Setting Up A ServiceNow Connection With Arist


Caleb Belanger
Last Updated: 2 months ago

ServiceNow is a cloud software solution that offers a comprehensive suite of IT management software in the areas of IT service, IT operations, and IT business. We connect to ServiceNow using Workato, a third-party tool that gives use a secure means of accessing learner attributes.

API version

The ServiceNow connector uses the ServiceNow REST API v2.

Supported editions and versions

The ServiceNow connector works with ServiceNow and ServiceNow Express editions.

All versions of ServiceNow are supported. However, only Istanbul and later versions support OAuth 2.0 connection.

Version

Release date

Supports OAuth 2.0?

Washington D.C.

Q1-2024

Yes

Vancouver

Q3-2023

Yes

Utah

Q2-2023

Yes

Tokyo

Q4-2022

Yes

San Diego

Q2-2022

Yes

Rome

Q3-2021

Yes

Quebec

Mar 2021

Yes

Paris

Sep 2020

Yes

Orlando

Mar 2020

Yes

New York

May 2019

Yes

Madrid

Jan 2019

Yes

London

Jul 2018

Yes

Kingston

Nov 2017

Yes

Jakarta

Jul 2017

Yes

Istanbul

Jan 2017

Yes

Helsinki

May 2016

No

Geneva

Dec 2015

No

How to connect to ServiceNow on Workato

The ServiceNow connector supports three authentication types:

Username/Password

Select Username/Password authentication type to connect to your ServiceNow instance with your login credentials.

Username/Password connectionUsername/Password connection

Field

Description

Connection name

Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to.

Authentication type

Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication, OAuth 2.0 using the authorization code grant, and Password grant authentication.

Instance name

Provide the name of your instance. For example, if your ServiceNow URL is https://acme.service-now.com, the instance name is acme.

Username

Provide the username you plan to use to connect to ServiceNow.

Password

Provide the password you plan to use to connect to ServiceNow.

OAuth 2.0

Select the OAuth 2.0 authentication type to connect to your ServiceNow instance without using your login credentials. This authentication type allows you to grant access to Workato by obtaining a token rather than disclosing your login credentials.

Only Istanbul and later versions of ServiceNow support OAuth 2.0 connection with authorization code grant flow. Make sure that your ServiceNow version supports this when selecting this authentication type.

OAuth 2.0 connectionOAuth 2.0 connection

Field

Description

Connection name

Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to.

Authentication type

Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication, OAuth 2.0 using the authorization code grant, and Password grant authentication.

Instance name

Provide the name of your instance. For example, if your ServiceNow URL is https://acme.service-now.com, the instance name is acme.

Client ID

Provide the Client ID for your connection to use for authorization. Refer to the Set up an OAuth 2.0 client section for more information on how to set up Application Registry for an OAuth client.

Client secret

Provide the Client secret for this OAuth application. Click Toggle Password Visibility (lock icon) to reveal the secret.

Password grant

Select the Password grant authentication type to connect to your ServiceNow instance. This authentication type allows you to grant Workato access by providing your login credentials, which are used to obtain an access token.

Username/Password connectionPassword grant connection

Field

Description

Connection name

Give this ServiceNow connection a unique name that identifies which ServiceNow instance it is connected to.

Authentication type

Choose an authentication type for this ServiceNow connection. The ServiceNow connector supports Username/Password (Basic) authentication, OAuth 2.0 using the authorization code grant, and Password grant authentication.

Instance name

Provide the name of your instance. For example, if your ServiceNow URL is https://acme.service-now.com, the instance name is acme.

Username

Provide the username you plan to use to connect to ServiceNow.

Password

Provide the password you plan to use to connect to ServiceNow.

Client ID

Provide the Client ID for the connection to use for authorization. Refer to the Set up an OAuth 2.0 client section for more information on how to set up Application Registry for an OAuth client.

Client secret

Provide the Client secret for this OAuth application. Click Toggle Password Visibility (lock icon) to reveal the secret.

