Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Domain separation and Trusted Security Circles

Log in to subscribe to topics and get notified when content changes.

Domain separation and Trusted Security Circles

This is an overview of domain separation in Trusted Security Circles. Domain separation allows you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.


Support: Level 2

Domain separation is supported in this application. Not all ServiceNow applications support domain separation; some include limitations on the data and administrative settings that can be domain separated. To learn more, see Application support for domain separation.

How domain separation works in Trusted Security Circles

Domain separation enables MSPs to standardize Trusted Security Circles procedures across the customer base they serve with lowered operational costs and a higher quality of service.

Separate customer workspaces for workflows, dashboards, reports, and so forth ensures that customer data is separated and never exposed to other clients.

Domain separation support in Trusted Security Circles by version releases

Release Support level Notes
Jakarta Level 2 (Data, Requestor, Fulfiller)
Kingston Level 2 (Data, Requestor, Fulfiller)
London Level 2 (Data, Requestor, Fulfiller)

Domain separation setup

Setting up domain separation for Trusted Security Circles requires that you request domain separation, register the central instance for each domain, and configure the job queue.
Important: If you are using domain separation, you must activate the Domain Support - Domain Extensions plugin before activating Trusted Security Circles. Several of the setup steps are also different for domain separation setup.

Request domain separation

All domain support features are activated with a plugin called Domain Support - Domain Extensions Installer. Administrators can request activation of this plugin.

Before you begin

To purchase a subscription, contact your ServiceNow account manager. The account manager can arrange to have the plugin activated on your organization's production and sub-production instances, generally within a few days.

If you do not have an account manager, decide to delay activation after purchase, or want to evaluate the product on a sub-production instance without charge, follow these steps.

Role required: none

About this task

Warning: Before activating domain separation, consult your representative to verify that it is suitable for your environment. Domain separation adds a level of administration overhead. Although it can be disabled, it cannot be removed from an instance.

If the Domain Support - Domain Extensions Installer plugin is already active, content in the Domain Support - Domain Extensions Installer plugin will not be installed to avoid potential conflict with an existing implementation.

Domain separation replaces Company Separation. The Company Separation plugin can no longer be activated. However, if company separation is already active when you activate domain separation, both plugins are active at the same time. You can control the company separation activation status with the glide.db.separation.field property.

Note: Domain paths are used for all customers on Helsinki and later. Domain numbering is no longer used. ServiceNow Technical Support can assist in the upgrade.


  1. In the HI Service Portal, click Service Requests > Activate Plugin.
  2. Fill out the form.
    Target Instance Instance on which to activate the plugin.
    Plugin Name Name of the plugin to activate.
    Specify the date and time you would like this plugin to be enabled

    Date and time must be at least 2 business days from the current time.

    Note: Plugins are activated in two batches each business day in the Pacific timezone, once in the morning and once in the evening. If the plugin must be activated at a specific time, enter the request in the Reason/Comments.
    Reason/Comments Any information that would be helpful for the ServiceNow personnel activating the plugin such as if you need the plugin activated at a specific time instead of during one of the default activation windows.
  3. Click Submit.


Activating the Domain Extension Installer plugin enables these features:
  • Domain separation is based on the Domain [sys_domain] table.
  • Delegated administration lets each domain have separate policy.
  • All records are part of the global domain.
  • The current user's domain determines the domain to use when viewing or operating on a record in a different domain.

Register the Trusted Security Circles central instance for each domain

If domain separation is not installed, registration to the global domain occurs automatically. If you have installed domain separation, manually register the Trusted Security Circle central instance for each of your domains.

Before you begin

If you are using the basic level of Trusted Security Circles, it is activated automatically when you activate Security Incident Response. Trusted Security Circles Client (Advanced) is available as a separate subscription.
When domain separation is activated, two additional modules appear in the Trusted Security Circles navigation bar:
  • Job Queue Entries
  • Registration

Role required: sn_tis_admin


  1. If it is not already activated, active the appropriate level of Trusted Security Circles.
  2. Navigate to Trusted Security Circles > Registration.
  3. From the Domain () drop-down list, select the domain you want to register to the Trusted Security Circles central instance.
  4. Click Register.
  5. You can verify that the domain registration completed successfully by navigating to Trusted Security Circles > Circles.

Configure the job queue

The job queue is used to execute scheduled jobs for getting messages from the central instance, processing records in the central instance, and refreshing records from central for your domain or for each of your domains (if you are using domain separation).

Before you begin

Role required: admin


  1. Navigate to Trusted Security Circles > Job Queue Entries.
  2. In the Job Queue Entries screen, click New.
  3. From the Domain () drop-down list, select the domain for which you want to configure the job queue.
  4. Fill in the fields as appropriate.
    Field Description
    Job Click the lookup icon and select the scheduled job executer you want to use for the selected domain.
    Last Run Displays the date and time when the job was last run. The oldest job will be the next one to run.
    Domain User Select the user in this domain who is identified as the person running this job.
  5. Click Submit.
  6. Repeat these steps as needed to select other jobs for this domain and for other domains (if you are using domain separation).