Back

Servicenow Ticketing Integration

Last Updated:

 

October 29, 2025

Contents

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

ServiceNow can be configured to create tickets directly from Oleria. Follow the pre-requisites and the steps below.

<doc_information>Note: ServiceNow tickets will be created as an incident ticket  and the ticket will be assigned to the configured assignment group.<doc_information>

Pre-requisites

  • User account to perform the setup steps in ServiceNow. The account needs to be able to do the following actions.
    See relevant ServiceNow documentation to learn more about necessary access needed to perform these actions.
    • Add a  x509 Certificate
    • Add an Application Registry
    • Add a User
    • View a Group
  • Oleria public key
  • Administrator access to Oleria to access the Ticketing System page. Learn about role permissions.

Steps to Integrate

Step 1: Download Certificate

  1. Login to Oleria.
  2. Click on the Avator icon on the upper right hand corner.
  3. Click the Ticketing integration option.
  4. From the Ticketing system page, click the Download public key button to download the file containing the public key (oleria-public-key.pem).

Step 2: Steps in ServiceNow

While following the steps in ServiceNow, certain data needs to be collected to be used later during the Oleria configuration. The data to collect are:

  • Client ID
  • Kid (Key ID or Key IDentifier)
  • Claim Value (Oleria service account email address)
  • sys_id (assignment group sys_id)

Step 2a: Upload Oleria’s Public Certificate to your ServiceNow Instance

  1. Log into your ServiceNow instance with administrator credentials.
  2. From the All menu, navigate to x509 Certificate page under Multi-Provider SSO > Administration section.
  3. Create a new x509 certificate.
    1. From x.509 Certificates page, click the New button from the upper right-hand corner.
    2. From New record page, type in the following information
Field
 Value
 Example
Name
 Name for the Oleria’s public key Oleria ServiceNow Incident Creation X.509 Certificate - tenantName
Format
 PEM PEM
Expiration Notification
 Uncheck Uncheck
Type
 Trust Store Cert Trust Store Cert
Active
 Check Check
Short Description
 Description that mentions the Oleria tenant servicenow_ticketing.tenantName.oleria.io


            3. For PEM Certificate, copy and paste Oleria’s public certificate here.

            4. Click Submit button.

Step 2b: Create an OAuth JWT Application

  1. From the All menu, navigate to Application Registry page under System OAuth section.
  2. From Application Registries page, click the New button from the upper right-hand corner.
  3. From What kind of OAuth application? page, click Create an OAuth JWT API endpoint for external clients link.
  4. From OAuth JWT - New Record page, reveal the Public Client hidden field in the form layout.
    1. Click on the three horizontal lines icon next to New Section New Record in the upper-left corner of the page.
    2. Click on Configure menu option and then click Form Layout option.
    3. From Configuring OAuth JWT form page, under the Available column, find the Public Client field, select the Public Client field, and then click the arrow pointing to the right which is between Available and Selected columns to select the field to display in the layout.

<doc_information>NOTE: If you cannot find “Public Client” under “Available” check “Selected” instead. If “Public Client” is in the “Selected” column, proceed to the next step<doc_information>

            4. Click Save button on the upper right-hand corner of the page.

  1. From OAuth JWT - New Record page, type in the following information
Field
 Value
 Example
Name
 Name that indicates that Oleria will create incidents and include the Oleria tenant name Oleria ServiceNow Incident Creation JWT OAuth - tenantName
Active
 Check Check
Public Client
 Check Check

                   
            1. Leave the remaining fields with their default values (including leaving Client Secret value blank).

            2. COPY the Client ID value to use later during Oleria integration.

  1. From OAuth JWT - New Record page, add useraccount to the Auth Scope for the JWT application.
    1. From the Auth Scope section, double-click on Insert a new row… link
    2. In the newly appeared textbox, search for useraccount, select one of the results from the dropdown menu, and then click on the green check icon.
    3. Click Submit button

2c: Map Oleria’s public key to the new OAuth JWT Application

  1. From Application Registries page, find and view the OAuth JWT application you created.
    (it may be called Oleria ServiceNow Incident Creation JWT OAuth - tenantName).
    1. To navigate to Application Registry page, from the All menu, navigate to Application Registry page under System OAuth section.
  2. From the OAuth JWT Application page, scroll to the bottom of the page to the Jwt Verifier Maps tab.
  3. From the OAuth JWT Application page, add a Jwt Verifier Map.
    1. From the Jwt Verifier Map tab, click New button.
    2. From Jwt Verifier Map - New Record page, type in the following information.
Field
 Value
 Example
Name
 Name that indicates Oleria’s public key including the Oleria tenant name Oleria JWT Verifier Map - tenantName OR Oleria ServiceNow Incident Creation Certificate Verifier Map - tenantName
Sys certificate
 Name you created for Oleria’s public certificate in the previous steps Oleria ServiceNow Incident Creation X.509 Certificate - tenantName

            3. COPY the Kid (Key ID or Key IDentifier) value to use later during Oleria integration.

            4. Click Submit button.

Step 2d: Limit access to the new OAuth JWT Application to only Oleria service account

  1. From the OAuth JWT Application page, scroll to the bottom of the page to the OAuth JWT Claim Validations tab.
  2. From the OAuth JWT Claim Validations tab, click New button.
  3. From OAuth JWT Claim Validation - New Record page, type in the following information
    1. From the OAuth JWT Claim Validations tab, click New button.
    2. From OAuth JWT Claim Validation - New Record page, type in the following informations

Field
 Value
 Example
Claim Value Type
 string string
Claim Name
 sub sub
Claim Value
 email address of the Oleria service account oleriaticketing@oleria.com

            3. COPY the Claim Value (Oleria service account email address) value to use later during Oleria integration.

            4. Click Submit button.

Step 2e: Find/Create a role with write access to the “Incidents” table

  1. From the All menu, navigate to Roles page under System Security > Users and Groups section.
  2. From the Roles page, search for a role named sn_incident_write. If a record is found, then continue to the next section (Create a service account). If the record does not exist, then create a new role.

