ServiceNow

ServiceNow is a cloud software solution that offers a comprehensive suite of IT management software in the areas of IT service, IT operations, and IT business.

API version

The ServiceNow connector uses ServiceNow REST API V1.

Supported editions and versions

The ServiceNow connector works with ServiceNow and ServiceNow Express editions.

All versions of ServiceNow is supported. However, only Istanbul (or later) supports OAuth 2.0 connection.

Version Release Date
Kingston Latest version
Jakarta July 2017
Istanbul January 2017
Helsinki May 2016
Geneva December 2015

How to connect to ServiceNow on Workato

The ServiceNow connector supports 2 types of authentication

  1. Username/Password (Basic authentication)
  2. OAuth 2.0 (Authorization code grant)

Username/Password

Select Username/Password authentication type to connect to your ServiceNow instance with your login credentials.

Username/Password connection Username/Password connection

Field Description
Connection name Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to.
Authentication type Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication and OAuth 2.0 using the authorization code grant.
Instance name If your ServiceNow url is https://acme.service-now.com, then instance name is **acme**
Username Username to connect to ServiceNow.
Password Password to connect to ServiceNow.

OAuth 2.0

Select OAuth 2.0 authentication type to connect to your ServiceNow instance without using your login credentials. This authentication type allows you to grant access to Workato by obtaining a token rather than disclosing your login credentials.

Only Istanbul (or later) versions of ServiceNow supports OAuth 2.0 connection with authorization code grant flow. Make sure that your ServiceNow version supports this when selecting this authentication type.

OAuth 2.0 connection OAuth 2.0 connection

Field Description
Connection name Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to.
Authentication type Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication and OAuth 2.0 using the authorization code grant.
Instance name If your ServiceNow url is https://acme.service-now.com, then instance name is **acme**
Client ID Client ID to connect to use for authorization. More details about setting up Application Registry for an OAuth client below.
Client secret Client secret for this OAuth application. Remember to click on the lock to reveal the actual secret.

Setting up OAuth 2.0 client

Setting up an OAuth 2.0 client requires admin role.

Before creating a client application in Application Registries, remember to activate OAuth. Refer to this guide for more details.

Activate OAuth plugin Activate OAuth plugin

Next, create an endpoint for a client application to gain access to your ServiceNow instance. Refer to this guide for more information. During this setup step, you will need to use the following URLs:

Field Description
Redirect URL https://www.workato.com/oauth/callback
Logo URL https://www.workato.com/blog/wp-content/uploads/2015/10/workato-logo-small.png

OAuth 2.0 client OAuth 2.0 client

When the client application is successfully setup, use the Client ID and Client secret in when creating a ServiceNow connection in Workato. This will trigger an OAuth authorization code grant flow that opens a new brower window that requests for authorization.

Authorization window Authorization window

Roles and permissions required to connect

To use the ServiceNow connector, the connection must be established with a user that has roles(s) with access control to the following tables.

Table Purpose Operation
Tables (sys_db_object) Tables is a table that contains a row for each table in your ServiceNow instance. This table is used to generate a list of tables to perform an action or trigger events from. read
Dictionary Entry (sys_dictionary) Contains details for each table and columns in each table in your ServiceNow instance. This table is used to generate input and/or output fields when you select a table to perform and action. read

Some Base system roles (such as admin) will include access control to these tables. However, if you wish to grant only the minimum required access control to use the ServiceNow connector, you may want to create a custom role with these access control.

On top of these, the user must also have the necessary access control to the tables that are required in the integration use case. For example, to create an integration user that can perform standard ITIL helpdesk actions (open, update, close incidents, problems, changes, configuration management items), you will need to assign it the itil role. To grant access only to specific tables or tables besides those available in the base system roles, we recommend creating custom roles and assigning the appropriate access control as needed.

Create a custom role

If you do not wish to use any of the Base system roles to connect to Workato. You can create a custom role with sufficient access control for the tables you want to work with.

First, create a role in your ServiceNow instance with a name that indicates usage with the Workato connector (For example, Workato integrator). Refer to this documentation for more details about creating roles. When this is completed, your new role must be given the following access control rules to use the ServiceNow connector.

Only a user with security_admin role has the ability to edit or create access control. Check with your ServiceNow administrator if you are unsure. Refer to this documentation for more details about access control.

Table Type Operation Name
Tables record read sys_db_object
Dictionary Entry record read sys_dictionary
sys_dictionary.*

Basic Access Control required

Next, this role should be assigned the relevant access control to use the triggers/actions you need in your integration use case. For a workflow that requires triggering of closed incident events, the user must have a custom role that includes access control to read and write to the incident table.

Table Type Operation Name
Incident record read incident
Incident record write incident

Additional Access Control required for specific table(s)

Granting access control rule for `incident` table to custom role Granting access control rule for incident table to custom role

Real-time trigger

The ServiceNow connector features a set of real-time triggers for new and updated records in a selected table. This trigger uses the sys_script table to send HTTP requests to Workato's webhook gateway when the specified event (new or new and updated records) occurs in your ServiceNow instance.

When you start a recipe with one of these triggers, a record is automatically created in the sys_script table which points to a webhook URL unique to your recipe. Similarly, when the recipe is stopped, the same record in the sys_script table is deleted.

To enable this feature, the user account used to establish the ServiceNow connection must be assigned role(s) with the following access control rules.

Table Type Operation Name
Business Rules record read sys_script
sys_script.*
Business Rules record write sys_script
sys_script.*
Business Rules record create sys_script
Business Rules record delete sys_script

Access Control required to use real-time triggers

results matching ""

    No results matching ""