Before Authenticating
Before you can connect to data, you will need to ensure the authenticating user has the following permissions assigned. Before you can do this, the administrator of the account must elevate their role by navigating to User menu -> Elevate Roles -> check the security_admin box -> OK.
READ sys_db_object
Access to sys_db_object is required to connect to data. You can enable access to this as follows:
- Navigate to the System Security -> Access Controls (ACL). Select New to create an access control object.
- For Type, select record.
- For Operation, select read.
- For Name, select Table [sys_db_object] in the first drop-down and --None-- in the second drop-down.
- In the Requires role section, double-click the text box that says Insert a new row.... Search for and select your desired role.
- Click Submit to create the ACL object.
- Assign the role which has the created ACL to the authenticating user. To do this, navigate to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add your role from collection.
READ sys_glide_object
Access to the sys_glide_object is required for certain ServiceNow table metadata. You can enable access to this by repeating the above procedure, but instead selecting Field class [sys_glide_object] for the ACL's name.
READ sys_dictionary
Access to sys_dictionary is required to retrieve schema information from ServiceNow. You can enable access to this by navigating to User Administration -> Users -> Select authenticating user -> Roles -> Edit... -> add "personalize_dictionary" role from collection.
Using Basic Authentication
In order to authenticate using Basic Authentication you will need to provide your ServiceNow User and Password.
Authenticating to ServiceNow
After setting the following connection properties, you are ready to connect:
- AuthScheme: Set this to BASIC.
- User: Set this to your username.
- Password: Set this to your password.
- Instance: Set this to your instance. For example, if your instance URL is https://MyInstance12345.service-now.com/, set the Instance property to ' MyInstance12345 '.
- InitiateOAuth: Set this to OFF to avoid entering the OAuth Authorization process.
Using OAuth
ServiceNow uses the OAuth 2.0 authentication standard. To authenticate using OAuth, you will need to register an OAuth app with ServiceNow to obtain the OAuthClientId and OAuthClientSecret. In addition to the OAuth values, you will need to specify the Instance, User, and Password.
Using OAuth Authentication
OAuth requires the authenticating user to interact with ServiceNow using the browser. The provider facilitates this in various ways as described below.
Creating a Custom OAuth App
You can follow the procedure below to register an app and obtain the OAuth client credentials, the OAuthClientId and OAuthClientSecret. Note that you will need to activate the OAuth plugin for your instance if it is not active already.
- Log in to your ServiceNow instance.
- In the Navigator, click System OAuth -> Application Registry.
- Click New and then click Create an OAuth API Endpoint for External Clients.
- Select the Active check box and enter the details for your app.
Authenticate to ServiceNow
After setting the following connection properties, you are ready to connect:
- AuthScheme: Set this to OAUTH.
- InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.
- OAuthClientId: Set this to the Client Id in your app settings.
- OAuthClientSecret: Set this to the Client Secret in your app settings.
- User: Set this to your username.
- Password: Set this to your password.
- Instance: Set this to your instance. For example, if your instance URL is https://MyInstance12345.service-now.com/, set the Instance property to ' MyInstance12345 '.
- Extracts the access token from the response and authenticates requests.
- Refreshes the access token when it expires.
- Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
Connecting Through a Firewall or Proxy
HTTP Proxies
To connect through the Windows system proxy, you do not need to set any additional connection properties. To connect to other proxies, set ProxyAutoDetect to false.
In addition, to authenticate to an HTTP proxy, set ProxyAuthScheme, ProxyUser, and ProxyPassword, in addition to ProxyServer and ProxyPort.
Other Proxies
Set the following properties:
- To use a proxy-based firewall, set FirewallType, FirewallServer, and FirewallPort.
- To tunnel the connection, set FirewallType to TUNNEL.
- To authenticate, specify FirewallUser and FirewallPassword.
- To authenticate to a SOCKS proxy, additionally set FirewallType to SOCKS5.
Troubleshooting the Connection
To show provider activity from query execution to network traffic, use Logfile and Verbosity. The examples of common connection errors below show how to use these properties to get more context. Contact the support team for help tracing the source of an error or circumventing a performance issue.
- Authentication errors: Typically, recording a Logfile at Verbosity 4 is necessary to get full details on an authentication error.
- Queries time out: A server that takes too long to respond will exceed the provider's client-side timeout. Often, setting the Timeout property to a higher value will avoid a connection error. Another option is to disable the timeout by setting the property to 0. Setting Verbosity to 2 will show where the time is being spent.