Step 2f: Create a service account

  1. From the All menu, navigate to Users page under User Administration section.
  2. From Users page, click the New button from the upper right-hand corner.
  3. From User - New Record page, type in the following information.
Field
 Value
 Example
User ID
 name for the Oleria service account including tenant name Oleria Integrator - tenantName
Email
 Oleria service account’s email oleriaticketing@oleria.com
First Name
 Oleria service account’s first name Oleria
Last Name
 Oleria service account’s last name Ticketing
Password needs reset
 Uncheck Uncheck
Locked out
 Uncheck Uncheck
Active
 Check Check
Web service access only
 Uncheck Uncheck

  1. Click Submit button.

Step 2g: Associate role to the new service account

  1. From the All menu, navigate to Users page under User Administration section.
  2. From Users page, search for the created Oleria service account (e.g.  “Oleria Integrator - tenantName”) and click on its name.
  3. From the User page, scroll down to the bottom of the page and click on Roles tab.
  4. From the Roles tab, click on Edit… button.
  5. From Edit Members page, from the Collection column, search for sn_incident_write role, select the role, and then click on the Add icon (arrow pointing to the right) found in between the Collection and Roles List columns to add the role to the selection list.
  6. From Edit Members page, click Save button.

Step 2h: Find the Assignment Group sys_id

  1. From the All menu, navigate to Groups page under System Security > Users and Groups section.
  2. From Groups page, find the group you want to assign incidents to (eg RiskRemediators) and view the group. Create a new group if needed.
  3. From the Group page, click on the three horizontal lines icon in the upper left-hand corner, and then click Copy sys_id option.
  4. COPY the sys_id (assignment group sys_id) value to use later during Oleria integration.

Step 3: Steps in Oleria 

  1. To navigate to the page to integrate the ticketing system, there are 2 methods. They are the following: 
    1. From the Risk Monitoring page, click on any risk and you will be suggested to integrate a ticketing system. 
    2. From the Avator on the upper right hand corner, click on the Avatar, and then click Ticketing system.

<doc_warning>Warning: Ticketing system is not configured from the Integrations page. <doc_warning>

  1. From the Ticketing system page, follow the prerequisite instructions for the ticketing system. These are the steps that were followed previously in Step 2: Steps in ServiceNow
  2. From the Ticketing system page, under the desired ticketing system (ServiceNow), click Connect.
  3. From the Ticketing System Authentication page,  provide the information needed to connect to the ticketing system and then click Connect.
    1. Provide the following information:
Field
 Value
 Example
Instance name
 Instance name portion of the ServiceNow URL where the tickets should be created. https://instanceName.service-now.com instanceName
Client ID
 Client ID for the Oleria OAuth JWT application in ServiceNow abc12345d6789d0123f456g78hi9jk012
Key ID
 Key ID or Key IDentifier that maps the Oleria OAuth JWT APPLICATION to the Oleria public key a1234567b901c2345d6e7890fgh12ij3
Service Account email
 Email for the Oleria service account used to create tickets in ServiceNow oleriaticketing@oleria.com

  1. From the Ticketing System Configuration page, provide the information that will be used to create the ticket and then click Done.some text
    1. Provide the following information:
Field
 Value
 Example
Assignment Group ID
 sys_id for the group that will be assigned to the created tickets in ServiceNow a1bcdef2345g67890hi12j345klm67n8

  1. A confirmation message will appear.
  2. The Ticketing system page will show the configured ticket system only.

Locate Assignment Group ID

  1. From the All menu, navigate to Groups page under System Security > Users and Groups section.
  2. From Groups page, find the group you want to assign incidents to (eg RiskRemediators) and view the group. Create a new group if needed.
  3. From the Group page, click on the three horizontal lines icon in the upper left-hand corner, and then click Copy sys_id option.
  4. COPY the sys_id (assignment group sys_id) value to use later during Oleria integration.

Created Ticket

A ticket created for a risk from Risk Monitoring will contain the following default field values:

Field
 Default Value
 Note
Caller
 Oleria Ticketing This is the name of the service account that is used by Oleria to generate tickets in ServiceNow.
Assignment group
 [provided during configuration] This is the assignment group provided during the ServiceNow ticketing system integration.
Short description
 “Risk was identified by Oleria: “ + [value] This contains a standard prefix for all tickets created from a risk and it will contain the risk name that appeared in Oleria for the risk the ticket was created for.
Description
 Risk: [value]
Potential Impact: [value]
Recommendation: [value]

Details: Risk Severity: [value]
Risk Type: [value]
Application: [value]
Application Instance: [value]

View risks in Oleria: [URL]
 This contains the details about the risk from where the ticket was created. It also contains the link to the risk.

Troubleshoot

Caller value does not appear in the Ticket

The Oleria Service Account's email address exists with another user accounts that that is causing confusion on which email user to list as the caller.

Resolution:

Change the Oleria Service Account's email address to another email address and then update the email address associated with the Application Registration for the OAuth JWT Claim Validation email address listed in the JWT Application that was created for Oleria.

Contact us

For questions about this integration, please contact us at support@oleria.com.

How can a comprehensive identity
security solution empower your team?

Let's talk