Skip to main content

ServiceNow (ITSM) Integration Setup

Beta Integration: This integration is currently in beta. Features and setup steps may change as we refine the integration based on user feedback.
This guide walks you through integrating ServiceNow ITSM with RAD Security for automated security incident and ticket management, enabling you to automatically create, update, and track security incidents as ServiceNow issues. ServiceNow provides powerful IT service management capabilities, making it ideal for managing security incidents, vulnerabilities, and remediation workflows in enterprise environments.
Token Authentication Required: This integration requires ServiceNow API Key (token-based) authentication, which is only available in the ServiceNow Washington DC release or later. Earlier versions are not supported.

Prerequisites

Before you begin, ensure you have:
  • Admin access to ServiceNow (Washington DC release or later)
  • Ability to create users, roles, and API keys in ServiceNow
  • The API Key and HMAC Authentication plugin enabled
  • Access to RAD Security workspace with integration permissions
Service User Recommended: Create a dedicated service user for this integration rather than using a personal account. This ensures the integration continues working when team members leave or change roles.

Step 1: Log in to ServiceNow as Admin

1

Access ServiceNow Admin

Log in to your ServiceNow instance with administrator privileges
2

Verify API Key Plugin

  1. Navigate to All > Admin Center > Application Manager
  2. Verify the API Key and HMAC Authentication plugin (com.glide.tokenbased_auth) is activated
  3. If not enabled, activate the plugin before proceeding
The API Key plugin is required for this integration and is only available in ServiceNow Washington DC release or later.

Step 2: Elevate Role and Create Custom Role

1

Elevate to Security Admin

  1. Click on the face icon in the upper right corner
  2. Click Elevate Role
  3. Select security_admin
This elevation allows you to create the necessary roles and permissions for the integration.
2

Create Custom Role

  1. Navigate to All > System Security > Users and Groups > Roles
  2. Click New
  3. Create a new custom role with a descriptive name (e.g., “rad_security_integration”)
  4. Save and note the role name for use in later steps
This custom role will be used to grant specific permissions to the service user for table access.

Step 3: Create Service Account User

1

Navigate to User Management

Navigate to All > Organization > Users
2

Create New User

  1. Select New from the upper right corner
  2. Fill in the required fields, making sure to select the Internal Integration User field
3

Assign Roles to User

Once the user is created, select it from the list of users:
  1. In the Roles tab, select Edit…
  2. Add the following role collections:
    • sn_incident_write - Write access to incidents
    • sn_incident_read - Read access to incidents
    • itil_admin - ITIL administration
    • u_ticket_user - Ticket management
  3. Add the custom role you created in Step 2
  4. Click Save
Service User Strongly Recommended: While you can use an existing user account, creating a dedicated service user is strongly recommended. If a personal account is used and that person leaves your organization, the integration will break.

Step 4: Create Inbound Authentication Profile

1

Navigate to Authentication Profiles

Navigate to All > System Web Services > API Access Policies > Inbound Authentication Profile
2

Create API Key Profile

  1. Click New
  2. Click Create API Key authentication profiles
  3. Provide a name for the profile
  4. In the Auth Parameter field, add Auth Header using the x-sn-apikey header field
  5. Click Submit
The x-sn-apikey header is the standard header used to send the API key in requests to ServiceNow.

Step 5: Generate API Key

1

Navigate to REST API Keys

Navigate to All > System Web Services > API Access Policies > REST API Key
2

Create API Key

  1. Click New
  2. Enter a name for the key (e.g., “RAD Security Integration Key”)
  3. Select the service user created in Step 3 as the User
  4. Click Save
The API key will be associated with the service user and inherit all the user’s role assignments.
3

Copy API Key Token

  1. After saving, the system generates a token
  2. Use the lock icon to view the token
  3. Immediately copy the token that appears below the field
Save this token securely! You’ll need it to configure the integration in RAD Security. Store it in a password manager or secrets vault.

Step 6: Set API Access Policy

1

Navigate to API Access Policies

Navigate to All > System Web Services > API Access Policies > REST API Access Policies
2

Create New Policy

  1. Click New
  2. Provide a descriptive name (e.g., “RAD Security Table API Access”)
  3. Under REST API, select Table API
  4. Verify that Apply to all methods is checked

Step 7: Create ACL for Table Access

1

Navigate to Access Control

Navigate to All > System Security > Access Control (ACL) > New
2

Configure ACL

  1. In the Type field, select record
  2. In the Operation field, select Create
  3. In the Name field, select Incident
  4. Under Requires Role, in the Roles field, select the custom role created in Step 2
  5. Click Submit
This ACL grants create permission on the Incident table to any user with the custom role you created.
Important for Mixed Authentication: If you are using basic authentication for other integrations that use the Table API, you will need to add a basic auth authentication profile to this policy as well, or create a separate policy for basic auth integrations. ServiceNow uses a priority system to determine which authentication method to use, and adding an API key authentication profile will override the default basic auth profile.

Step 8: Configure in RAD Security

Navigate to your RAD Security workspace and configure the ServiceNow ITSM integration with the following parameters:

Required Parameters

ParameterDescriptionExample
URLRoot URL of your ServiceNow instancehttps://your-company.service-now.com/
SecretAPI Key token from Step 5your-api-token-here
The URL should be your ServiceNow root URL in the format https://<tenant>.service-now.com/ where <tenant> is your organization’s ServiceNow instance name.

