ServiceNow plugin
For more information about what this plugin does and the data streams it retrieves, see:
Monitor the Incidents and Change Requests from your ServiceNow environment.
To add a data source click on the + next to Data Sources on the left-hand menu in SquaredUp. Search for the data source and click on it to open the Configure data source page.
You can also add a data source by clicking Add data source on the Settings > Data Sources page, but pre-built dashboards are not added when using this method.
Before you start
The ServiceNow account must use yyyy-MM-dd
date format for the data streams to populate the date columns. The date format is configured in the ServiceNow account profile. This requirement applies to both authentication methods.
When configuring the data source, you must select the authentication type to use to connect to ServiceNow.
The default and recommended method is supplying a ServiceNow API key, to which you have applied the required authentication policies.
However, if you cannot use an API key to authenticate then you can instead choose Basic authentication and supply log in credentials. In this case, the account you log in with will require specific permissions configured.
Configuring API key authentication
To authenticate the data source using the recommended API Key method, you must assign the Aggregate API, Table API and GlideRecord API policies to a ServiceNow API key, which is itself assigned to a ServiceNow user you created.
When configuring the data source, you then supply that same API key in the plugin settings.
Creating a user in ServiceNow
- In ServiceNow, navigate to All > User Administration > Users.
- Click New.
- Complete the details for the user.
- Ensure the Date format is set to
yyyy-MM-dd
. - Add the
ITIL
andrest_api_explorer
roles to the user. See Configuring authentication permissions. - Click Submit.
Creating an API key in ServiceNow
- In ServiceNow, navigate to All > System Web Services > API Access Policies > REST API Key.
- Click New.
- Configure the following:
- Name:
Enter a name to identify the REST API Key. - User:
Specify the User you previously created.
- Name:
- Click Update.
Creating an authentication profile
- In ServiceNow, navigate to All > System Web Services > API Access Policies > Inbound Authentication Profiles.
- Click New.
- Click Create API Key authentication profile when prompted to choose a profile type.
- Configure the following:
- Name:
Enter a name to identify the authentication policy. - Auth Parameter:
Select the x-sn-apikey option of type Auth Header.
- Name:
- Click Update.
Creating API access policies
- In ServiceNow, navigate to System Web Services > REST API Access Policies.
- Create the following three authentication policies, completing each field as described.
- For each of the authentication policies you created, do the following:
- Open the policy.
- Click Insert a new row in the Inbound authentication profiles table.
- Add the authentication profile you previously created.
Configuring authentication permissions
When configuring the data source, the permissions of the ServiceNow account you are use will affect what you can see and do in the tile.
SquaredUp recommends using a service account specifically created to use with the ServiceNow plugin so you can tailor the required permissions. You can assign permissions in the following way:
- ServiceNow permissions assignment with roles:
Give the ServiceNow account the ITIL and rest_api_explorer roles. - ServiceNow permissions assignment with ACLs, in place of roles:
If you don't want to use the ITIL role (for licensing or security reasons) give the ServiceNow account only the rest_api_explorer role and use ACLs to give the account more rights. Using accounts without the ITIL role may cause data streams to error.When you are using an account without the roles specified in this article, then the functionality of the ServiceNow plugin is limited.
You can grant the specific permissions required more granularly by creating a custom role and assigning the specific ACLs or assigning the ACLs themselves directly to a user account:
ACLs can be added in two ways:
- Adding them directly to a user account, meaning you are adding the ACLs to the service account you are using for the ServiceNow plugin.
- Adding them to a role. We recommend that you create a new role specifically just for adding the ACLs to it. Then you need to assign the role to the service account you are using for the ServiceNow plugin.
A benefit of adding the ACLs to a role is that it makes them easier to manage and you can assign the role to different users (in this case, service accounts) if you want to use different service accounts for different instances of the ServiceNow plugin.
You need to add the following ACLs:
sys_filter
sys_dictionary.*
sys_dictionary
sys_db_object
sys_ui_list
sys_db_object.*
sys_ui_list.*
Configuring the data source
Display name:
Enter a name for your data source. This helps you to identify this data source in the list of your data sources.- URL:
Enter the URL of your ServiceNow instance. - Authentication Type:
Select the method of authenticating the data source connection. Choose from:- API key:
Specify the ServiceNow API key you configured. See Configuring API key authentication. - Basic:
Specify the Username and Password of the service account you configured. See Configuring authentication permissions.
- API key:
- Custom classes:
Optionally, specify the table names of any custom classes you want top import. By default, the data source imports theBusiness Application
class (table name:cmdb_ci_business_app
) and theService
class (table name:cmdb_ci_service
). Restrict access to this data source:
You can enable this option if you only want certain users or groups to have access to the data source, or the permission to link it to new workspaces. See data source access control for more information.The term data source here really means data source instance. For example, a user may configure two instances of the AWS data source, one for their development environment and one for production. In that case, each data source instance has its own access control settings.
By default, Restrict access to this data source is set to off. The data source can be viewed, edited and administered by anyone. If you would like to control who has access to this data source, switch Restrict access to this data source to on.
Use the Restrict access to this data source dropdown to control who has access to the workspace:
- By default, the user setting the permissions for the data source will be given Full Control and the Everyone group will be given Link to workspace permissions.
- Tailor access to the data source, as required, by selecting individual users or user groups from the dropdown and giving them Link to workspace or Full Control permissions.
- If the user is not available from the dropdown, you are able to invite them to the data source by typing in their email address and then clicking Add. The new user will then receive an email inviting them to create an account on SquaredUp. Once the account has been created, they will gain access to the organization.
- At least one user or group must be given Full Control.
- Admin users can edit the configuration, modify the Access Control List (ACL) and delete the data source, regardless of the ACL chosen.
See Access control for more information.
Click Test and add to validate the data source configuration. SquaredUp will now attempt to connect to SquaredUp using the provided authentication method.
- Testing passed – a success message will be displayed and then the configuration will be saved.
- Testing passed with warnings – warnings will be listed and potential fixes suggested. You can still use the data source with warnings. Select Save with warnings if you believe that you can still use the data source as required with the warnings listed. Alternatively, address the issues listed and then select Rerun tests to validate the data source configuration again. If the validation now passes, click Save.
- Testing Failed – errors will be listed and potential fixes suggested. You cannot use the data source with errors. You are able to select Save with errors if you believe that a system outside of SquaredUp is causing the error that you need to fix. Alternatively, address the issues listed and then select Rerun tests to validate the data source configuration again. If the validation now passes, click Save.
You can edit any data source configurations at any time from Settings > Data Sources.
Next steps
Dashboards
The following pre-built dashboards can be installed with this plugin:
- Active Incidents: Lists your active incidents and displays different count visualizations based on priority and state.
- Active Change Requests: Lists your active change requests and displays different count visualizations based on priority and state.
Data streams
You can use these data streams to create new tiles to show data, or if there are preconfigured dashboards installed you can copy or edit those.
Data streams standardize data from all the different shapes and formats your tools use into a straightforward tabular format.
While creating a tile you can tweak data streams by grouping or aggregating specific columns.
Depending on the kind of data, SquaredUp will automatically suggest how to visualize the result, for example as a table or line graph.
Data streams can be either global or scoped:
- Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
- A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").
See Data Streams for more information.
The following data streams are installed with this plugin.
Configurable data streams
The following data streams have configurable Parameters.