Introduction

The ServiceNow connector for Glean allows Glean to fetch and index content from Knowledge Articles, Service Catalog items, News Articles (Content Publishing), ITSM incidents, APM Business Applications and SPM demands, Epics and Projects ensuring that users can search for and access documents for which they have authorized permissions.

• Authentication: is done by creating a dedicated user account with specified permissions and profiles
• API Usage: Glean will use the Table API and then Scripted REST API for advanced user criteria
• Permissions Enforcement: Glean respects all user access permissions, ensuring users only see search results for documents they have access to. When a user clicks on a search result, they are taken to the ServiceNow web application, which enforces the permission
• Data Storage: All data is stored in the customer's project within the customer's cloud account, ensuring no data leaves the customer's environment

Content Captured:

For ServiceNow, Glean will capture the following content:

• Knowledge Articles
• Service Catalog (including Record Producers)

With additional permissions and configuration, Glean will capture the following content:

• ITSM
• APM
• SPM
• News Articles (Content Publishing)

ServiceNow Permissions

• Admin access to setup the connector
• Admin access for the Service Account is preferred (Custom role can be defined)

Disclaimer: Please be advised that Glean does not recommend utilizing a ServiceNow account associated with an employee. If the employee departs from the company or if the account becomes disabled, it will adversely affect access to data sources.

Versions Supported

There are no specific version limitations of the ServiceNow connector.

Objects Supported

Knowledge articles:

• knowledge base
• short description
• workflow state
• created by
• description
• knowledge base category
• view count
• custom fields (for knowledge articles created from custom templates)

Catalog items:

• title
• created by
• short description
• description
• catalog category
• sc_catalogs

News Articles (Content Publishing):

• title
• headline
• subheadline
• content
• author
• publish date
• update date
• category

ITSM:

• number
• short description
• description
• comments and work notes
• state
• priority
• impact
• urgency
• category
• assigned to
• opened by

Limitations:

• Glean does not index draft ServiceNow articles.

Permissions for ITSM, CSM, SPM, and APM Record Types

Glean uses a role-based permission model to control who can see the following ServiceNow record types in search results:

• ITSM: Incidents, Requests, Request Items, Interactions
• CSM: Customer Service Cases
• SPM: Demands, Projects, Epics
• APM: Business Applications

Access to these records is controlled in two ways:

1. By ServiceNow role — Administrators configure which ServiceNow roles grant access to each record type. Each record type has its own role configuration. For example, users with the itil role can be granted access to all Incidents, while a different set of roles can be configured for Requests or Customer Service Cases. All users with a configured role will see all records of that type — access is not filtered per record.

2. By record assignment (ITSM only) — For Incidents, Requests, Request Items, and Interactions, access can also be granted based on user fields on the record, such as the assigned user, the person who opened it, or the caller. This ensures that individuals directly involved with a record can always find it in Glean, even if they don't hold one of the configured roles.

Why this approach?

ServiceNow does not expose per-record access control lists (ACLs) for these record types through its APIs. Knowledge Articles have explicit permission structures that Glean can replicate, but record types like Incidents rely on a combination of roles, assignment rules, business rules, and client-side scripting that cannot be fully queried externally. Glean uses the role and assignment-based model as a reliable way to approximate the access your users have in ServiceNow without risking over- or under-sharing.

Important

Because access is managed at the role level, a user with an allowed role will see all records of that type in Glean, not just records they can access in ServiceNow. Administrators should carefully select which roles to configure to align with their organization's access policies.

Authentication Mechanism

Connector credentials requirements

The Service connector for Glean requires specific permissions to function correctly.

• Glean requires authentication by utilizing a dedicated Service Account and OAuth Application
• Glean understands all user access permissions and strictly enforces them at the time of the query, ensuring that users cannot see results to which they do not have access.
• It's important to note that all data is stored in the customer's project in the customer's cloud account, and no data leaves the customer's environment.
• Glean only requires READ-level permissions.

Role	Use Case
knowledge_admin	Required to fetch Knowledge Articles. This role allows us to view all Knowledge Articles and Knowledge Bases in the global instance.
user_criteria_admin	Required to fetch user criteria.
user_admin	Required to fetch ServiceNow users
catalog_admin	Required to fetch Catalog items
web_service_admin	Required in advanced setup so that we can access the scripted API
snc_read_only	Effectively restricts the service account user to readonly
snc_internal	Required to allow access to internal resources
itil	Required to fetch ITSM Incidents
sn_apm.apm_user	Required to fetch APM Business Applications
it_project_user	Required for SPM Projects
it_demand_user	Required for SPM Demands
scrum_user	Required for SPM Epics
safe_scrum_user	Required for SPM Epics