Skip to main content
All CollectionsConnectors
ServiceNow Connector
ServiceNow Connector
Cindy Chang avatar
Written by Cindy Chang
Updated over 2 months ago

Overview

  • Glean currently indexes Knowledge Articles, Service Catalog items, ITSM incidents, APM Business Applications and SPM demands, epics and projects along with their associated permissions

  • In order to do so, the ServiceNow admin creates a dedicated ServiceNow user with access only to the above doctypes

  • For crawling advanced user criteria, the ServiceNow admin creates a Scripted Rest API

Integration Features

  • Index all Knowledge Articles and Service Catalog Items and all their associated permissions.

  • Simple permissions for ITSM, APM and SPM object types. Users with specific roles are granted access to all the documents. If you use custom ITSM permissions, please reach out to Glean support.

  • Additional configurations for custom ServiceNow URLs and custom Knowledge Article templates.

  • Support for advanced user criteria through a custom Scripted REST API in your ServiceNow instance.

  • Greenlist content by knowledge bases

API Usage

Glean uses the Table API to crawl relevant tables for ServiceNow content and permissions. For this, we have you create a dedicated ServiceNow user with access to the required tables through the Table API. We also use a Scripted Rest API that is configured as part of the setup to crawl advanced user criteria.

Setup

Required permissions for setup

  • The user setting up this data source must be a ServiceNow Admin.

Other prerequisites

  • You are currently using the ServiceNow Simple setup, please use the advanced setup if you want Glean to support advanced user criteria or want to start the crawl in Proof Of Concept mode

  • Glean currently only indexes Knowledge Articles, Service Catalog items, ITSM incidents (incident table), APM Business Applications (cmdb_ci_business_app table) and SPM demands, epics and projects ( dmn_demand, rm_epic, pm_project tables) in ServiceNow. To enable this, the ServiceNow admin creates a dedicated ServiceNow user with access only to the above doctypes.

  • All steps are to be done by a ServiceNow administrator. Note that the described steps are for the Tokyo release. If your instance is on a different ServiceNow release, the steps may differ slightly. If you have any questions, please contact Glean support.

  • Glean also supports additional configurations for custom ServiceNow URLs and custom Knowledge Article templates. If applicable, please contact Glean support to set these up after completing the below steps.

  • Glean supports simple permissioning for ITSM, APM and SPM object types we support. Users with specific roles are granted access to all the documents. If you require a customized role, please reach out to Glean support.

Installation Process (Simple)

1. Create a service account that Glean will use for fetching information from ServiceNow:

  • Navigate to Organization > Users and click New.

    • Set User ID to gleansearch.

    • Check Web service access only.

    • Set Time zone to GMT. This is required for new content updates to be picked up by Glean.

    • Leave the remaining fields as-is. Click Submit.

  • Click on the gleansearch user that was created.

    • Click Set Password and choose a strong password.

    • Click Roles > Edit... and add the following roles:

      • knowledge_admin

      • user_criteria_admin

      • user_admin

      • catalog_admin snc_read_only

      Only add the following role if it exists in your instance:

      • snc_internal

      Add the following role if you want to index ITSM incidents as well

      • itil

      Add the following role if you want to index APM Business Applications

      • sn_apm.apm_user

      Add the following role if you want to index SPM documents (demands, projects and epics)

      • it_demand_user

      • it_project_user

      • scrum_user safe_scrum_user

Note: Glean accesses only the following tables:

  • sys_user

  • sys_user_has_role

  • sys_user_group

  • sys_user_grmember

  • user_criteria kb_knowledge kb_knowledge_base

  • kb_uc_can_read_mtom

  • kb_uc_cannot_read_mtom

  • kb_uc_can_contribute_mtom

  • kb_uc_cannot_contribute_mtom

  • kb_category

  • kb_use sc_cat_item

  • sc_cat_item_user_criteria_mtom

  • sc_cat_item_user_criteria_no_mtom

  • sc_category sc_catalog

  • sys_audit_delete (if provided access)

  • incident (if enabled)

  • cmdb_ci_business_app (if enabled)

  • dmn_demand (if enabled)

  • pm_project (if enabled)

  • rm_epic (if enabled)

2. Provide access to sys_audit_delete table. This will help in faster updates to document permissions when identity data changes.

  • Create a new role: read_access_sys_audit_delete:

    • Navigate to User Administration > Roles.

    • Click on New and enter the name as read_access_sys_audit_delete

    • Save.

  • Add an ACL rule that gives this role read access to the sys_audit_delete table:

    • Elevate role to security_admin to be able to create a new ACL.

