Configure ServiceNow Instance for SaaS Security Posture Management

Configure ServiceNow Instance for SaaS Security Posture Management

The installation instructions describe how to integrate your ServiceNow account with Netskope. To configure ServiceNow for SaaS Security Posture Management, you need to authorize Netskope as a web application client to access your ServiceNow account. To configure ServiceNow for SaaS Security Posture Management, there are two parts to this procedure:

  • Configure ServiceNow API Access
  • Configure a ServiceNow Instance in the Netskope UI

Configure ServiceNow API Access

  1. Log in to your ServiceNow account as an admin user.

  2. Click on All, search and click on “Application Registry”.

  3. Click New to create a new application registry.

  4. Click Create an OAuth API endpoint for external clients.

  5. Enter a name. The Client ID and Client Secret are auto generated. Note down the Client ID and Secret; you will need these to create the ServiceNow instance in the Netskope UI.

    You do not have to provide any value for Redirect URL and Logo URL.

    The default value of the refresh token lifespan is 86,400 seconds (approx. 100 days). After that, the token will not be valid, and data will not be accessible. Netskope recommends to enter a minimum value of 31,536,000 seconds (approx. 1 year) to ensure accessibility. Once the refresh token expires, the app instance in Netskope UI will be shown as inactive. You should re-grant the ServiceNow app instance in the Netskope UI.
  6. When finished, click Submit.

Configure a ServiceNow Instance in the Netskope UI

Make sure you don’t have any ACL/IP ACL, business rules, or data policy constraints before setting up the instance.

ServiceNow administrator is a ServiceNow user used for the instance onboarding process and this ServiceNow administrator should have access to the following tables.

To Check Roles of a ServiceNow User:

  • Navigate to All > User Administration > Users and then open a user record.

  • Click on the Roles tab and check the list of roles present.

TableDescriptionPurpose
sys_propertiesTo get visibility into system property configuration records.Retrieve information about system properties configuration changes to define all possible resources of type SystemProperty in SSPM. If the admin role is not provided, you will miss some of the system properties in Netskope SSPM.
sys_userTo get visibility into users in SSPM.Retrieve information about ServiceNow users.
sys_auditTo fetch user deletion information.Retrieve information about user deletion to keep track of the user count. If the admin role is not provided, you will not see updated user deletion information in Netskope SSPM.
oauth_entityTo get visibility into 3rd party app information.Retrieve information about 3rd party apps and roles assigned to a user. If the admin role is not provided, you will not see 3rd party app information in Netskope SSPM for ServiceNow app.
oauth_credential
sys_user_has_role

ServiceNow gives access to sys_properties, sys_audit, oauth_entity and oauth_credential tables only via the admin role. While Netskope does not enforce the admin role, we do suggest that the ServiceNow user used for instance onboarding must be granted the admin role, so that you get the max utility from Netskope SSPM and prevent inconsistencies such as non-deleted user information.

Follow the steps to authorize Netskope to access your ServiceNow instance:

  1. Log in to the Netskope tenant UI and go to Settings > Configure App Access > Classic > SaaS.

  2. Select the ServiceNow icon, and then click Setup Instance.

  3. The Setup Instance window opens. Enter the following details:

    • Enter the name of the ServiceNow account instance. If your ServiceNow login URL is https://my_instance.service-now.com/, then enter my_instance as the instance name.

    • Instance Type: select the Security Posture checkbox. Select this option to allow Netskope to continuously scan through your SaaS app to identify and remediate risky SaaS app misconfigurations and align security posture with best practices and compliance standards. You have the option to run the policy at intervals of 15/30/45/60minutes/24 hours.

    • Enter the email address of the ServiceNow administrator.

      – To identify the email address of the ServiceNow administrator account, log in to your ServiceNow account, navigate to User Administration > Users. Click the administrator user and note down the email address.
      – Netskope does not support SAML-based SSO for ServiceNow. The ServiceNow administrator email address must be a local user.
  4. Click Save, then click Grant Access for the app instance you just created. You will be prompted to enter the following details:

    • ServiceNow Admin – Enter the user ID of the ServiceNow administrator. To identify the user ID of the ServiceNow administrator account, log in to your ServiceNow account, navigate to User Administration > Users. Click the administrator user and note down the user ID.

    • ServiceNow Password – Enter the password of the ServiceNow administrator.

    • Enter Client ID – Enter the client ID you noted when you configured the ServiceNow API access.

    • Enter Client Secret – Enter the client secret you noted when you configured the ServiceNow API access.

  5. Click Grant. When the configuration results page open, click Close.

Refresh your browser and you will see a green check icon next to the instance name.

Next, you should configure a security posture policy. To do so, see SaaS Security Posture Management Policy Wizard.

Share this Doc

Configure ServiceNow Instance for SaaS Security Posture Management

Or copy link

In this topic ...