ServiceNow Integration

1. ServiceNow roles and permissions

Prior to creating the Oleria OAuth client endpoint (as described in step 2), you will need to validate that the user account you plan to use has the following roles and permissions in ServiceNow:

Some Base system roles (such as admin) will include access control to these tables. However, if you wish to grant only the minimum required access control to use the ServiceNow connector, you may want to create a custom role with these access control.

On top of these, the user must also have the necessary access control to the tables that are required in the integration use case. For example, to create an integration user that can perform standard ITIL helpdesk actions (open, update, close incidents, problems, changes, configuration management items), you will need to assign it the itil role. To grant access only to specific tables or tables besides those available in the base system roles, we recommend creating custom roles and assigning the appropriate access control as needed.

Creating custom roles

If you do not wish to use any of the Base system roles to connect, then you can create a custom role with sufficient access control for the tables you want to work with.First, create a role in your ServiceNow instance with a name that indicates usage with the  connector (For example, Oleria integrator). Refer to this documentation for more details about creating roles. When this is completed, your new role must be given the following access control rules to use the ServiceNow connector.

Only a user with security_admin role has the ability to edit or create access control. Check with your ServiceNow administrator if you are unsure. Read more about Elevated privilege roles

Next, this role should be assigned the relevant access control to use the triggers/actions you need in your integration use case. For a workflow that requires triggering of closed incident events, the user must have a custom role that includes access control to read and write to the incident table.

Additional access control required for specific tables

Remember to elevate to a privileged role (security_admin) to edit Access Control records.

Elevate to privilege role

Granting access control rule for incident table to custom role

2. Oleria OAuth client endpoint

Sign in to your ServiceNow instance as an admin, and create the Oleria application OAuth client in the ServiceNow Application Registry to represent the connection between Oleria and your organization's ServiceNow instance. Note that Oleria uses Workato to facilitate retrieval of your organization's access information, and this will require integration of some Workato-specific endpoints.
‍

ServiceNow Application Registry (click New)

Create an OAuth API endpoint for external clients

Fill in Name (e.g. Oleria Integration), and Submit the new record

Warning: ServiceNow's OAuth 2.0 refresh tokens expire after 100 days. To ensure that your Oleria integration continues to work, manually referesh the connection before expiry. Learn more about ServiceNow's OAuth2.

After creating the Oleria OAuth client, please view the integration from the ServiceNow Application Registry, and note down the Client ID and generated Client Secret. You will need these two pieces of information as well as the ServiceNow instance name when connecting ServiceNow from the Oleria Integrations page

3. Contact us

If you have any questions about this integration, please contact Oleria at info@oleria.com.