)	Contains details for each table and columns in each table in your ServiceNow instance. This table is used to generate input and/or output fields when you select a table to perform and action.	read	sys_dictionary sys_dictionary.*

Some Base system roles (opens new window) (such as admin) will include access control to these tables. However, if you wish to grant only the minimum required access control to use the ServiceNow connector, you may want to create a custom role with these access control.

On top of these, the user must also have the necessary access control to the tables that are required in the integration use case. For example, to create an integration user that can perform standard ITIL helpdesk actions (open, update, close incidents, problems, changes, configuration management items), you will need to assign it the itil role. To grant access only to specific tables or tables besides those available in the base system roles, we recommend creating custom roles and assigning the appropriate access control as needed.

Create a custom role

If you do not wish to use any of the Base system roles (opens new window) to connect to Workato. You can create a custom role with sufficient access control for the tables you want to work with.

First, create a role in your ServiceNow instance with a name that indicates usage with the Workato connector (For example, Workato integrator). Refer to this documentation (opens new window) for more details about creating roles. When this is completed, your new role must be given the following access control rules to use the ServiceNow connector.

Only a user with security_admin role has the ability to edit or create access control. Check with your ServiceNow administrator if you are unsure. Read more about Elevated privilege roles (opens new window).

Table	Type	Operation	Name
Tables	record	read	sys_db_object sys_db_object.*
Dictionary Entry	record	read	sys_dictionary sys_dictionary.*

Basic Access Control required

Next, this role should be assigned the relevant access control to use the triggers/actions you need in your integration use case. For a workflow that requires triggering of closed incident events, the user must have a custom role that includes access control to read and write to the incident table.

Table	Type	Operation	Name
Incident	record	read	incident
Incident	record	write	incident

Additional Access Control required for specific tables

Remember to elevate to a privileged role (security_admin) to edit Access Control records.

Elevate to privilege role

Granting access control rule for incident table to custom role

Real-time trigger

The ServiceNow connector features a set of real-time triggers for new and updated records in a selected table. This trigger uses the sys_script table to send HTTP requests to Workato's webhook gateway when the specified event (new or new and updated records) occurs in your ServiceNow instance.

When you start a recipe with one of these triggers, a record is automatically created in the sys_script table which points to a webhook URL unique to your recipe. Similarly, when the recipe is stopped, the same record in the sys_script table is deleted.

To enable this feature, the user account used to establish the ServiceNow connection must be assigned roles with the following access control rules.

Table	Type	Operation	Name
Business Rules	record	read	sys_script sys_script.*
Business Rules	record	write	sys_script sys_script.*
Business Rules	record	create	sys_script
Business Rules	record	delete	sys_script

Access Control required to use real-time triggers