Verify Integration

After completing the setup, verify your integration is working:
  1. Navigate to Data Sources > Integrations > Ticketing in RAD Security
  2. Locate your ServiceNow ITSM integration
  3. Check the connection status shows as Connected
  4. Test by creating a sample incident from RAD Security
Your ServiceNow ITSM integration is now configured! RAD Security can now automatically create and manage security incidents in ServiceNow.

What Data is Synced

Once configured, RAD Security will sync the following with ServiceNow ITSM:
  • Automatically create ServiceNow incidents for security events
  • Include detailed incident context and metadata
  • Attach relevant threat intelligence
  • Add affected assets and resources
  • Include remediation recommendations
  • Populate standard ITIL fields
  • Map RAD Security fields to ServiceNow fields
  • Configure custom field values
  • Set default incident types
  • Define priority and urgency mappings
  • Configure assignment rules
  • Support for custom ServiceNow fields
  • Integrate with ServiceNow workflows
  • Trigger automated assignment rules
  • Leverage ServiceNow escalation policies
  • Support approval processes
  • Enable change management integration

Use Cases

Automated Incident Creation

Automatically create ServiceNow incidents when security events, vulnerabilities, or policy violations are detected.

ITSM Workflow Integration

Integrate security findings into existing IT service management workflows and processes.

Enterprise Incident Management

Manage security incidents alongside IT incidents in a centralized ITSM platform.

Compliance Tracking

Track security remediation efforts through ServiceNow’s audit and compliance features.

Troubleshooting

Possible causes:
  • API token is incorrect or expired
  • API token was revoked
  • Service user account was disabled or deleted
  • Incorrect ServiceNow instance URL
Solution:
  • Verify the API token is copied correctly (no extra spaces)
  • Check that the service user account is still active
  • Try logging in to ServiceNow with the service user credentials
  • Generate a new API token if needed
  • Confirm the instance URL is correct
Possible causes:
  • User missing required roles
  • Custom role not assigned
  • ACL not properly configured
  • User removed from necessary groups
Solution:
  • Verify the service user has all required roles assigned
  • Check that the custom role is assigned to the user
  • Review ACL configuration for the Incident table
  • Ensure role collections are active and properly configured
  • Confirm no role restrictions have been added
Possible causes:
  • Missing ACL permissions
  • Required fields not mapped
  • Table access restrictions
  • Workflow blocking creation
Solution:
  • Verify the ACL for Incident table includes the custom role
  • Check that all required ServiceNow fields are properly mapped
  • Ensure the Incident table is accessible
  • Review ServiceNow workflow restrictions
  • Check ServiceNow business rules that might block creation
Possible causes:
  • ServiceNow version is older than Washington DC release
  • Plugin not activated
  • License doesn’t include API access
Solution:
  • Verify your ServiceNow version supports API keys (Washington DC or later)
  • Check that the API Key and HMAC Authentication plugin is activated
  • Contact ServiceNow support about licensing if plugin is unavailable
  • Consider upgrading to a supported ServiceNow version
Possible causes:
  • Missing trailing slash
  • Incorrect instance name
  • Using developer instance URL format
  • Including additional path components
Solution:
  • Ensure you’re using the correct URL format: https://<instance>.service-now.com/
  • Include the trailing slash
  • Verify the instance name matches your organization
  • Don’t include paths like /api/ or /incident.do
Possible causes:
  • Token was manually revoked
  • Service user was deleted or deactivated
  • Token reached configured expiration
  • API access policy changed
Solution:
  • Log in as admin and verify the service user exists and is active
  • Navigate to REST API Keys and check if the token still exists
  • Check API access policies haven’t changed
  • Create a new token if the old one was revoked
  • Update the token in RAD Security integration settings

Security Best Practices

Use Service Accounts

Always use a dedicated service account with a service email, never a personal account tied to an individual.

Least Privilege Access

Only grant the minimum permissions required. Use custom roles rather than admin privileges for integration accounts.

Rotate Tokens Regularly

Rotate API tokens every 90 days or according to your security policy to minimize risk of compromise.

Secure Token Storage

Store API tokens in a secure password manager or secrets vault. Never commit to version control or share via insecure channels.

Monitor Integration Activity

Regularly review incidents created by the integration to ensure proper operation and detect anomalies.

Audit Permissions

Periodically review the service user’s role assignments and ACL configurations to ensure they remain appropriate.

Track Token Usage

Document which tokens are used for which integrations to simplify rotation and troubleshooting.

Enable MFA on Admin Accounts

Ensure admin accounts used to create service users and API keys have multi-factor authentication enabled.

Token Rotation

To rotate your ServiceNow API token:
1

Create New Token

  1. Log in as admin to ServiceNow
  2. Navigate to All > System Web Services > API Access Policies > REST API Key
  3. Create a new API key for the same service user with a different name
  4. Copy the new token immediately
2

Update Integration

Update the token in RAD Security integration settings
3

Verify Connection

Test that the integration still works with the new token by creating a test incident
4

Revoke Old Token

Once verified, delete or deactivate the old token in ServiceNow

Additional Resources

ServiceNow API Key Authentication

Official ServiceNow guide to API key authentication

ServiceNow REST API Documentation

Learn about ServiceNow’s REST API capabilities

ServiceNow Access Control

Understand ServiceNow access control and ACL configuration

ServiceNow ITSM Best Practices

ServiceNow IT Service Management overview and best practices

Next Steps

Ticketing Overview

Learn about other ticketing integrations

Jira Cloud

Add Jira Cloud for additional ticket management

Workflows

Configure custom workflows for incident response

Alerts & Incidents

Set up alert rules that trigger ServiceNow incident creation