Integrate the ServiceNow API
Use the following procedure to register the ServiceNow application and integrate the ServiceNow API in Skyhigh CASB.
Prerequisite
- For ServiceNow ODS, the ServiceNow admin should have access to ServiceNow's sys_dictionary and sys_db_object tables. The ODS configuration page fetches the ServiceNow objects for scanning from ServiceNow's sys_dictionary and sys_db_object tables. If the ServiceNow admin does not have access to ServiceNow's sys_dictionary and sys_db_object tables, assign the personalize_dictionary role to the ServiceNow admin and ensure that the assigned personalize_dictionary role has Access to (Access Control List) the sys_dictionary with read access and sys_db_object with read access ACL's.
- Based on the PoP where your instance is hosted, add the corresponding IP addresses to your allow list. For details about the specific IP addresses, see About Skyhigh Allow List IP Addresses.
NOTE: If you currently have an active ServiceNow instance integrated with Skyhigh CASB, and if the Skyhigh Support team contacted you for the PoP migration, you must migrate it to the new infrastructure. To migrate the instance, follow the steps in the Migrate Instances Between PoPs section.
Register the ServiceNow Application
- Log in to ServiceNow with an Admin account.
- Create a new application in ServiceNow as described here and configure the following:
- In the ServiceNow home page, use the search bar to find Application Registry and select the corresponding result.
- Click New.
- Select New Inbound Integration Experience.
- In the Inbound Integrations page, click New integration.
- Select the API access method for the integration as OAuth - Authorization code grant.
- In the New record page, configure the following and then click Save:
- Name. Enter the application name for the inbound integration.
- Redirect URLs. Enter the redirect URI depending on Skyhigh CASB backend:
- In the ServiceNow home page, use the search bar to find Application Registry and select the corresponding result.
US Production: https://dashboard-us.ui.skyhigh.cloud/shndash/extensions/OAuthCallbackController
- Client ID. This ID is auto-populated in ServiceNow. Copy the Client ID to use later in ServiceNow API Integration Setup in Skyhigh CASB.
- Client secret. Enter a strong password. This can be used later in ServiceNow API Integration Setup in Skyhigh CASB.
- Scope validation settings. Uncheck Allow access only to APIs in selected scope. When enabled, this integration can only access the APIs that are explicitly listed in the selected scopes.
Integrate the ServiceNow API in Skyhigh CASB
- Log in to Skyhigh CASB with your tenant and go to Settings > Service Management.
- Click Add Service Instance, select ServiceNow.
- Enter a name for the instance and click Done.
- Select the ServiceNow instance you created.
- Go to the Setup tab and under API, click Enable.
- On the Enable API page, click Provide API Credentials.
- Enter the details of the Custom OAuth Application created in ServiceNow and click Submit.
- For the ServiceNow URL, in this example, you would replace ven01114 with your own ServiceNow instance.
- For the Admin Email, enter the ServiceNow Admin email.
- Click Allow.
After ServiceNow API Integration Setup, wait for an hour to configure ODS Scan because the files, connect chats, and table in ODS Scan UI will be visible after an hour.
This note below is applicable only if a reverse proxy is configured.
NOTE:
If your ServiceNow instance is configured through a reverse proxy and while enabling API via a reverse proxy, you might encounter an error and may not see the Step 8 screen ( [
]--> click to view the screen) with options Allow/Deny. In that case, configure the following CAP policy to Skip Cert Check: Redirect All, as shown in the screenshot below for the API user configured to enable API.
Migrate Instances Between PoPs
To enhance performance, scalability, and security, we are transitioning our services from the current infrastructure to a newly established Point of Presence (PoP) specifically designed for processing CASB API-based services. If your instance is part of this migration, the Skyhigh Support team will contact you and assist with the process.
Perform the steps below to complete the migration:
- Identify your PoP. Contact Skyhigh Support to determine your assigned Point of Presence (PoP).
- Update Allow Lists. Based on the PoP where your instance is hosted, add the corresponding IP addresses to your allow list. For details about the specific IP addresses, see About Skyhigh Allow List IP Addresses.
- Request Migration. Once the IP addresses are allowed, contact Skyhigh Support to initiate the instance migration to the new PoP.