ServiceNow
The ServiceNow Integration allows SailPoint Entro to securely scan your ServiceNow environment for exposed secrets and sensitive data across tickets, knowledge articles, attachments, and configuration records (including CMDB items where accessible). This enables continuous discovery and monitoring of secret exposure within ITSM workflows and automation content.
Overview
SailPoint Entro connects to your ServiceNow instance using an Admin API Access Token generated within ServiceNow. The integration operates in read-only mode and interacts with ServiceNow's REST APIs to fetch metadata and content for secret detection.
All connections and data retrieval are performed through secure HTTPS/TLS communication, following least-privilege access and strict data handling policies.
Navigation Path
In the SailPoint Entro Dashboard, navigate to: Management → Accounts & Integrations → Add New Account (top right) → ServiceNow
Architecture Diagram
+-------------------+ +-----------------------------+
| Entro Security | <------> | ServiceNow Instance |
| Cloud Platform | HTTPS | (Table & Attachment APIs) |
+-------------------+ +-----------------------------+
What SailPoint Entro Scans
Once connected, SailPoint Entro analyzes:
-
Tickets: Incident, Request, and Problem records
-
Knowledge Base Articles, Comments and Attachments
-
Configuration Items (CIs) and CMDB records
-
Custom tables & Fields where accessible through the same token scope
Detection includes API keys, tokens, passwords, SSH keys, and other sensitive data within text or attached files.
Supported Authentication
-
ServiceNow Admin API Token (generated in your instance)
-
Authenticated via ServiceNow REST APIs:
-
Table API (for ticket and record content)
-
Attachment API (for attached files and documents)
-
-
SailPoint Entro validates API connectivity during onboarding and confirms scope before scanning begins.
Data Access Mode
- Read-only: SailPoint Entro never modifies, deletes, or writes data in ServiceNow.
- Scoped Access: Integration scopes include only the APIs required for metadata and content retrieval.
- Encrypted Transport: All data is transmitted over HTTPS/TLS 1.2+.
- Token Security: All API tokens are encrypted and stored in SailPoint Entro's vault. No secrets or credentials are persisted beyond analysis.
- Worker Group: The ServiceNow connector can operate through any active Worker Group (Connector) in your environment.
Security & Compliance
SailPoint Entro follows least-privilege and zero-modification principles consistent with:
-
SOC 2 Type II
-
ISO 27001
-
GDPR data protection requirements
All integration actions and validations are logged for auditing within the SailPoint Entro Console.