/
Configure ServiceNow

Configure ServiceNow

ServiceNow is one of the ticketing systems that you can connect to in Zilla.

This article covers the following topics:

Prerequisites

  • Admin account in Zilla

  • Access to certificates, application registry, and user administration in ServiceNow

  • Download the Zilla Security Access Requests from the ServiceNow Store

  • Submit a ticket to the Support team requesting a Zilla public key

Add a Public Key (Certificate)

  1. In ServiceNow, search for and select Certificates in the All menu under System Definition.

Screen Shot 2024-05-14 at 5.14.26 PM.png

  1. On the Certificates List page, click New.

  2. Name the certificate Zilla Public Key.

  3. Copy the public key provided by the Support team in the prerequisite activities, paste it in the certificate field, and click Submit.

Add an Application Registry (for Inbound Requests)

  1. Search for and select Application Registry in the All menu.

image-20240514-212158.png

  1. Click New and select the Create an OAuth JWT API endpoint for external clients option.

  2. Provide a Name for the Application Registry and click Submit. The client secret is auto-generated and should be left blank.

image-20240514-212433.png

  1. Return to the Application Registry you created. Go to the JWT Verifier Maps tab and click New.

  2. Name the JWT Verifier Map (for example, Zilla JWT Verifier) and click the magnifying glass for Sys Certificate. Select the Zilla Public Key.

  3. Click on Submit for both JWT Verifier Map and Application Registry.

Add a Service User

Next, create a service user that will be used to add comments and make updates to service requests. The email for this service user is servicenow-zilla-app@customertenant-domain. For example, if your Zilla tenant domain is acme.org, the email for the service user you create is servicenow-zilla-app@acme.org.

  1. Search for User Administration and select Users from the All menu.

image-20240514-213209.png

  1. Click New to create a new user and fill out the details listed below.

    1. Username: servicenow-zilla-app

    2. Email (from above): servicenow-zilla-app@customertenant-domain

      1. Replace customertenant-domain with the domain you use to access Zilla

    3. First Name: Zilla

    4. Last Name: ServiceNow Connector

  2. In the Roles tab for the user, click Edit and add the roles listed below to the service user.

    1. catalog_admin

    2. sn_request_write

  3. If you use onboard provisioning, add the additional role listed below.

    1. approval_admin

  4. Keep this tab open to refer to when configuring Zilla.

Configure Zilla to Connect to ServiceNow

  1. Open another tab and log in to your Zilla tenant as an admin. Click Settings in the navigation pane on the left side of the page and Add Provider under the Configure Ticketing System section.

Configure Ticketing System-20250409-154229.png

  1. Add the ServiceNow Instance URL, Client ID, and Client Secret. The Client ID and Client Secret were generated when adding the application registry for inbound requests.

  2. Click Generate Token to generate a Client ID and Secret for the next step.

image-20240514-214713.png

Create an Application Registry (for Outbound Requests)

  1. In ServiceNow, search for and select Application Registry in the All menu and click New.

  2. Select Connect to a third party OAuth Provider.

  3. Fill out the details listed below.

    1. Name: Type a name for the registry (for example, ServiceNow outbound to Zilla)

    2. Client ID: Paste the Zilla-generated Client ID from the previous step

    3. Client Secret: Paste the Zilla-generated Client Secret from the previous step

    4. Token URL: Paste
      https://app.zillasecurity.com/api/oauth2/token?domain=acme.org replacing acme.org with your tenant domain

    5. Default Grant Type: Select Client Credentials

  4. Click Submit.

  5. Search for and open Rest Message from the All menu.

  6. Select Zilla App Integration and edit the record.

  7. Add the endpoint https://app.zillasecurity.com. Make sure the endpoint does not include a slash at the end of the URL.

  8. In the Authentication section, click the Search icon for OAuthProfile, select the name that you gave while creating outbound Application Registry, and click Update.

  9. Return to the Zilla App Rest Message and click Get OAuth Token to open a dialogue box and attempt to fetch an OAuth token.

image-20240514-215737.png

Validate the Connection

  1. In Zilla, click Check Connection to validate that the connection is successful.

image-20240514-220023.png

Update System Property for Zilla Base URL

  1. In ServiceNow, search for sys_properties.list in the All field and press Enter.

  2. Search for x_zis_sec_plg.zilla_endpoint.

  3. Update to the base URL of the environment using https://app.zillasecurity.com.

Sync the Applications and Permissions

Applications and permissions are synced from Zilla and stored in ServiceNow tables. The request forms rely on the tables to show the application and permissions to the requestor. This is a scheduled job and can run on demand. The instructions below detail how to perform sync on demand.

  1. On the ServiceNow homepage, search for and select Scheduled Jobs.

  2. Search for and select Sync Zilla Applications and Permissions.

  3. Click Execute Now to run an on-demand sync.

Additional configurations on this page include Sync Run Interval, Time Zone (if the time zone is set to --None--, the time zone will reflect your instance’s time zone), and Time (the exact time the sync job starts running).

Checking Application Logs to Confirm the Sync Completed

  1. On the ServiceNow home page, go to Application Logs.

  2. Select Message from the dropdown and search for *Sync Zilla Application. Three logs should be returned:

    1. Scheduled Job to Sync Zilla Application and Permissions ended at <time>

    2. Starting DB actions to Sync Zilla Application and Permissions for <noOfApps> apps at <time>

    3. Starting scheduled Job to Sync Zilla Application and Permissions at <time>

Additional Information

Configure Backup Approver

If Zilla is not able to assign approvers, this feature (if turned on) will assign people from the configured Group as approvers.

  1. Search for Users and Groups in the All menu and select Groups Search.

  2. Find the group by the group name, right click on the group name, and click Copy Sys Id.

  3. Go to system properties by searching sys_properties.list in the All menu.

  4. Select Application from the dropdown and search for Zilla.

  5. The system properties display and can be changed as desired.

  6. After enabling the feature, set appropriate values to approver group and delay.

System Properties and their Meanings

Property Name

Description

Default

Property Name

Description

Default

x_zis_sec_plg.backup_approver_flow_enabled

Enable/Disable the backup approver flow

false

x_zis_sec_plg.backup_approver_group_sysid

SysId of the group to be set

empty

x_zis_sec_plg.backup_approver_delay_in_minutes

Delay (in minutes) after which backup approver is set

10

Set Task Assignment Group for an Application

For task assignment, the Zilla workflow assigns the application technical owner (as set in Zilla) to the fulfillment task. Alternatively, an assignment group can be used instead.

  1. Search for Zilla in the All menu and select Zilla Applications.

If the assignment group column is not visible in the Zilla Applications view, it can be added by clicking on the gear icon and moving Assignment Group from Available to Selected.

  1. Click the name of the application to which you want to add the assignment group.

  2. Add the group for task assignment to the Assignment Group field and update the record.

Role-Persona Mapping

Below is a representative mapping of expected roles for a persona. The actual mapping can vary based on your organization and ServiceNow set up.

Persona

Roles

Persona

Roles

Requestor

No role/default ServiceNow role

Approver

approver_user & ITIL

Assignee/Fulfiller

ITIL (minimum) or Admin