Skip to content

Activity Insights - ServiceNow

To display activity data from ServiceNow, you can set up a single SaaS connector or configure both a virtual appliance (VA) and Activity Insights - ServiceNow connector.

Configuring Activity Insights Using the ServiceNow SaaS Connector

If you are using the ServiceNow SaaS connector, follow the connector guide to enable Activity Insights.

After a successful test connection, you must correlate accounts and run an aggregation for the ServiceNow SaaS source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Note

If you previously configured both the ServiceNow identity governance and Activity Insights - ServiceNow connectors, you do not have to take additional action to continue receiving your data.

Configuring Activity Insights Using a VA-Based Source

If you are setting up Activity Insights using a VA-based connector, you may either use basic authentication or create an OAuth client to connect ServiceNow to Identity Security Cloud. You'll then configure both the ServiceNow identity governance and Activity Insights - ServiceNow connectors so that Identity Security Cloud can gather your account information and display activity data.

Creating an OAuth Client in ServiceNow

You can use one of the following methods to create an OAuth client in ServiceNow:

Creating an OAuth Client Using Refresh Token Grant Type

To create an OAuth client using a refresh token, log in to the ServiceNow Service Management console as an administrator.

  1. From the Admin Home page, enter "System OAuth" in the search bar on the left panel.

  2. Under System OAuth, select Application Registry.

  3. Select New to create a new OAuth2 client.

  4. Select Create an OAuth API endpoint for external clients.

  5. Enter the following OAuth2 client application details in the appropriate fields:

    • Name - A unique name for the client.

    • Application - The application scope for the OAuth2 client, such as Global.

    • Client ID - The client ID is automatically generated by ServiceNow.

    • Client Secret - The client secret for the OAuth2 client. If you leave this field blank, ServiceNow automatically generates a client secret.

    • Redirect URL - (Optional) The URL that the authorization server redirects to.

    • Refresh Token Lifespan - The number of seconds that the refresh token is valid. This value should be a large number. The default validity is 8,640,000.

    • Access Token Lifespan - The number of seconds that the access token is valid. The default access token validity is 1,800 seconds.

  6. Select Submit to create the OAuth2 client. If the client secret field was left empty, a client secret is generated at this point.

  7. On the Application Registries page, select the OAuth2 client you created.

  8. Copy the Client ID and select the Padlock icon to display and copy the Client Secret. You’ll use this information to create a refresh token.

  9. Use the following curl command to create the refresh token:

    1
2
3
4
5
6
7
8
    curl --location 'https://instancename.service-now.com/oauth_token.do' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=password' \
    --data-urlencode 'client_id=<client_id>' \
    --data-urlencode 'client_secret=<client_secret>' \
    --data-urlencode 'username=<username>' \
    --data-urlencode 'password=<password>' \
    --header 'Content-Type: application/json'

    Where:

    • <client_id> - The client ID generated by ServiceNow.

    • <client_secret> - The client secret from ServiceNow.

    • <username> - The username for the ServiceNow account.

    • <password> - The password for the ServiceNow account.

  10. Copy and store the refresh token in a safe place. You'll use your client ID, client secret, and refresh token to connect ServiceNow to Identity Security Cloud.

Creating an OAuth Client Using Client Credentials Grant Type

You can use one of the following methods to create an OAuth client using the client credentials grant type:

Configuring the ServiceNow Identity Governance Source

Use the ServiceNow connector guide to configure your ServiceNow source in Identity Security Cloud. You can also edit an existing source.

Configuring the Activity Insights - ServiceNow Source

To display activity data from Activity Insights, you must configure the Activity Insights - ServiceNow source in Identity Security Cloud.

  1. Go to Admin > Connections > Sources.

  2. Select Create New to create a new source.

  3. Search for and select the Activity Insights - ServiceNow connector.

  4. Enter a name and description for the source.

  5. In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.

  6. (Optional) Select a governance group for source management.

  7. Select the checkbox if the source is an authoritative source.

  8. Select Continue to create the source.

  9. From the left panel, select Connection Settings in the Source Setup section.

  10. On the Authentication page, complete the following:

    • In the Host URL field, enter the Host URL for your ServiceNow instance in the form of https://instance-name.service-now.com.

    • Select the authentication type used.

      • For Basic authentication, enter the username and password for the ServiceNow account.

      • For OAuth 2.0, select the grant type used.

        • For Refresh Token, complete the following:

          • In the Client ID field, enter the client ID from ServiceNow.

          • In the Client Secret field, enter the client secret from ServiceNow.

          • In the Refresh Token field, enter the refresh token you created.

        • For Client Credentials, complete the following based on the method used:

          • Okta External OIDC Provider

            • In the OAuth 2.0 Token URL field, enter the token URL in the format {yourOktaDomain.com}/oauth2/{authorizationServerId}/v1/token.

            • In the Client ID field, enter the client ID for the Okta instance configured as the external OIDC in ServiceNow.

            • In the Client Secret field, enter the client secret for the Okta instance configured as the external OIDC in ServiceNow.

          • Inbound client credentials grant type

            • In the OAuth 2.0 Token URL field, enter the token URL in the format https://instancename.service-now.com/oauth_token.do.

            • In the Client ID field, enter the client ID from ServiceNow.

            • In the Client Secret field, enter the client secret from ServiceNow.

    • In the Identity Governance Source Name field, enter the name of the source you created for the identity governance connector. If no matching source is found, the test connection will fail.

  11. Select Save to save these settings.

  12. From the left panel, select Review and Test in the Source Setup section.

  13. On the Configuration Summary page, select Test Connection to test the connection between the applications. You must have a successful connection for Identity Security Cloud to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support. 

To gather account data, you must correlate accounts and run an aggregation for the ServiceNow identity governance source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.