Skip to main content

Configure ServiceNow for Databricks ingestion

Preview

The ServiceNow connector is in gated Public Preview. To participate in the preview, contact your Databricks account team.

This article describes how to configure your ServiceNow instance for Databricks ingestion. The steps depend on the authentication method you choose.

Choose an authentication method

The following authentication methods are supported:

  • Standard OAuth (recommended)
  • OAuth with automated token refresh (legacy)

Databricks recommends standard OAuth because it's the more secure approach. However, your ServiceNow connection will expire when your auth token expires. By default, this happens every 100 days. To reduce the frequency, you can modify the expiration period in ServiceNow or use OAuth with automated token refresh.

You'll use the authentication details you obtain to create a Databricks Unity Catalog connection to ServiceNow. OAuth with automated token refresh is only supported for connections created using Databricks APIs. It's not supported in the Databricks UI.

Confirm user privileges

  • To capture deletes, your ServiceNow user must have access to the sys_audit_delete table, and the table must be tracking deletes (the table attribute can't be set to no_audit_delete=true in ServiceNow).

  • Your ServiceNow user must have the admin role.

  • (Optional) To limit the admin user to read-only access, you can assign it the snc_read_only role.

Create an OAuth application

This step gathers ServiceNow authentication details for Databricks ingestion.

  1. In the All menu, search for System OAuth, and then click Application Registry.

    ServiceNow OAuth Application Registry

  2. Click New > Create OAuth API endpoint for external clients.

    ServiceNow Create OAuth API endpoint for external clients

  3. Enter a name for the application.

  4. For Auth Scope, enter useraccount.

  5. (Standard OAuth only) For Redirect URL, enter https://<databricks-workspace-url>/login/oauth/servicenow.html. Replace <databricks-workspace-url> with your full Databricks workspace URL.

    note

    Skip this step if you're using OAuth with automated token refresh.

  6. Click Submit.

    ServiceNow OAuth application details

  7. Copy the Client ID and the Client Secret.

Obtain the instance ID

The instance ID is the first part of the ServiceNow account login URL:

https://<instanceid>.service-now.com

For example, if the homepage of your ServiceNow instance is https://abc.service-now.com, the instance ID is abc.

(Legacy) Obtain a username and password

note

This step is only required for OAuth with automated token refresh. Databricks recommends using standard OAuth instead. OAuth with automated token refresh is only supported for connections created using Databricks APIs. It's not supported in the Databricks UI.

Obtain the username and password of an active ServiceNow user.

Enable indexing on the cursor column

To improve ingestion performance, Databricks recommends working with your ServiceNow administrator to enable ServiceNow-side indexing on the cursor field. The cursor column is selected from the following list, in order of availability and preference: sys_updated_on (first choice), sys_created_on (second choice), sys_archived (third choice). This is a standard approach for improving performance when ingesting using the ServiceNow APIs. Setting the index allows Databricks to avoid fully scanning the entire cursor column, which can bottleneck large updates. For instructions, see Create a table index in the ServiceNow documentation.

Next steps

Create a ServiceNow ingestion pipeline

Last updated on