Skip to main content

Celonis Product Documentation

Connecting to ServiceNow (extractor)

You can connect your ServiceNow tenant with the Celonis Platform, enabling the platform to perform read-only operations on your ServiceNow data. Transfer of the data from ServiceNow to Celonis Platform is secured through HTTPS via TLS 1.2, which allows for an encrypted exchange of information.

For a video overview of how to connect to your ServiceNow tenant:

 

Before connecting to your ServiceNow tenant, you must meet the following prerequisites:

  • ServiceNow user permissions: To extract data from your ServiceNow tenant, you need access to a user with the following permissions:

    • Roles: soap_query, rest_service

    • Table access: Access to the table 'sys_db_object' and all tables you want to extract.

    • Endpoint access: Access the following endpoint for each table, which is then used to derive the schema:

      https://<instance>/<table>?SCHEMA

      For example:

      https://<instance>/incident.do?SCHEMA

    For more information, see: Configuring ServiceNow user permissions.

  • Allowlist Celonis Platform IPs and domains: If your ServiceNow instance is only reachable within a certain IP range, you need to allowlist the outbound IPs of the Celonis Platform, otherwise data cannot be extracted. The IPs of the Celonis Platform are different depending on the cluster (eu-1 or us-1).

    For more information, see: Allowlisting domain names and IP addresses

To extract data from your ServiceNow tenant, you need access to a user with the following permissions:

  • Roles: soap_query, rest_service

  • Table access: Access to the table 'sys_db_object' and all tables you want to extract.

To configure this user, we recommend the following steps:

  1. Create a new role: In order to assign the correct access right to the user used for the Celonis extraction, we recommend creating a new role in the user administration section.

  2. Create a new user and assign the required roles: Assign the roles soap_query, rest_service, and the role you created in step 1.

  3. Elevate privileges of your user: In order to modify access control for the newly created Celonis role, you need to elevate your privileges. You can do this by clicking Elevate Roles.

    With the elevated role, you can then open access control lists (ACL).

    elevate_role.png
  4. Create two ACL:

    • ACL One:

      • Operation: read

      • Active: true

      • Name: Table [sys_db_object]

      • Field (Column): *

      • Required roles: the role created in step 1.

    • ACL Two:

      • Operation: read

      • Active: true

      • Name: Table [sys_db_object]

      • Field (Column): --None--

      • Required roles: the role created in step 1.

    Settings that take an asterisk (*) are dependent on their ServiceNow permission settings. If you experience problems, change * to None.

  5. Allow access to all tables: You should now allow access to all tables you want to extract. With the elevated role you can open access control lists (ACL). Here you need to create a new ACL with the following attributes:

    • Operation: read

    • Active: true

    • Name: the name of the table

    • Field (Column): all fields selected

    • Required roles: the role created in step 1.

  6. Repeat step 6 for all tables you want to extract.

For the latest ServiceNow documentation and the steps involved, see: ServiceNow - Product Documentation.

With access to the necessary ServiceNow user permissions, you can create a connection between your ServiceNow tenant and the Celonis Platform from your data pool diagram:

  1. Click Data Connections.

    data_connections_within_data_pool_diagram.png
  2. Click Add Data Connection and select Connect to Data Source.

  3. Select Cloud - ServiceNow.

  4. Configure the following connection details:

    • Name: An internal reference for this data connection.

    • Authentication method: Choose between basic authentication (with the username and password of the user created with necessary permissions) or OAuth. To authenticate via OAuth, you need to register Celonis as an application that has access to your account. If prompted for a redirect URL, use:

      https://auth.redirect.celonis.cloud/service-now_redirect
    • Tenant or URL: The realm of your ServiceNow instance. The realm can be found by looking at the system URL. For example, in this URL: https://mycompany.service-now.com, "mycompany" would be the realm.

  5. Click Test Connection and correct any issues highlighted.

  6. Click Save.

    The connection between your ServiceNow tenant and the Celonis Platform is establised. You can manage this connection at any time by clicking options:

    manage_existing_coupa_connection.png

When executing your ServiceNow extractions, you can filter the data you extract. However you can't use all combinations of AND / OR filters, so we recommend the following:

  • Option 1 AND Option 2, for example:

    sys_created_on > '2011-09-14' AND sys_updated_by = 'system'
  • Option 1 OR Option 2, for example:

    sys_created_on > '2011-09-14' OR sys_updated_by = 'system' 
  • (Option 1 AND Option 2) AND Option 3, for example:

    (sys_created_on > '2011-09-14' AND sys_updated_by = 'system') AND sys_updated_on > '2018-12-05'(A AND B) AND C, example:
  • (Option 1 OR Option 2) OR Option 3, for example:

    (sys_created_on > '2011-09-14' OR sys_updated_by = 'system') OR sys_updated_on > '2018-12-05'
  • Option 1 OR (Option 2 AND Option 3), for example:

    sys_updated_by = 'system' OR (sys_created_on > '2011-09-14' AND sys_updated_on > '2018-12-05')

When configuring your ServiceNow extraction tasks, we recommend the following best practice:

Extracting the sys_audit table

To increase the performance and limit the source system impact when extracting the sys_audit table:

  • The sys_audit table should not be extracted as a primary table, only as a dependent table. Our extractor is automatically adding the sys_audit tables as a dependent table for most objects. In the screenshot below you can find an example for the incident table. This means extractions will be limited to the retrieved sys_is fields (which are unique) and will therefore lead to a better performance.

  • Applied filters should be limited to indexed columns only.

  • Additional filtering on sys_created_on or sys_updated_on will also improve the performance.

sys_audit_table_extractions.png
Using Order-by Parameter in Request

When configuring your ServiceNow extractions, you can enable 'Use Order-by Parameter in Request' for all API requests at the table level.

Enabling this option ensures data integrity by preventing missing records and duplicates. However, it will also lead to a longer extraction time and an increased load on the source system. To help minimize this impact, we recommend that you apply partitioning to reduce both the peak impact and the duration of the system being occupied or increase the batch size, which increases the peak impact but decreases the duration of the system being occupied.

use_order-by_parameter_in_request.png