ServiceNow

ServiceNow provides cloud-based services such as Software as a Service (SaaS) and Platform as a Service (PaaS) that automate enterprise IT operations.

Information Stored
Minimum Permissions Required
Authentication Method
Credentials Required
License Types
Integrating ServiceNow with SaaS Management
API Endpoints with License Differentiation
API Endpoints without License Differentiation

Information Stored

The following table describes the available integration tasks and stored data.

Available Integration Tasks

Integration Task

Information Stored

Application Roster

Username
Email
First Name
Middle Name
Last Name
Active Date
Roles

Application Access

Username
User Event (for further details, refer to ServiceNow User Events Tracked in SaaS Management)
Time Occurred

Note:During the first run of the Application Access task, Flexera pulls data for only the last 6 days.

License Differentiation

See License Types and Tracking Application Activity by License Type for License Differentiation.

Reclamation

Once the reclamation task is executed for the selected users, the entire account and licenses associated with that user will be deleted, and the user will no longer have access to ServiceNow.

For details, refer to Reclaiming SaaS Licenses.

Note:The information stored is subject to change as enhancements are made to the product.

ServiceNow User Events Tracked in SaaS Management

When the Application Access integration task is enabled, SaaS Management tracks ServiceNow user events such as, but not limited to, the activities listed in the table below.

ServiceNow User Events Tracked in SaaS Management

ServiceNow User Events Tracked in SaaS Management

Catalog_channel_analytics_Usage

Pa Dc Collect Predictive Completed

Rota On_call Report

Sn_appclient Check For Update

Event Transfer

Pa Job Dc Ended Ok

Sc_cart_item multi_row Orphan Delete

Sn_appclient Update System Property

Glide Heartbeat

Request Approval Inserted

Sc_req_item Change Stage

Sn_dependentclient Check Dependent_apps

Incident Inactivity

Request Approval Rejected

Sc_req_item Inserted

Snc Subscription Definition Count

Live_feed Update

Request Approved

Sc_req_item Updated

Snc Subscription Download Completed

Login

Request Inactive

Sc_task Assigned To Group

Task Approved

Login Failed

Request Inserted

Sc_task Assigned To User

Task Rejected

Logout

Request Requested_for

Sc_task State Changed

Text Index

Notification_engine Process

Request Updated

Session Established

Text_index Reap

Notification_provider Process

Rota On_call Reminder

Sn_appauthor Check Config Update

User View

To access ServiceNow user event activities:

1. Navigate to the SaaS menu and click Managed SaaS Applications. The Managed SaaS Applications screen appears.
2. On the Managed SaaS Applications screen, select the appropriate ServiceNow instance link. The instance’s Overview tab opens by default.
3. Click the Users tab.
4. Within the Users tab table, click the appropriate user’s Email column link. The user details slideout appears.
5. Click the View more user details link, which takes you to the Administration > SaaS Settings > Organization > All SaaS Users screen and displays the user’s All SaaS Users Screen Usage Statistics. One of the usage statistics is the Activity (Last 90 Days) tab, which lists the ServiceNow user event activity information in the Activity and Notes columns.

Minimum Permissions Required

Minimum Permissions Required

Role

Description

Integration Task Name

admin, snc_read_only

These roles are required for retrieving the ServiceNow users and their activities. For details, refer to the Base System Roles section of the ServiceNow documentation.

Application Roster

Application Access

admin

This role is required to:

Retrieve the ServiceNow users and their activities
Manage user licenses for the Reclamation task.

For details, refer to the Base System Roles section of the ServiceNow product documentation.

Application Roster

Application Access

Reclamation

Follow the steps below to enable the correct ServiceNow user role permissions for an existing SaaS Management integration with ServiceNow.

To enable the correct user role permissions for an existing SaaS Management integration with ServiceNow, determine whether License Differentiation is enabled.

1. When License Differentiation is enabled for an existing SaaS Managementintegration with ServiceNow added using itil and snc_read_only permissions:
a. If you want to enable only the Application Roster and Application Access tasks, you are required to elevate the user role to admin and snc_read_only.
b. If you want to enable the Application Roster, Application Access, and Reclamation tasks, you are required to elevate the user role only to admin.
2. When License Differentiation is not enabled for an existing SaaS Managementintegration with ServiceNow:
a. If you want to enable only the Application Roster and Application Access tasks, you are required to have the rest_api_explorer role.
b. If you want to enable the Application Roster, Application Access, and Reclamation tasks, you are required to have the user_admin role. For details, refer to the Base System Roles section of the ServiceNow product documentation.

If you wish to have a custom role with a reading permission specific to the tables used in the integration API, then follow the steps below to create a custom role.

To create a custom role with a reading permission specific to the tables used in the integration API:

Important:If you enable the Reclamation task, the user_admin role and the custom role are required.

