Connecting to ServiceNow

Edit online

ServiceNow is a cloud-based platform that supports enterprise-wide service management across departments such as IT, HR, facilities, customer service, and more. Integrating ServiceNow with watsonx Orchestrate enables seamless automation of service workflows, incident tracking, and data synchronization across systems.

To enable this integration, establish a secure connection between both platforms. See Managing connections for more details.

Note: The Single sign-on (SSO) toggle is enabled only for supported OAuth 2.0 authentication types and applications. If the application does not support an SSO-enabled authentication type, the toggle remains disabled. For supported configurations, see Configuring single sign-on for applications.

Authentication methods

ServiceNow supports the following authentication types:

OAuth2 Authorization Code (default)
OAuth2 Password
Bearer Token
OAuth2 Token Exchange (requires SSO)
OAuth2 On Behalf Of Flow (OBO) (requires SSO)

Select the authentication type that matches your ServiceNow configuration and organizational requirements.

Important:

By default, Single sign-on (SSO) is disabled. To use OAuth2 Token Exchange or OAuth2 On Behalf Of Flow authentication types, enable SSO. Refer to Configuring single sign-on for applications.

Connecting to ServiceNow

To connect watsonx Orchestrate to ServiceNow:

From the main menu, go to Manage > Security.

Important:
In IBM Cloud and the on-premises environment, use the Manage > Connections navigation path to access connections.
Click the Connections tab and search for the corresponding app name or the ServiceNow connection ID.
Click the edit icon to configure the connection.
Select the environment where you want to create the connection:
- Draft: for testing and development
- Live: for production use
From the Authentication Type dropdown, select the authentication type that matches your ServiceNow configuration:
- OAuth2 Authorization Code (default)
- OAuth2 Password
- Bearer Token
- OAuth2 Token Exchange (appears only when SSO is enabled)
- OAuth2 On Behalf Of Flow (OBO) (appears only when SSO is enabled)
Provide the required values based on your selected authentication type. Refer to the Authentication type configuration fields section for details.
Choose the appropriate credential type:
- Member credentials: Each user accesses the application with their personal credential
- Team credentials: All users can access the application with their team credential
Save the connection and test it to confirm that ServiceNow is successfully connected.

Note: The check icon icon indicates that the connection was successfully established.

Authentication type configuration fields

The following tables describe the configuration fields for each authentication type.

OAuth2 Authorization Code

OAuth2 Authorization Code is the default authentication type for ServiceNow connections. See Authentication types overview.


Field	Required	Description
`server_url`	Yes	The base URL of your ServiceNow instance
`authorization_url`	Yes	The URL where users are redirected to log in and authorize access
`token_url`	Yes	The endpoint used to exchange the authorization code for an access token
`client_id`	Yes	The client ID of your ServiceNow app
`client_secret`	Yes	The client secret associated with your app in ServiceNow

OAuth2 Password

OAuth2 Password authentication is suitable for trusted applications that directly handle user credentials.


Field	Required	Description
`server_url`	Yes	The base URL of your ServiceNow instance
`token_url`	Yes	The endpoint used to exchange credentials for an access token
`client_id`	Yes	The client ID of your ServiceNow app
`client_secret`	Yes	The client secret associated with your app in ServiceNow
`username`	Yes	Your ServiceNow username
`password`	Yes	Your ServiceNow password
`scope`	Yes	The permissions or resources to which access is allowed

Bearer Token

Bearer Token authentication uses a token for authentication.


Field	Required	Description
`server_url`	Yes	The base URL of your ServiceNow instance
`bearer_token`	Yes	Your ServiceNow bearer token

OAuth2 Token Exchange

OAuth2 Token Exchange enables secure token delegation across services. This authentication type requires SSO to be enabled. For more information, see OAuth2 Token Exchange.

Prerequisites:

SSO must be enabled for your application


Field	Required	Description
`token_url`	Yes	The endpoint used to exchange tokens
`client_id`	Yes	The client ID of your ServiceNow app
`grant_type`	Yes	Pre-filled value: `urn:ietf:params:oauth:grant-type:saml2-bearer`. Indicates to the authorization server that the client is requesting a token exchange.
`server_url`	No	The base URL of your ServiceNow instance
Token request field	No	Click Add field to include additional parameters required by your authorization server

OAuth2 On Behalf Of Flow (OBO)

OAuth2 On Behalf Of Flow (OBO) allows an application to act on behalf of a user when calling another service. This authentication type requires SSO to be enabled. For more information, see OAuth2 On Behalf Of Flow.

Prerequisites:

SSO must be enabled for your application

Application configuration


Field	Required	Description
`token_url`	Yes	The endpoint used to exchange tokens
`application_client_id`	Yes	The client ID of your ServiceNow application
`grant_type`	Yes	Pre-filled value: `urn:ietf:params:oauth:grant-type:saml2-bearer`. Indicates to the authorization server that the client is using the On-Behalf-Of flow.
`server_url`	No	The base URL of your ServiceNow instance
Token request field	No	Click Add field to include more parameters required by your authorization server

Additional details for SSO configuration


Field	Required	Description
`idp_url`	Yes	The identity provider URL for SSO authentication
`idp_grant_type`	Yes	Pre-filled value: `urn:ietf:params:oauth:grant-type:jwt-bearer`. Indicates the grant type for the identity provider.
`client_id`	Yes	The client ID for the identity provider
`client_secret`	Yes	The client secret for the identity provider
`scope`	No	The permissions or resources to which access is allowed
`request_token_use`	No	Pre-filled value: `on_behalf_of`. Specifies that the token is used for on-behalf-of delegation.
`request_token_type`	No	Pre-filled value: `urn:ietf:params:oauth:token-type:saml2`. Specifies the type of token being requested.
Token request field	No	Click Add field to include additional parameters required by your authorization server

Obtaining configuration values

To obtain the configuration values for your ServiceNow connection, refer to the ServiceNow API documentation.

What to do next

Now that your app connection is live, you can start using it in watsonx Orchestrate.

Run an agent in Orchestrate Chat to complete tasks using natural language. See Using Orchestrate Chat for more details.
Use relevant agents and tools to perform app-specific actions. See Prebuilt agents and Prebuilt tools for more details.