Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure ServiceNow Encryption for Files and Attachments

Use this procedure to enable encryption for ServiceNow files and attachments. 

Elevate the ServiceNow Role

  1. Log in to ServiceNow using Administrator credentials.
  2. Navigate to System AdministratorElevate Roles to open the Elevator Roles dialog box.
  3. To elevate the role from System Administrator to Security Administrator, select the security_admin checkbox.
  4. Click OK to save your changes.

Activate the Encryption Support Plugin

For detailed instructions about activating the encryption support plugin, see

  1. In ServiceNow, navigate to System Definition > Plugins. You are redirected to the All Applications page.
  2. To redirect to the legacy list view for plugins, click click here.
  3. You can search for Encryption Support in the search bar. When you find the required plugin, click Install.

     The Plugin is installed and activated.

Configure Encryption Contexts

For detailed instructions about configuring Encryption Contexts, see 

  1. In ServiceNow, navigate to System Security > Field Encryption > Encryption Contexts
  2. Click New and enter the required details in the form.
  3. Click Submit.

Configure Encryption Contexts for Admin or Non-Admin Users

To add encryption context associated with admin or non-admin users, perform the following steps. 

  1. In ServiceNow, navigate to System Security > Roles and open the role record to associate with the encryption context, or create a role.
  2. Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
  3. Select the Encryption context to associate with the role.
  4. Click Update.

More Information

To use the encryption context, users must log out of the instance and log in again.

The file attached to any object in ServiceNow displays an option to Encrypt. For example: Attach a file "hotfix copy 10.docx" to an incident INC0010005 in a user account:

When ServiceNow encrypts a file, it displays a lock symbol, as shown:

If the ServiceNow Admin has configured a Near Real Time DLP policy to detect sensitive information from the file and has configured the policy to delete the sensitive details, then the encrypted file is replaced with a tombstone file as part of Skyhigh CASB Near Real Time DLP.

  • Was this article helpful?