Skip to main content

Celonis Product Documentation

ServiceNow Connection
Data Connection Setup

There are three steps to set up a ServiceNow data connection:

Let's look at these in detail.

  1. Configure a user with sufficient permissions in ServiceNow.

    In order to extract data from ServiceNow the Celonis Extractor requires a user with sufficient permissions. The following permissions are required:

    • the role soap_query

    • the role rest_service

    • access to the table sys_db_object

    • access to each table which should be extracted

    Important

    You need to be logged in as a user with elevated privileges because you need to modify access control lists (ACL).

    12321522.png
    1. Create a new role.

      In order to assign the correct access right to the user used for the Celonis extraction, we recommend creating a new role in the user administration section, e.g. z_celonis_extract as shown in the screenshot to the left.

      12321523.png
    2. Create a new user and assign the required roles.

      We recommend creating a new user for the data extraction. You need to assign the following roles to this user:

      • soap_query

      • rest_service

      • the role created in step 1a, e.g. z_celonis_extract

      12321524.png
    3. Elevate privileges of your user.

      In order to modify access control for the newly created Celonis role you need to elevate your privileges. You find this option when clicking on your user name in the top bar (see screenshot). This will be only temporary and can be revoked after the next steps are completed.

      12321525.png
    4. Allow access to the table sys_db_object.

      With the elevated role you can open access control lists (ACL). Here you need to create a new ACL with the following attributes:

      • Operation: read

      • Active: true

      • Name: Table [sys_db_object]

      • Field (Column): none

      • Required roles: the role created in step 1a, e.g. z_celonis_extract

      No other conditions should be necessary. For further information, consult the ServiceNow access control list rules.

      12321526.png
    5. Allow access to all the tables which should be extracted.

      With the elevated role you can open access control lists (ACL). Here you need to create a new ACL with the following attributes:

      • Operation: read

      • Active: true

      • Name: the name of the table

      • Field (Column): table.* (all fields selected)

      • Required roles: the role created in step 1a, e.g. z_celonis_extract

      No other conditions should be necessary. For further information, consult the ServiceNow access control list rules.

      This step has to be repeated for all required tables.

  2. Allowlist EMS IP addresses.

    Note

    Follow this step only if your system is IP-blocked.

    If your system is only reachable within a certain IP range, you need to allowlist the outbound IPs of the EMS, otherwise data cannot be extracted. The IPs of the EMS are different depending on the cluster (eu-1 or us-1). For the list of clusters and their IP addresses, see Allowlisting Celonis IP addresses.

  3. Create a Data Connection in a Data Pool.

    Enter the name of the new ServiceNow connection and then enter the following:

    • User: The user name of the user connecting with the ServiceNow system.

    • Password: The password of the user connecting with the ServiceNow system.

    • Tenant: The realm of your ServiceNow instance. The realm can be found by looking at the system URL. In this URL: https://mycompany.service-now.com for example "mycompany" would be the realm.

Data Extraction
Authentication

In order to connect to your ServiceNow system, you can choose between basic authentication (user name, password) and OAuth. The OAuth flow is a more secure way to transfer data from a client system to the EMS, because you do only need to include the client username and password in the first request, and then never again.

In order to authenticate via OAuth, you need to register Celonis as an application that has access to your account. Please follow the information on this page:

https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/task/t_CreateEndpointforExternalClients.html

As Redirect URL please use the following: https://auth.redirect.celonis.cloud/service-now_redirect

When setting up the data connection you also have the option to authenticate via OAuth, using the credentials you've defined in the OAuth client application.

Data Access

The Celonis connector performs read-only operations on your ServiceNow data. No writing changes (like updates, deletions) will be performed at any time during the extraction process.

Source System Impact

None of our customers have ever experienced performance issues through the ServiceNow connector in any way.

Security

Transfer of the data from the ServiceNow system to the target system is secured through HTTPS via TLS 1.2, which allows for an encrypted exchange of information.

Duration

Depending on the amount of data in your ServiceNow source system, the data extraction can take several hours.

Filters

Not all filter combinations with AND and OR are possible. Please follow the guidelines below:

These filters are possible

A AND B, example: sys_created_on > '2011-09-14' AND sys_updated_by = 'system'
A OR B, example: sys_created_on > '2011-09-14' OR sys_updated_by = 'system' 

(A AND B) AND C, example: (sys_created_on > '2011-09-14' AND sys_updated_by = 'system') AND sys_updated_on > '2018-12-05'
(A OR B) OR C, example: (sys_created_on > '2011-09-14' OR sys_updated_by = 'system') OR sys_updated_on > '2018-12-05'

A OR (B AND C), example: sys_updated_by = 'system' OR (sys_created_on > '2011-09-14' AND sys_updated_on > '2018-12-05')

If you would like to specify a filter like this

Impossible filter

A AND (B OR C), example: sys_updated_by = 'system' AND (sys_created_on > '2011-09-14' OR sys_updated_on > '2018-12-05')

it does not work in ServiceNow. However, you can use this logical equivalent instead:

Working filter

(A AND B) OR (A AND C), example: (sys_updated_by = 'system' AND sys_created_on > '2011-09-14') OR (sys_updated_by = 'system' AND sys_updated_on > '2018-12-05')