    • Navigate to System Security > Access Control (ACL).

    • Click on New and enter the following details.

      • Type: record

      • Operation: read

      • Name: Select the sys_audit_delete table

      • Add the new read_access_sys_audit_delete role under Requires role

      • Submit.

  • Assign the new role read_access_sys_audit_delete to gleansearch user.

3. Configure an OAuth application that will provide access tokens to Glean acting as the above user:

  • Navigate to System OAuth > Application Registry and click New.

  • Click Create an OAuth API endpoint for external clients.

  • Set Name to Glean Search OAuth.

  • Set Refresh Token Lifespan to 2,147,483,647.

  • Set Access Token Lifespan to 86,400.

  • Leave the remaining fields as-is. Click Submit.

4. Validate System Properties:

  • Navigate to the System Properties List (All > Enter sys_properties.list).

  • Identify and note the system property glide.knowman.apply_article_read_criteria and its value.

  • Identify and note the system property glide.knowman.block_access_with_no_user_criteria and its value.

  • Identify if you have Knowledge Article templates enabled and want to index template-based articles.

    • Navigate to All > System Applications > All Available Applications > All

    • Look for the plugin Knowledge Management Advanced (com.snc.knowledge_advanced) and check if it is enabled.

    • You can learn more about knowledge article templates here.

5. Finally, enter the following information into the Glean admin console in the corresponding fields:

  • Domain Name: Accepts domain or domain url. Note, the domain url should not include any http prefixes, and should follow the format of <domain>.service-now.com. It is preferred to enter the domain url

  • User ID: gleansearch

  • Password: The password you chose in step 1.

  • OAuth Client ID: Client ID from the application in step 3.

  • OAuth Client Secret: Client Secret from the application in step 3.

  • Set the Apply article read criteria box to mirror the system property glide.knowman.apply_article_read_criteria.

  • Set the Block access with no user criteria box to mirror the system property glide.knowman.block_access_with_no_user_criteria.

  • If you have Knowledge Article templates enabled in your instance, check the Enable fetching template-based knowledge articles box.

  • Tick the checkbox for the document types you want Glean to index

Installation Process (Advanced)

Required permissions for setup

  • The user setting up this data source must be a ServiceNow Admin.

Other prerequisites

  • You are currently using the ServiceNow Advanced setup, to start the crawl in Proof Of Concept mode please contact Glean support

  • This setup requires you to set up scripted REST API in ServiceNow

  • Glean currently only indexes Knowledge Articles, Service Catalog items, ITSM incidents (incident table), APM Business Applications (cmdb_ci_business_app table) and SPM demands, epics and projects ( dmn_demand, rm_epic, pm_project tables) in ServiceNow. To enable this, the ServiceNow admin creates a dedicated ServiceNow user with access only to the above doctypes.

  • All steps are to be done by a ServiceNow administrator. Note that the described steps are for the Tokyo release. If your instance is on a different ServiceNow release, the steps may differ slightly. If you have any questions, please contact Glean support.

  • Glean also supports additional configurations for custom ServiceNow URLs and custom Knowledge Article templates. If applicable, please contact Glean support to set these up after completing the below steps.

  • Glean supports simple permissioning for ITSM, APM and SPM object types we support. Users with specific roles are granted access to all the documents. If you require a customized role, please reach out to Glean support.

1. Create an ACL to be used for the REST API:

  • Elevate role to get “security_admin” role (This is found on the "System Administrator" Header Banner). Note that by default this is only set for the user account whose name is “admin”

  • Navigate to Access Control (ACL), and create a new ACL with the following properties:

    • Set type=Rest_endpoint

    • Set protection policy=Read only (if possible)

    • Set Name=GleanSearch

    • Set Role=knowledge_admin, catalog_admin, itil (only if you want to index ITSM incidents as well)

    • Set operation=execute

2. Configure the body of the REST API that provides the User Criteria information for a given user:

  • Navigate to Scripted REST APIs

  • Create a new API called GleanSearch and API ID gleansearch

  • Set Protection=”Read only”

  • Remove existing default acl and add GleanSearch acl as default acl

  • Create a new REST endpoint

    • Name=GetUserCriteria

    • HTTP method=GET

    • Relative path = /user_criteria

    • Protection policy=Read only

    • Ensure Requires Authentication and Requires Authorization are checked

    • Remove the default Scripted REST external default and set GleanSearch

    • Verify that the resource path is /api/<API_NAMESPACE>/gleansearch/user_criteria (API namespace value needs to be entered in the corresponding box )

    • Add the following as the script (function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) { var queryParams = request.queryParams; var userID = new String(queryParams.user); return new sn_uc.UserCriteriaLoader.getAllUserCriteria(userID); })(request, response);

3. Create a service account that Glean will use for fetching information from ServiceNow:

  • Navigate to Organization > Users and click New.

