ServiceNow Troubleshooting and Validation
This page describes how to validate and troubleshoot your ServiceNow integration after setup in SailPoint Entro. These steps confirm that the connection is active, data visibility is established, and API scopes are correctly configured.
Validation Steps
-
Verify Connection Status
-
In the SailPoint Entro Dashboard, navigate to: Management → Accounts & Integrations
-
Locate your ServiceNow account.
-
Confirm that the Status column displays Verified.
-
Click the account entry to open details and view the Last Sync Time.
-
-
Confirm Data Visibility
-
Navigate to the Findings section in SailPoint Entro.
-
Filter results by the ServiceNow integration nickname.
-
Confirm that ticket, article, and configuration data are visible.
-
-
Validate API Key Scope
Use the ServiceNow API Explorer or a cURL command to confirm API access:
cURL
curl -X GET 'https://<yourDomain>.service-now.com/api/now/table/incident' \ -H 'Authorization: Bearer <YOUR_TOKEN>' \ -H 'Accept: application/json'Expected outcome:
-
Response status: 200 OK
-
No "unauthorized" or "forbidden" errors
-
Returned JSON includes table data (limited by read-only role)
If validation fails, confirm that:
-
The Integration User is active
-
The correct Auth Scope (entro-auth-scope) is assigned to both APIs
-
The Access Token has not expired or been revoked
-
Common Issues and Resolutions
-
Users/Integrations unable to log in with Basic Auth
-
Create BasicAuth Authentication Profile:
-
Go to All → System Web Services → API Access Policies → Inbound Authentication Profiles
-
Select New
-
Select Create standard http authentication profiles
-
Give the new profile a name (like BasicAuth) and make sure that
Basic Authis selected as the Type -
Click Submit
-
-
Add the new profile to all the REST API Access Policies:
-
Go to Navigate to All → System Web Services → REST API Access Policies
-
Click the Table API policy
-
In the Inbound authentication profiles at the bottom, add the new BasicAuth auth profile to the list (in addition to the SailPoint Entro auth profile)
-
Do the same for the Attachments API policy
-
-
-
Connection status not verified
Resolution: Recreate the API Access Token and reconnect the integration.
-
API response returns 401 or 403
Resolution: Ensure the token scope and roles (
itil,snc_read_only) are correctly assigned. -
No findings or data appear in SailPoint Entro
Resolution: Validate that the integration's API scopes are active, and the Worker Group is online.
Resetting or Reconnecting the Integration
To re-establish connectivity:
-
In SailPoint Entro, open the existing ServiceNow account.
-
Regenerate the API Access Token in ServiceNow.
-
Update the token in the SailPoint Entro integration form.
-
The integration will revalidate automatically and restart scanning.
Advanced Diagnostics
-
In ServiceNow, navigate to: System Logs → REST API Log to trace incoming requests from SailPoint Entro.
-
Confirm successful calls from your assigned Worker Group.
-
Ensure API throttling limits in ServiceNow have not been reached.
-
In SailPoint Entro, enable Debug Logging for deeper sync trace analysis.
Security and Compliance Notes
-
Tokens can be revoked anytime in ServiceNow → API Access Policies.
-
SailPoint Entro automatically invalidates and encrypts old tokens upon reconnection.
-
Audit events are retained according to your organization's retention policy.
-
Diagnostic logs never include raw credentials or secret values.
Support
If validation continues to fail after completing the above steps, review the Common Issues section or contact Entro Support through your dedicated Slack or Teams channel, or at support@entro.security.