1. Sign in to your ServiceNow instance as a security_admin or sign in as a system administrator. Elevate your role by clicking System Administrator. Navigate to Elevate Roles and enable the security_admin check box, which enables this permission to edit the Access Control List.
2. To create a custom role, navigate to the Roles tab by searching for the “roles” keyword in the All Applications menu on the left side of the screen. Click the New button and enter the desired name for the role. Click Submit to create this new role.
3. In the All Application navigator, search for the “Access Control” keyword. Click Access Control (ACL) to navigate to the Access Control tab.
4. In the Access Control tab, search for the access control keyword “sys_user_has_role”. Click on the record with the read operation type, add the custom role created under the Requires Role section, and click Update.
5. Repeat the same steps for the “sys_user_role” Access Control record, add the custom role created to the Requires Role section, and click Update.
6. In the Access Control tab, search for the access control keyword “sysevent”. There will be two records with read operation.
a. Open the record type that does not contain the default entry of “pa_data_collector“.
b. Add the custom role created under the Requires Role section.
c. Click Update.

Authentication Method

Basic

Credentials Required

Instance Domain
Username
Password
Enable License Differentiation
Specify Fulfiller Roles
Specify Approver Roles

License Types

ServiceNow offers three types of licenses: Requester, Approver, and Fulfiller. The following table lists the ServiceNow license types displayed in the Activity tab.

ServiceNow License Types Displayed in the Activity Tab

Description

Requester

These end users access the instance through an employee self-service portal. Requesters have no associated roles.

Note:Since Requesters are free users, SaaS Management does not pull in these users.

Approver

These end users view or modify requests directed to the approver. Approvers can have the approver_user role. The Approver license type has an average cost per user.

Fulfiller

These end users access all functionality based on assigned roles. A popular fulfiller role is itil. The Fulfiller license type is the most expensive.

License Differentiation

SaaS Management offers a license differentiation feature that allows you to view users by license type. To view this license differentiation feature, navigate to the Activity tab of the ServiceNow App Details screen where you can filter and export the ServiceNow license types.

The total spend for the billable ServiceNow accounts displayed in the ServiceNow App Details screen is based on the ServiceNow license cost details entered in the License Details tab. For details, refer to Entering License Details for License Differentiation.

Integrating ServiceNow with SaaS Management

To integrate ServiceNow with SaaS Management, perform the following steps.

To integrate ServiceNow with SaaS Management:

1. Sign in to your ServiceNow instance, using the credentials of the ServiceNow user with permissions as outlined in the Minimum Permissions Required .
2. From the Instance URL, note the ServiceNow Instance Domain.

For example, if the Instance URL is https://dev70003.service-now.com, then the Instance Domain is dev70003.

Important:If you enter the ServiceNow Instance URL rather than the ServiceNow Instance Domain in the SaaS Management Instance Domain field, the integration will fail.

3. In SaaS Management, add the ServiceNow application. Refer to Adding an Application.
4. Copy and paste the ServiceNow Instance Domain into SaaS Management.
5. Enter the Username and Password of the ServiceNow user with privileges as outlined in the Minimum Permissions Required .
6. To enable License Differentiation for the integration, enter the appropriate value in the Enable License Differentiation field.

Example 1: Type YES to enable license differentiation and retrieve the Fulfiller/Approver roles assigned for the users.

Example 2: Type no or leave this field blank if you do not want to enable license differentiation. In this case, the Licenses column under the Users tab will show up empty, and no records will be displayed under the Activity tab.

7. To view specific ServiceNow Approver and Fulfiller license assigned users, enter the information below. When entering multiple roles, use comma delineation.
a. Enter the specific Fulfiller roles in the Specify Fulfiller Roles field.
b. Enter the specific Approver roles in the Specify Approver Roles field.
c. Leave the Specify Fulfiller Roles and Specify Approver Roles fields blank to pull in all users assigned any roles.

Note:If the Specify Fulfiller Roles and Specify Approver Roles fields are left blank, the Licenses column under the Users tab and the License Type column under the Activity tab display “No roles have been specified” for the user records.

Results: 

In the ServiceNow Users tab, the Approver and Fulfiller license types appear in the Licenses column.
In the ServiceNow Activity tab, the Approver and Fulfiller license types appear in the License Type column.
8. Click Authorize.
9. For further information on managing and optimizing your organization’s ServiceNow licenses, refer to:
Tracking Application Activity by License Type for License Differentiation
Reclaiming SaaS Licenses.

API Endpoints with License Differentiation

Application Roster

https://<<instance>>.service-now.com/api/now/stats/sys_user_has_role

 

https://<<instance>>.service-now.com/api/now/table/sys_user_has_role

Application Access

https://<<instance>>.service-now.com/api/now/stats/sysevent

 

https://<<instance>>.service-now.com/api/now/table/sysevent

Reclamation

https://<<instance>>.service-now.com/api/now/v2/table/sys_user_has_role/{sys_id}

API Endpoints without License Differentiation

Application Roster and Application Access

https://<<instance>>.service-now.com/api/now/stats/sys_user

 

https://<<instance>>.service-now.com/api/now/table/sys_user

Reclamation

https://<<instance>>.service-now.com/api/now/v2/table/sys_user/{sys_id}