Set up an OAuth 2.0 client

You must have an admin role to set up an OAuth 2.0 client.

Complete the following steps to set up an OAuth 2.0 client:

1

Activate the OAuth 2.0 (com.snc.platform.security.oauth) plugin. Refer to the ServiceNow documentation for more information on how to activate OAuth 2.0(opens new window)

Activate OAuth pluginActivate OAuth plugin

2

Create an endpoint for a client application to gain access to your ServiceNow instance. Use https://www.workato.com/oauth/callback as the Redirect URL. Refer to the ServiceNow documentation for more information on how to create an endpoint for external clients(opens new window).

OAuth 2.0 clientOAuth 2.0 client

3

Use the Client ID and Client secret to create a ServiceNow connection in Workato. This triggers an OAuth authorization code grant flow that opens a new browser window requesting authorization.

Roles and permissions required to connect

To use the ServiceNow connector, you must establish the connection with a user that has roles with access control to the following tables:

Table

Purpose

Operation

Name

Tables(opens new window)
(sys_db_object)

Contains a row for each table in your ServiceNow instance. This table is used to generate a list of tables to perform an action or trigger event.

read

sys_db_object
sys_db_object.*

Dictionary entry(opens new window)
(sys_dictionary)

Contains details for each table and columns in each table in your ServiceNow instance. This table is used to generate input and/or output fields when you select a table to perform and action.

read

sys_dictionary
sys_dictionary.*

Some Base system roles(opens new window) (such as admin) include access control to these tables. However, if you plan to grant only the minimum required access control for using the ServiceNow connector, consider creating a custom role tailored to these access controls.

In addition to their base system role, the user must have access control to the tables required in the integration use case. For example, to create an integration user that can perform standard ITIL helpdesk actions (open, update, close incidents, problems, changes, configuration management items), you must assign them the itil role. To grant access only to specific tables or tables besides those available in the base system roles, we recommend that you create a custom role and assign the appropriate access control as needed.

Create a custom role

You can create a custom role with sufficient access control for the tables you plan to work with if you don't plan to use a Base system role(opens new window) to connect to Workato.

Complete the following steps to create a custom role:

1

Create a role in your ServiceNow instance and assign it a name that reflects its association with the Workato connector, such as Workato Integrator. Refer to the ServiceNow documentation for more information on creating roles(opens new window).

2

Give your new role the following access control rules to use the ServiceNow connector:

Table

Type

Operation

Name

Tables

record

read

sys_db_object
sys_db_object.*

Dictionary entry

record

read

sys_dictionary
sys_dictionary.*

SECURITY ADMIN ROLE REQUIRED FOR ACCESS CONTROL

Only a user with security_admin role can edit or create access control. Confirm your permissions with your ServiceNow administrator. Read more about Elevated privilege roles(opens new window).

Elevate to privilege roleElevate to privilege role

3

Assign the relevant access control to use the triggers/actions you plan to use in your integration use case. For example, you must have a custom role that includes access control to read and write to the incident table for a workflow that requires triggering closed incident events.

Table

Type

Operation

Name

Incident

record

read

incident

Incident

record

write

incident

Granting access control rule for  table to custom roleGranting access control rule for incident table to custom role

Real-time triggers

The ServiceNow connector features a set of real-time triggers for new and updated records in a selected table. This trigger uses the sys_script table to send HTTP requests to Workato's webhook gateway when the specified event (new or new and updated records) occurs in your ServiceNow instance.

A record is automatically created in the sys_script table that points to a webhook URL unique to your recipe when you start a recipe with one of these triggers. Similarly, the same record in the sys_script table is deleted when you stop the recipe.

The account you use to establish the ServiceNow connection must be assigned roles with the following access control rules to enable this feature:

Table

Type

Operation

Name

Business Rules

record

read

sys_script
sys_script.*

Business Rules

record

write

sys_script
sys_script.*

Business Rules

record

create

sys_script

Business Rules

record

delete

sys_script


Was this article helpful?