Configure ServiceNow for Databricks ingestion
The ServiceNow connector is in gated Public Preview. To participate in the preview, contact your Databricks account team.
This article describes how to configure your ServiceNow instance for Databricks ingestion. The steps depend on the authentication method you choose.
Choose an authentication method
The following authentication methods are supported:
- Standard OAuth (recommended)
- OAuth with automated token refresh (legacy)
Databricks recommends standard OAuth because it's the more secure approach. However, your ServiceNow connection will expire when your auth token expires. By default, this happens every 100 days. To reduce the frequency, you can modify the expiration period in ServiceNow or use OAuth with automated token refresh.
You'll use the authentication details you obtain to create a Databricks Unity Catalog connection to ServiceNow. OAuth with automated token refresh is only supported for connections created using Databricks APIs. It's not supported in the Databricks UI.
Confirm user privileges
-
To capture deletes, your ServiceNow user must have access to the
sys_audit_delete table, and the table must be tracking deletes (the table attribute can't be set tono_audit_delete=truein ServiceNow). -
Your ServiceNow user must have the
adminrole. -
(Optional) To limit the admin user to read-only access, you can assign it the
snc_read_onlyrole.
Create an OAuth application
This step gathers ServiceNow authentication details for Databricks ingestion.
-
In the All menu, search for System OAuth, and then click Application Registry.
-
Click New > Create OAuth API endpoint for external clients.
-
Enter a name for the application.
-
For Auth Scope, enter
useraccount. -
(Standard OAuth only) For Redirect URL, enter
https://<databricks-workspace-url>/login/oauth/servicenow.html. Replace<databricks-workspace-url>with your full Databricks workspace URL.noteSkip this step if you're using OAuth with automated token refresh.
-
Click Submit.
-
Copy the Client ID and the Client Secret.
Obtain the instance ID
The instance ID is the first part of the ServiceNow account login URL:
https://<instanceid>.service-now.com
For example, if the homepage of your ServiceNow instance is https://abc.service-now.com, the instance ID is abc.
(Legacy) Obtain a username and password
This step is only required for OAuth with automated token refresh. Databricks recommends using standard OAuth instead. OAuth with automated token refresh is only supported for connections created using Databricks APIs. It's not supported in the Databricks UI.
Obtain the username and password of an active ServiceNow user.
Enable indexing on the cursor column
To improve ingestion performance, Databricks recommends working with your ServiceNow administrator to enable ServiceNow-side indexing on the cursor field. The cursor column is selected from the following list, in order of availability and preference: sys_updated_on (first choice), sys_created_on (second choice), sys_archived (third choice). This is a standard approach for improving performance when ingesting using the ServiceNow APIs. Setting the index allows Databricks to avoid fully scanning the entire cursor column, which can bottleneck large updates. For instructions, see Create a table index in the ServiceNow documentation.