Netskope Help

Configure ServiceNow Instance for Security Posture

The installation instructions describe how to integrate your ServiceNow account with Netskope. To configure ServiceNow for SSPM, you need to authorize Netskope as a web application client to access your ServiceNow account. To configure ServiceNow for SSPM, there are two parts to this procedure:

  • Configure ServiceNow API access.

  • Configure a ServiceNow instance in the Netskope UI

Configure ServiceNow API Access

To configure the ServiceNow API endpoint:

  1. Log in to your ServiceNow account as an admin user.

  2. On the left navigation, filter by System OAuth and click Application Registry.

  3. Click New to create a new application registry.

    ServiceNowNewAppReg.jpg
  4. Click Create an OAuth API endpoint for external clients.

    ServiceNowNewAppEndpoint.jpg
  5. Enter a name and client secret. The client ID is auto generated. Note down the client secret and ID; you will need these to create the ServiceNow instance in the Netskope UI.

    ServiceNowClientID.jpg

    Note

    The refresh token lifespan default value is 100 days. After that, the token will not be valid, and data will not be accessible. Enter a large refresh token lifespan to ensure accessibility.

  6. When finished, click Submit.

Configure a ServiceNow Instance in the Netskope UI

Make sure you don't have any ACL/IP ACL, business rules, or data policy constraints before setting up the instance.

The ServiceNow administrator should have access to the following tables and roles:

Table 2. ServiceNow Tables and Roles

Table

Role

Usage

Netskope Feature

Incident

ITIL

Access records from the Incident table.

API Data Protection

Problem

ITIL

Access records from the Problem table.

API Data Protection

sys_db_object

ITIL

Get Incident and Problem table records.

API Data Protection

sys_properties

Admin

Get system properties configurations records.

Netskope SSPM



Note

  • If your setup involves a combination of API Data Protection and SSPM, ensure that the ServiceNow administrator has access to all the 4 tables. If your setup includes SSPM only, ensure that the ServiceNow administrator has access to the sys_properties table only with the admin role.

  • Though the incident, problem, and sys_db_object tables require the ITIL role, it is recommended to give the admin role to all the three tables so that API Data Protection can access the delete notifications from ServiceNow.

To authorize Netskope to access your ServiceNow instance:

  1. Log in to the Netskope tenant UI: https://<tenant hostname>.goskope.com and go to Settings > API-enabled Protection > SaaS.

  2. Select the ServiceNow icon, and then click Setup Instance.

  3. The Setup Instance window opens. Enter the following details:

    • Enter the name of the ServiceNow account instance.

      Note

      If your ServiceNow login URL is https://my_instance.service-now.com/, then enter my_instance as the instance name.

    • Instance Type: Select the Security Posture checkbox. Select this option to allow Netskope to continuously scan through your SaaS app to identify and remediate risky SaaS app misconfigurations and align security posture with best practices and compliance standards.

      Also, you have the option to run the policy at intervals (15 minutes, 30 minutes, 45 minutes, and 60 minutes).

    • Enter the email address of the ServiceNow administrator.

      Note

      • To identify the email address of the ServiceNow administrator account, log in to your ServiceNow account, navigate to User Administration > Users. Click the administrator user and note down the email address.

      • Netskope does not support SAML-based SSO for ServiceNow. The ServiceNow administrator email address must be a local user.

  4. Click Save, then click Grant Access for the app instance you just created. You will be prompted to enter the following details:

    • ServiceNow Admin - Enter the user ID of the ServiceNow administrator.

      Note

      To identify the user ID of the ServiceNow administrator account, log in to your ServiceNow account, navigate to User Administration > Users. Click the administrator user and note down the user ID.

    • ServiceNow Password - Enter the password of the ServiceNow administrator.

    • Enter Client ID - Enter the client ID you noted when you configured the ServiceNow API access.

    • Enter Client Secret - Enter the client secret you noted when you configured the ServiceNow API access.

    Click Grant. When the configuration results page open, click Close.

Refresh your browser and you will see a green check icon next to the instance name.

Next, you should configure a security posture policy. To do so, see Security Posture Policy Wizard.