Using credentials with Orchestration

Orchestration activities require credentials to their respective applications to access resources.

Before you can execute Orchestration activities, you must create and configure the corresponding credentials. The type of activity template you use can present different options for your credential configuration. For example, a REST or SOAP activity can use the credentials on the REST or SOAP message record. You can also override certain credentials with credentials configured in the central credential store. If support for OAuth or WS-Security is required, you must use the credentials on the SOAP or REST message record.

Some activity templates, such as PowerShell, SSH, JMS, and SFTP, provide support for resolving credentials through credential tagging. Tagging decouples the credential from an Activity Definition, the credential then resolves based on your environment configuration. This facilitates an easier experience to promote content to a production environment, share content, or publish content to the ServiceNow store. You should always employ credential tagging if it is available.

Syncing to MID: Any change to credential triggers a notification to MID to download latest credentials. This happens almost immediately but as always with any syncing mechanism expect a little bit of delay MID server service account vs Remote credentials. For AD/exchange activities, use credentials of user with right access to domain controller

You should use the central Credentials table, when possible. The Credentials table provides security through ACLs, which require a credential_admin role to access the credentials table. There is also support for on-premise credential stores. The table stores the following: