Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Introduction to credentials, connections, and aliases

Log in to subscribe to topics and get notified when content changes.

Introduction to credentials, connections, and aliases

All application integrations in the ServiceNow platform use connection information, credentials, and aliases to enable their respective applications to access resources.

Before you can execute an application integration in your instance, you must create and configure the corresponding connection information and credentials. Connections pertain to an integration with a system, such as an IP address or endpoint with protocols. It contains specific details, such as database particulars, when integrating with a database. The associated credentials are the authentication data required to make the connection.

Connection information and credentials can vary between QA/Development/Production environments for the same integration. The tight coupling between this data and application metadata, such as workflow or job scheduling, make application metadata obsolete when you change environments. To alleviate this problem, the concept of an alias is introduced, to decouple connections and credentials from application metadata. These aliases allow customers to design their application metadata to pair with an alias, which resolves to connection and credential data during runtime.

There are two types of aliases, a connection and credential alias and a credential alias. Business rules enforce certain constraints on these aliases. Names must contain letters, numbers, and underscores, but cannot use special characters. The alias must be unique in a scope. If you choose to have multiple active connections, you can have more than one active connection in the same domain. If you do not choose this option, you can have only one active connection per domain.
Note: If you enable multiple active connections, the application picks one connection based on an established order. This order depends on the API you use to retrieve connection data.
You can add additional connection attributes to an alias, which are available in connection data during run time. Variables overridden by connection administration during run time should not affect the alias.

The credential alias resolves only credential data. Along with the alias data model, you can use a scriptable API that gets connection and credential data at runtime.

Upgrading credential tags

The upgrade process migrates credential tags to credential aliases. All credential tags in the Credentials [discovery_credentials] table have a corresponding credential alias with this information:
  • Name: Unique alias name
  • Scope: global
  • ID: Alias name
Note: The credential tag field type changes from string to GlideList in the Credential table and the credential alias field refers to the created alias records.

Credential synchronization on MID Servers

Each MID Server in your network synchronized with the instance keeps a copy of every credential that you create. This synchronization speeds up the reading of credentials when applications like Discovery or Service Mapping need to access multiple devices on the network. The MID Servers synchronize when they find a credentials_reload job in the ECC Queue. The reload job instructs the MID Server to make a SOAP call to the instance to get the entire list of credentials in the Credentials [discovery_credentials] table, including all the field values.

The SOAP response that your instance sends to each MID Server also includes custom fields that you added to any credential form that you customized. If you added reference fields, the data in the referenced table is also sent as part of the SOAP response. This can lead to performance issues when credential synchronization occurs with multiple MID Servers. To control this, manually add these properties to the System Properties [sys_properties] table:
Note: To change the values in these properties, add them to the System Properties [sys_properties] table. If you do not add them, the system uses the default value.
Property Description
com.snc.credentials_user_fields Includes all customized fields in credential sync. Set this to false if you do not want to include the fields that you added to credential forms.
  • Type: true | false
  • Default value: true
com.snc.credentials_recursion_depth Defines the number of tables to traverse when the credential sync mechanism collects fields from reference tables. Lower this number if you are experiencing performance issues and you have customized credential forms that include reference fields to tables that also have reference fields.
  • Type: integer
  • Default value: 3