Skip to main content
Connect ServiceNow to Oleria to create incident tickets directly from risks and posture findings. Oleria automatically populates each ticket with risk details and routes it to your configured assignment group.
ServiceNow tickets are created as incident tickets and assigned to the group you configure during setup.
Setup happens across two systems - start in Oleria to download a public certificate, configure authentication objects in ServiceNow, then return to Oleria to complete the connection.

Prerequisites

Your ServiceNow account must have permission to perform the following actions. Skip any item that is already configured in your instance.
  • Add an x509 Certificate (under Multi-Provider SSO)
  • Create an OAuth JWT Application (under System OAuth → Application Registry)
  • Add a User (under User Administration)
  • View and copy a Group’s sys_id (under Users and Groups)
You also need administrator access to Oleria. Learn about role permissions.

Step 1 - Download the Oleria public certificate

1

Open the Ticketing System page

Log in to Oleria, select Settings, then select Ticketing System.
2

Download the public key

From the Ticketing System page, select Download public key to download oleria-public-key.pem. You will upload this file to ServiceNow in the next section.

Step 2 - Configure ServiceNow

As you work through the steps below, copy and save the following values. You will need them to complete Step 3:
1

Upload Oleria's Public Certificate

  1. Log into your ServiceNow instance with administrator credentials.
  2. From the All menu, navigate to x509 Certificate under Multi-Provider SSO → Administration.
  3. Create a new x509 certificate - select New from the upper right-hand corner of the x.509 Certificates page.
  4. From the New record page, enter the following information:
  1. For PEM Certificate, open the oleria-public-key.pem file you downloaded in Step 1 and paste its full contents.
  2. Select Submit.
2

Create an OAuth JWT Application

  1. From the All menu, navigate to Application Registry under System OAuth.
  2. From Application Registries, select New from the upper right-hand corner.
  3. From What kind of OAuth application?, select Create an OAuth JWT API endpoint for external clients.
  4. From OAuth JWT - New Record, reveal the Public Client hidden field in the form layout:
    1. Select the three horizontal lines icon next to New Section New Record in the upper-left corner.
    2. Select ConfigureForm Layout.
    3. From Configuring OAuth JWT form, under the Available column, find and select the Public Client field, then select the arrow pointing right to move it to the Selected column.
If you cannot find “Public Client” under “Available”, check “Selected” instead. If “Public Client” is already in “Selected”, proceed to the next step.
  1. Select Save in the upper right-hand corner.
  2. From OAuth JWT - New Record, enter the following information:
  1. Leave the remaining fields with their default values (including leaving Client Secret blank).
  2. Save the Client ID value - you will need it in Step 3.
  3. Add useraccount to the Auth Scope for the JWT application:
    1. From the Auth Scope section, select Insert a new row…
    2. In the textbox, search for useraccount, select a result from the dropdown, and select the green check icon.
    3. Select Submit.
3

Map Oleria's public key to the OAuth JWT Application

  1. From Application Registries, find and view the OAuth JWT application you created (e.g., Oleria ServiceNow Incident Creation JWT OAuth - tenantName).
    • To navigate there: from the All menu, go to Application Registry under System OAuth.
  2. From the OAuth JWT Application page, scroll to the bottom to the Jwt Verifier Maps tab.
  3. Add a Jwt Verifier Map - select New from the Jwt Verifier Map tab.
  4. From Jwt Verifier Map - New Record, enter the following information:
  1. Save the Kid (Key ID) value - you will need it in Step 3.
  2. Select Submit.
4

Limit access to the Oleria service account

Claim Name must be set to sub exactly. Any other value will prevent Oleria from authenticating and the integration will not work.
  1. From the OAuth JWT Application page, scroll to the bottom to the OAuth JWT Claim Validations tab.
  2. Select New.
  3. From OAuth JWT Claim Validation - New Record, enter the following information:
  1. Save the Claim Value (your Oleria service account email address) - you will need it in Step 3.
  2. Select Submit.
5

Find or create a role with write access to the Incidents table

  1. From the All menu, navigate to Roles under System Security → Users and Groups.
  2. Search for a role named sn_incident_write. If found, continue to the next step. If not found, create a new role.
6

Create a service account

  1. From the All menu, navigate to Users under User Administration.
  2. Select New from the upper right-hand corner.
  3. From User - New Record, enter the following information:
  1. Select Submit.
7

Associate the role to the service account

  1. From the All menu, navigate to Users under User Administration.
  2. Find the Oleria service account (e.g., “Oleria Integrator - tenantName”) and select its name.
  3. From the User page, scroll to the bottom and select the Roles tab.
  4. Select Edit….
  5. From Edit Members, search for sn_incident_write in the Collection column, select the role, and select the Add icon to add it to the selection list.
  6. Select Save.
8

Find the Assignment Group sys_id

  1. From the All menu, navigate to Groups under System Security → Users and Groups.
  2. Find the group you want to assign incidents to (e.g., RiskRemediators) and view it. Create a new group if needed.
  3. From the Group page, select the three horizontal lines icon in the upper left-hand corner, then select Copy sys_id.
  4. Save the sys_id value - you will need it in Step 3.

Step 3 - Connect ServiceNow to Oleria

Ticketing System configuration is done from Settings, not from the Integrations page.
1

Open the Ticketing System page

Log in to Oleria, select Settings, then select Ticketing System.
2

Confirm ServiceNow is configured

From the Ticketing System page, confirm you have completed all steps in ServiceNow above and have the four values ready (Client ID, Key ID, service account email, and Assignment Group sys_id).
3

Connect ServiceNow

Under the desired ticketing system (ServiceNow), select Connect.
4

Provide authentication details

From the Ticketing System Authentication page, provide the following and select Connect:
5

Configure the ticket assignment group

From the Ticketing System Configuration page, provide the following and select Done:
6

Confirm the connection

A confirmation message will appear. The Ticketing System page will show the configured ticketing system.

Created ticket

A ticket created for a risk from Risk Monitoring will contain the following default field values:

Troubleshoot

Caller value does not appear in the Ticket The Oleria Service Account’s email address exists with another user account that is causing confusion on which email user to list as the caller. Resolution: Change the Oleria Service Account’s email address to another email address and then update the email address associated with the Application Registration for the OAuth JWT Claim Validation email address listed in the JWT Application that was created for Oleria.

Contact us

For questions, contact us at support@oleria.com.