ServiceNow Policy Exception

ServiceNow Policy Exception allows for deviation from established policies using formal authorizations within the platform. These exceptions are typically granted when there is a business need that justifies the deviation. More information can be found in ServiceNow Documentation.

Integration Method: API

Tables: Ticket Inventory (99405001)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• The user should have access to ServiceNow with Admin privilege to create an OAuth API endpoint for external clients.

• The user should have “sn_compliance.reader” privilege to fetch Compliance Policy Exception.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate API credentials on the ServiceNow console with the required user roles.

   1. Create OAuth client application.

   2. Create user.

   3. Assign roles to user.

2. Add the ServiceNow data feed integration in the DataBee console with the required API credentials.

   DataBee Parameter	ServiceNow Parameter
   Client Key	Client ID
   Client Secret	Client Secret
   Username	User ID
   Password	Password
   TOKEN URL :<instance>	ServiceNow Instance
   API URL :<instance>	ServiceNow Instance

ServiceNow Configuration

The scope mechanism enables application to have limited access. ServiceNow platform supports authentication scopes to allow admins to limit access of an OAuth client application to a specific REST API.

Create OAuth client application

1. Get the servicenow instance from the URL as highlighted below.
    

2. Navigate to All.

   1. In the search bar, enter System OAuth.

   2. Navigate to System OAuth > Application Registry.
       

3. Click on the New button.
    

4. On the Interceptor page, click Create an OAuth API endpoint for external clients.
    

5. Fill in the required details in the form:

   1. Name: enter a unique name for OAuth client application.

   2. Client ID: automatically generated by the ServiceNow OAuth server.

   3. Client Secret: enter Client secret for the OAuth application or leave empty for auto generation.

   Copy the Client ID for later use.

   Click on the Submit button.

   
   

   6. Select the Application Registries we have created in the previous step.
    

   7. Click on Lock icon then save the Client Secret for later user.
    

   Name	Unique Name that identifies the application
   Client ID	This is auto generated by the instance and used to configure DataBee
   Client Secret	This is auto generated and used to configure DataBee.
   Refresh Token Lifespan	8,640,000 seconds (100 days) & can be increased
   Access Token Lifespan	1800 seconds (30 Minutes) & can be increased

Create User

1. Navigate to All.

   1. In the search bar, enter User Administration.

   2. Navigate to User Administration > Users.
      
      

2. Click on the New button. The “Create User” form window will appear.
    

3. Fill in the required fields to create a user:

   1. User ID: enter a unique username.

   2. First Name: enter the user's first name.

   3. Last Name: enter the user's last name.

   4. Time Zone: set to GMT/UTC to ensure the API response includes GMT/UTC dates.

   5. Date Format: set to System (yyyy-MM-dd).

   6. Active: ensure the checkbox is selected.

   7. Locked Out: ensure the checkbox is not selected.

   The user must be active and not locked out to allow the instance to generate an access token for OAuth.
   Copy the User ID for later use.
   Click the Submit button.

   
   

4. Search username for the ‘User ID’ created in the previous step and click on it.
    

5. Click on the Set Password button.
    

6. Click on the Generate button and copy the password for later use.

   1. Click on the Save Password button.

   2. Click on the Close button.
       

Assign roles to user

1. Go to Roles tab and click on Edit to assign roles to user.
   
   

2. In the search bar:

   1. Enter "sn_compliance.reader" and click Add.

   2. Click the Save button.
       

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.

   

2. Search for ServiceNow Policy Exception and click it as shown below.

   
   

3. Click on the API Ingest for collection method.
    

4. Enter feed contact information and click Next.
    

5. In the configuration page, enter the following:

   • API Base URL: replace <instance> with your ServiceNow Instance.

   • Authorization Method: OAuth2

   • Username: paste the User ID.

   • Password: paste the Password.

   • Client Key: paste the Client ID generated earlier in the ServiceNow Platform.

   • Client Secret: paste the Client Secret generated earlier in the ServiceNow Platform.

   • Token URL: replace <instance> with your ServiceNow Instance.

   • Event Types: preselected for all the event types that the integration pulls.
      

6. Click Submit.

Troubleshooting Tips

• Ensure the client key, client secret, instance, username and password are pasted correctly. Since you cannot view the client key and secret after the 1^st time, re-create the creds, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

• Make sure the required user role is assigned.