    • Set User ID to gleansearch.

    • Check Web service access only.

    • Set Time zone to GMT. This is required for new content updates to be picked up by Glean.

    • Leave the remaining fields as-is. Click Submit.

  • Click on the gleansearch user that was created.

    • Click Set Password and choose a strong password.

    • Click Roles > Edit... and add the following roles: knowledge_admin user_criteria_admin user_admin catalog_admin web_service_admin snc_read_only Only add the following role if it exists in your instance: snc_internal Add the following role if you want to index ITSM incidents as well itil Add the following role if you want to index APM Business Applications sn_apm.apm_user Add the following role if you want to index SPM documents (demands, projects and epics) it_demand_user it_project_user scrum_user safe_scrum_user

Note: Glean accesses only the following tables:

  • sys_user

  • sys_user_has_role

  • sys_user_group

  • sys_user_grmember

  • user_criteria kb_knowledge kb_knowledge_base

  • kb_uc_can_read_mtom

  • kb_uc_cannot_read_mtom

  • kb_uc_can_contribute_mtom

  • kb_uc_cannot_contribute_mtom

  • kb_category

  • kb_use sc_cat_item

  • sc_cat_item_user_criteria_mtom

  • sc_cat_item_user_criteria_no_mtom

  • sc_category sc_catalog

  • sys_audit_delete (if provided access)

  • incident (if enabled)

  • cmdb_ci_business_app (if enabled)

  • dmn_demand (if enabled)

  • pm_project (if enabled)

  • rm_epic (if enabled)

4. Provide access to sys_audit_delete table. This will help in faster updates to document permissions when identity data changes.

  • Create a new role: read_access_sys_audit_delete:

    • Navigate to User Administration > Roles.

    • Click on New and enter the name as read_access_sys_audit_delete

    • Save.

  • Add an ACL rule that gives this role read access to the sys_audit_delete table:

    • Elevate role to security_admin to be able to create a new ACL.

    • Navigate to System Security > Access Control (ACL).

    • Click on New and enter the following details.

      • Type: record

      • Operation: read

      • Name: Select the sys_audit_delete table

      • Add the new read_access_sys_audit_delete role under Requires role

      • Submit.

  • Assign the new role read_access_sys_audit_delete to gleansearch user.

5. Configure an OAuth application that will provide access tokens to Glean acting as the above user:

  • Navigate to System OAuth > Application Registry and click New.

  • Click Create an OAuth API endpoint for external clients.

  • Set Name to Glean Search OAuth.

  • Set Refresh Token Lifespan to 2,147,483,647.

  • Set Access Token Lifespan to 86,400.

  • Leave the remaining fields as-is. Click Submit.

6. Validate System Properties:

  • Navigate to the System Properties List (All > Enter sys_properties.list).

  • Identify and note the system property glide.knowman.apply_article_read_criteria and its value.

  • Identify and note the system property glide.knowman.block_access_with_no_user_criteria and its value.

  • Identify if you have Knowledge Article templates enabled and want to index template-based articles.

    • Navigate to All > System Applications > All Available Applications > All

    • Look for the plugin Knowledge Management Advanced (com.snc.knowledge_advanced) and check if it is enabled.

    • You can learn more about knowledge article templates here.

7. Finally, enter the following information into the Glean admin console in the corresponding fields:

  • Domain Name: Accepts domain or domain url. Note, the domain url should not include any http prefixes, and should follow the format of <domain>.service-now.com. It is preferred to enter the domain url

  • User ID: gleansearch

  • Password: The password you chose in step 3.

  • OAuth Client ID: Client ID from the application in step 5.

  • API Namespace: Copy over the API namespace for the scripted REST API you created in step 2

  • OAuth Client Secret: Client Secret from the application in step 4.

  • Set the Apply article read criteria box to mirror the system property glide.knowman.apply_article_read_criteria.

  • Set the Block access with no user criteria box to mirror the system property glide.knowman.block_access_with_no_user_criteria.

  • If you have Knowledge Article templates enabled in your instance, check the Enable fetching template-based knowledge articles box.

  • Tick the checkbox for the document types you want Glean to index

Click Save in Glean. You’re all set!

For any questions or issues with this setup, please reach out to support@glean.com.

Did this answer your question?