ServiceNow Setup

​

Connect to ServiceNow

​

Required permissions for setup

• The user setting up this data source must be a ServiceNow Admin.

​

Other prerequisites

• Glean currently only indexes the following:
  • Knowledge Articles
  • Service Catalog items
  • ITSM incidents (incident table)
  • APM
  • Business Applications (cmdb_ci_business_app table) and SPM demands
  • epics and projects (dmn_demand, rm_epic, pm_project tables) in ServiceNow.
  • News Articles (Content Publishing application)
  • Portal Content (Content Publishing application)
  • Quick Links (Employee Center application) To enable this, the ServiceNow admin creates a dedicated ServiceNow user with access only to the above doctypes.
• All steps are to be done by a ServiceNow administrator. Note that the described steps are for the Tokyo release. If your instance is on a different ServiceNow release, the steps may differ slightly. If you have any questions, please contact Glean support.
• Glean also supports additional configurations for custom ServiceNow URLs and custom Knowledge Article templates. If applicable, please contact Glean support to set these up after completing the below steps.
• Glean supports simple permissioning for ITSM, APM and SPM object types we support. Users with specific roles are granted access to all the documents. If you require a customized role, please reach out to Glean support.

​

1. Create a service account that Glean will use for fetching information from ServiceNow:

1. Navigate to Organization > Users and click New.
   • Set User ID to gleansearch.
   • Ensure Web service access only is unchecked. This enables the user to log in via the ServiceNow portal to authorize the OAuth application.
   • Set Time zone to GMT. This is required for new content updates to be picked up by Glean.
   • Leave the remaining fields as-is. Click Submit.
2. Click on the gleansearch user that was created.
3. Click Roles > Edit… and add the following roles:
   • knowledge_admin
   • user_criteria_admin
   • user_admin
   • catalog_admin
   • snc_read_only
   • Only add the following role if it exists in your instance: snc_internal
   • Add the following role if you want to index ITSM incidents as well: itil
   • Add the following role if you want to index APM Business Applications: sn_apm.apm_user
   • Add the following role if you want to index SPM documents (demands, projects and epics*):
     • it_demand_user
     • it_project_user
     • scrum_user
     • safe_scrum_user
   • Add one of the following roles if you want to index News Articles or Portal Content from Content Publishing:
     • sn_cd.content_admin (provides full administrative access to Content Publishing)
     • sn_cd.content_manager (provides management access to Content Publishing)
   Glean accesses only the following tables:

   Copy

   sys_user
   sys_user_has_role
   sys_user_group
   sys_user_grmember
   user_criteria
   kb_knowledge
   kb_knowledge_base
   kb_uc_can_read_mtom
   kb_uc_cannot_read_mtom
   kb_uc_can_contribute_mtom
   kb_uc_cannot_contribute_mtom
   kb_category
   kb_use
   sc_cat_item
   sc_cat_item_user_criteria_mtom
   sc_cat_item_user_criteria_no_mtom
   sc_category
   sc_catalog
   sys_audit_delete (if provided access)
   incident (if enabled)
   cmdb_ci_business_app (if enabled)
   dmn_demand (if enabled)
   pm_project (if enabled)
   rm_epic (if enabled)
   sn_cd_audience (if enabled)
   sn_cd_news_article (if enabled)
   sn_cd_content_portal (if enabled)
   sn_cd_content_visibility (if enabled)
   sn_ex_sp_quick_link (if enabled)
   

   The snc_read_only role:

   • With the snc_read_only role, the user would not be able to log in to ServiceNow. The user needs write access to the oauth_credential table during token creation.
   • After the OAuth flow has completed, you can assign the snc_read_only role to the user to prevent write access to any other tables during crawl.

​

2. Provide access to sys_audit_delete table. This will help in faster updates to document permissions when identity data changes.

1. Create a new role: read_access_sys_audit_delete:
   • Navigate to User Administration > Roles.
   • Click on New and enter the name as read_access_sys_audit_delete
   • Save.
2. Add an ACL rule that gives this role read access to the sys_audit_delete table:
   • Elevate role to security_admin to be able to create a new ACL.
   • Navigate to System Security > Access Control (ACL).
   • Click on New and enter the following details.
     • Type: record
     • Operation: read
     • Name: Select the sys_audit_delete table
     • Add the new read_access_sys_audit_delete role under Requires role
     • Submit.
3. Assign the new role read_access_sys_audit_delete to gleansearch user.

​

3. Configure ACLs for News Articles or Portal Content (Content Publishing):

1. Create a Table ACL for the News Article table:
   • Elevate your role to security_admin to be able to create a new ACL.
   • Navigate to System Security > Access Control (ACL).
   • Click on New and enter the following details:
     • Type: record
     • Operation: read
     • Name: Select the sn_cd_news_article table
     • Under Requires role, add either:
       • The existing sn_cd.content_manager or sn_cd.content_admin role that was assigned to the gleansearch user, OR
       • A new custom role created in the Content Publishing application (if you prefer to use a custom role instead of the built-in ones)
     • Submit.
   
2. Create a Record ACL for News Article records:
   • Elevate your role to security_admin to be able to create a new ACL.
   • Navigate to System Security > Access Control (ACL).
   • Click on New and enter the following details:
     • Type: record
     • Operation: read
     • Name: Select sn_cd_news_article.* (all fields)
     • Under Requires role, add the same role used in the table ACL above
     • Submit.
   

​

4. Configure an OAuth application that will provide access tokens to Glean acting as the above user:

1. Navigate to System OAuth > Application Registry and click New.
2. Click Create an OAuth API endpoint for external clients.
3. Set Name to Glean Search OAuth.
4. Set Refresh Token Lifespan to 2,147,483,647.
5. Set Access Token Lifespan to 86,400.
6. Set Redirect URL to https://<deployment-instance>-be.glean.com/instance/servicenow/oauth/verify_code, where <deployment-instance> is your instance’s deployment environment identifier.
7. Leave the remaining fields as-is. Click Submit.

​

5. Validate System Properties:

1. Navigate to the System Properties List (All > Enter sys_properties.list).
2. Identify and note the system property glide.knowman.apply_article_read_criteria and its value.
3. Identify and note the system property glide.knowman.block_access_with_no_user_criteria and its value.
4. Identify if you have Knowledge Article templates enabled and want to index template-based articles.
   • Navigate to All > System Applications > All Available Applications > All
   • Look for the plugin Knowledge Management Advanced (com.snc.knowledge_advanced) and check if it is enabled.
   • You can learn more about knowledge article templates here.

​

6. Finally, enter ALL of the following information into the Glean admin console in the corresponding fields:

• Domain Name: Accepts domain or domain url. Note, the domain url should not include any http prefixes, and should follow the format of <domain>.service-now.com. It is preferred to enter the domain url
• User ID: gleansearch
• OAuth Client ID: Client ID from the application in step 3.
• OAuth Client Secret: Client Secret from the application in step 3.
• Set the Apply article read criteria box to mirror the system property glide.knowman.apply_article_read_criteria.
• Set the Block access with no user criteria box to mirror the system property glide.knowman.block_access_with_no_user_criteria.
• If you have Knowledge Article templates enabled in your instance, check the Enable fetching template-based knowledge articles box.
• Tick the checkbox for the document types you want Glean to index Click Save in Glean. You’re all set!