ServiceNow

Overview

The Veza integration for ServiceNow now enables the discovery of Users, Groups, Access Control List (ACL) Rules, and Roles from ServiceNow SaaS deployments, for release Tokyo and newer. You can create queries that target these ServiceNow entities and attributes to:

• Audit users with admin permissions in ServiceNow Instance.

• Explore User>Group and User>ACL Rule relationships

• Create Rules, Queries, and Reports to understand and regulate ServiceNow user roles.

See ServiceNow Entities and Attributes for more information.

To establish an outbound connection for creating tickets, see ServiceNow Notifications .

ServiceNow setup

Before adding the integration to Veza, you will need to log in to ServiceNow to create a user for Veza. To create this API-only user (service account):

1. Browse to https://<your_instance>.service-now.com and log in with an account that has the user_admin role.

2. Click on the "System Security" module in the left navigation menu.

3. Pick "Users" from the dropdown menu.

4. Click on the New button to create a user.

5. Enter required details for the Veza user, including the name, username, and password.

6. Enable Web service access only to only allow API calls and prevent UI access.

7. In the Roles section, assign the admin and snc_read_only roles. The sync_read_only role enforces read-only access.

8. Click Save to create the user.

Make note of the user ID and password to use when configuring the Veza Integration.

For more information, see Create A User (ServiceNow).

As an alternative to granting the admin and snc_read_only roles, you can create a custom role for the integration. You will need to edit each table's ACL to grant the role read-only access, and apply the role to the ServiceNow integration user.

Required tables:

• sys_user

• sys_user_group

• sys_user_grmember

• sys_user_role

• sys_user_role_contains

• sys_user_has_role

• sys_group_has_role

• sys_security_acl

• sys_security_operation

• sys_security_acl_role

• sys_db_object

• sys_package

Veza setup

1. Open Veza Configuration > Integrations

2. Click Add New and pick ServiceNow for the integration to add

3. Fill out the required information:

ServiceNow entities and attributes

The following properties are available to filter results and create fine-grained searches, queries, and workflows:

User

ServiceNow users are individual accounts that can access the platform. Each has a unique name, and can be assigned to one or more groups.

Group

Groups are collections of users based on role or function, used to grant permissions to several users at a time.

Role

A role is a collection of permissions, allowing a user or group to take a variety of actions. For example, a role might grant the ability to create, read, update, or delete certain types of records.

ACL Rule

ACL rules control access to ServiceNow resources by defining conditions that must be met before a user can perform an action. For example, an ACL rule might restrict a user's ability to view a particular field in a record.

* To show ACL Rule package names instead of package ids, you must enable Allow access to this table via web services on the ServiceNow table sys_table. See Application Access Web Services for more details on this optional step.