> ## Documentation Index
> Fetch the complete documentation index at: https://docs.opal.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# ServiceNow

> Learn how to connect ServiceNow to Opal.

With Opal, you can create audit tickets in ServiceNow for your engineers' access requests, link access requests to existing ServiceNow tickets, and propagate access using ServiceNow tickets.

See the guide to [ticket propagation](/docs/ticket-propagation) for more detail, and follow this guide to configure your ServiceNow integration.

## 1. Create a ServiceNow service user

To enable the ServiceNow integration, Opal requires the administrator of your ServiceNow instance to create a service user.

In ServiceNow, go to the **Users** section by clicking **All**, then select **Users and Groups** > **Users**.

<img src="https://mintcdn.com/opalsecurity/E-CmJXh0QNjZUl4g/images/docs/700415a-small-Screen_Shot_2023-05-03_at_3.15.03_PM.png?fit=max&auto=format&n=E-CmJXh0QNjZUl4g&q=85&s=8402a63c6357c3b60bddf2d9d472002a" alt="" width="509" height="1024" data-path="images/docs/700415a-small-Screen_Shot_2023-05-03_at_3.15.03_PM.png" />

Select the **Web service access only** checkbox.

<img src="https://mintcdn.com/opalsecurity/lt0M-hBs5yNe5ff5/images/docs/9d5601e-image.png?fit=max&auto=format&n=lt0M-hBs5yNe5ff5&q=85&s=f07524e316b47fbf3e4be9f836be517f" alt="The User ID and password will be used as inputs in the next step." width="370" height="75" data-path="images/docs/9d5601e-image.png" />

At minimum, the service user needs `catalog_admin` and `sn_request_write` roles, available via the [ITSM Roles plugin](https://docs.servicenow.com/en-US/bundle/vancouver-it-service-management/page/product/service-catalog-management/task/request-itsm-roles-rm.html), to create and update entries in the requests (`sc_request`) and items (`sc_req_item`) tables.

You'll need to save their **User ID** and **password** to create the ServiceNow integration in Opal.

## 2. Create a catalog item for Opal

Create a catalog item under any catalog to bucket Opal requests. A request will be made for this catalog item for every request made in Opal. The state of the request will also reflect the approval state of the Opal request.

<img src="https://mintcdn.com/opalsecurity/lt0M-hBs5yNe5ff5/images/docs/972d44b-image.png?fit=max&auto=format&n=lt0M-hBs5yNe5ff5&q=85&s=07511ee64a55ebe346200b404aef22cb" alt="" width="1465" height="992" data-path="images/docs/972d44b-image.png" />

Optionally, you may add variables associated with this catalog item, and Opal will post the relevant metadata about the access request. Any or all of these variables can be added:

| Variable Name        | Description                                                                              |
| -------------------- | ---------------------------------------------------------------------------------------- |
| `reason`             | The reason for which the user requested the item                                         |
| `app`                | The app for the group or resource requested                                              |
| `requested_duration` | The duration of the request in **minutes**                                               |
| `item_type`          | Either `RESOURCE` or `GROUP`                                                             |
| `role`               | The role for which the item was requested                                                |
| `requester`          | The **email** of the requester                                                           |
| `requester_user`     | The **Sys ID** of the ServiceNow user who made the request                               |
| `requested_for`      | The **email** of the user for whom the request was made                                  |
| `requested_for_user` | The **Sys ID** of the ServiceNow user for whom the request was made (empty if not found) |
| `item`               | The name of the item requested                                                           |
| `item_id`            | The Opal ID of the item requested                                                        |

<img src="https://mintcdn.com/opalsecurity/KunPWigry5GIeB5g/images/docs/4abe656-image.png?fit=max&auto=format&n=KunPWigry5GIeB5g&q=85&s=a429c8888353796e962c0781a3bd269d" alt="" width="1379" height="313" data-path="images/docs/4abe656-image.png" />

Once created, you will need to provide the **Sys ID of the catalog item** to Opal during setup. You can copy the Sys ID from this dropdown:

<img src="https://mintcdn.com/opalsecurity/fu-nWazMe1LxLhxi/images/docs/261823b-image.png?fit=max&auto=format&n=fu-nWazMe1LxLhxi&q=85&s=bc531c82360d10295021c5b527b79f01" alt="" width="1466" height="635" data-path="images/docs/261823b-image.png" />

## 3. Create an OAuth application

To allow Opal to authenticate with your ServiceNow instance to perform automated API operations, create an OAuth application by going to **System OAuth > Application Registry**. Click **New** and proceed to **"Create an OAuth API endpoint for external clients".**

<img src="https://mintcdn.com/opalsecurity/E-CmJXh0QNjZUl4g/images/docs/698474c-image.png?fit=max&auto=format&n=E-CmJXh0QNjZUl4g&q=85&s=4071da516a2edae4990637dc1d91e2d1" alt="" width="878" height="378" data-path="images/docs/698474c-image.png" />

The fields on this application can be customized to your liking. Just be sure to record down the **Client ID** and **Client Secret** for creating the integration in Opal in the next step.

## 4. Add your ServiceNow credentials to Opal

To enable the ServiceNow integration, go to the **Configuration > Settings** panel in Opal. Click **Productivity Integrations**, then select **ServiceNow** and enter the information created from the previous step. You need your ServiceNow hostname, Sys ID from step 2, username and password of the service account from step 1, and Client ID and Client Secret from step 3.

See the [guide to ticketing providers](/docs/ticket-propagation) to learn about how to use the integration. You can create audit tickets on every request, reference existing tickets, or propagate access using tickets.

## Request behavior

Opal's integration with ServiceNow will create a request (REQ) to mirror each request in Opal. Each request will have a requested item (RITM) for each item in the Opal request. In this example, we requested two items in Opal, which reflects as this request in ServiceNow:

<img src="https://mintcdn.com/opalsecurity/lt0M-hBs5yNe5ff5/images/docs/ac4bdca-image.png?fit=max&auto=format&n=lt0M-hBs5yNe5ff5&q=85&s=0a610fd02b685d25b8069609312a829a" alt="" width="1959" height="1370" data-path="images/docs/ac4bdca-image.png" />

Each requested item will be made for the "Opal" catalog item created during setup, and variables for the item will be attached to give more description to the item requested.

<img src="https://mintcdn.com/opalsecurity/lwwIeFbsleftxaXx/images/docs/c9bbe4c-image.png?fit=max&auto=format&n=lwwIeFbsleftxaXx&q=85&s=66fb98b1ed787fc42fc02f8868cd726a" alt="" width="1955" height="1260" data-path="images/docs/c9bbe4c-image.png" />