AWS Security ChangesHomeSearch

AWS quick documentation change

Service: quick · 2026-04-01 · Documentation low

File: quick/latest/userguide/servicenow-integration.md

Summary

Complete rewrite of ServiceNow integration documentation with detailed OAuth setup instructions, authentication methods (user vs. service), available actions table, limitations, and troubleshooting guidance.

Security assessment

The changes add comprehensive security documentation about OAuth authentication setup, client credentials management, and security implications of service authentication. Specifically, it warns that with service authentication, all actions execute as the configured OAuth application user and any Amazon Quick user with access can perform actions using that account's permissions. However, there is no evidence this addresses a specific security vulnerability or incident - it appears to be routine documentation enhancement for a new feature (service authentication/client credentials).

Diff

diff --git a/quick/latest/userguide/servicenow-integration.md b/quick/latest/userguide/servicenow-integration.md
index 4731cb1e6..69e26dee0 100644
--- a//quick/latest/userguide/servicenow-integration.md
+++ b//quick/latest/userguide/servicenow-integration.md
@@ -5 +5 @@
-What you can doBefore you beginSet up ServiceNow integrationAvailable actionsManage ServiceNow integrations
+Before you beginConfigure ServiceNow OAuthSet up the integration in Amazon QuickAvailable actionsLimitationsManage and troubleshoot
@@ -9 +9 @@ What you can doBefore you beginSet up ServiceNow integrationAvailable actionsMan
-With ServiceNow integration in Amazon Quick, you can perform actions within ServiceNow instances, including managing incidents, requests, and other ServiceNow records. This integration supports action execution only and requires Amazon Quick Pro tier or higher.
+Use the ServiceNow integration to perform actions within your ServiceNow instances, including managing incidents, problems, change requests, knowledge base articles, and attachments. This integration uses the ServiceNow REST API. For more information, see [REST API](https://docs.servicenow.com/bundle/xanadu-api-reference/page/build/applications/concept/api-rest.html) in the ServiceNow documentation.
@@ -11 +11 @@ With ServiceNow integration in Amazon Quick, you can perform actions within Serv
-## What you can do
+Setting up this integration involves two steps. First, you configure an OAuth application in your ServiceNow instance. Then, you create the integration in Amazon Quick and connect it to your ServiceNow app. For information about the authentication methods that Amazon Quick supports, see [Authentication methods](./quick-action-auth.html).
@@ -13 +13 @@ With ServiceNow integration in Amazon Quick, you can perform actions within Serv
-With ServiceNow integration, you can perform actions within your ServiceNow instances through the action connector.
+## Before you begin
@@ -15 +15 @@ With ServiceNow integration, you can perform actions within your ServiceNow inst
-**Action connector**
+Before you set up the integration, verify that you have the following.
@@ -16,0 +17 @@ With ServiceNow integration, you can perform actions within your ServiceNow inst
+  * A ServiceNow instance. This integration is validated against the Xanadu release.
@@ -18 +19 @@ With ServiceNow integration, you can perform actions within your ServiceNow inst
-Create, update, and query ServiceNow records such as incidents, requests, changes, and custom tables.
+  * A ServiceNow user account with permissions to create OAuth applications (`admin` role required).
@@ -20 +21 @@ Create, update, and query ServiceNow records such as incidents, requests, change
-###### Note
+  * For service authentication (client credentials), your instance must be running the Washington DC release or later.
@@ -22 +23 @@ Create, update, and query ServiceNow records such as incidents, requests, change
-ServiceNow integration doesn't support data access or knowledge base creation. It's designed specifically for action execution and API interactions with ServiceNow instances.
+  * For subscription requirements, see [Set up integrations in the console](./integration-console-setup-process.html).
@@ -24 +24,0 @@ ServiceNow integration doesn't support data access or knowledge base creation. I
-## Before you begin
@@ -26 +25,0 @@ ServiceNow integration doesn't support data access or knowledge base creation. I
-Before you set up ServiceNow integration, make sure you have the following:
@@ -28 +26,0 @@ Before you set up ServiceNow integration, make sure you have the following:
-  * ServiceNow instance with appropriate permissions.
@@ -30 +28 @@ Before you set up ServiceNow integration, make sure you have the following:
-  * ServiceNow user account or service account credentials.
+## Configure ServiceNow OAuth
@@ -32 +30 @@ Before you set up ServiceNow integration, make sure you have the following:
-  * Amazon Quick Author or higher.
+Before you configure Amazon Quick, create an OAuth application endpoint in your ServiceNow instance. Complete all of the following steps in ServiceNow before moving to the Amazon Quick console.
@@ -34 +32 @@ Before you set up ServiceNow integration, make sure you have the following:
-  * Administrative access to configure OAuth applications (if using user authentication).
+For more information, see [Create an endpoint for clients to access the instance](https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/security/task/t_CreateEndpointforExternalClients.html) in the ServiceNow documentation.
@@ -35,0 +34 @@ Before you set up ServiceNow integration, make sure you have the following:
+### Register the OAuth application
@@ -36,0 +36 @@ Before you set up ServiceNow integration, make sure you have the following:
+To register the OAuth application, complete the following steps.
@@ -37,0 +38 @@ Before you set up ServiceNow integration, make sure you have the following:
+  1. In your ServiceNow instance, navigate to **All** > **System OAuth** > **Application Registry** and choose **New**.
@@ -39 +40 @@ Before you set up ServiceNow integration, make sure you have the following:
-## Set up ServiceNow integration
+  2. Choose **Create an OAuth API endpoint for external clients**.
@@ -41 +42 @@ Before you set up ServiceNow integration, make sure you have the following:
-Follow these steps to create your ServiceNow integration:
+  3. Complete the form:
@@ -43 +44 @@ Follow these steps to create your ServiceNow integration:
-  1. In the Amazon Quick console, choose **Integrations**.
+     * **Name** – A descriptive name for the OAuth application.
@@ -45 +46 @@ Follow these steps to create your ServiceNow integration:
-  2. Choose **ServiceNow** from the integration options, click the Add (plus "+") button.
+     * **Redirect URL** – `https://`{region}`.quicksight.aws.amazon.com/sn/oauthcallback`
@@ -47 +48 @@ Follow these steps to create your ServiceNow integration:
-  3. Fill in the integration details:
+Replace `{region}` with your AWS Region (for example, `us-east-1`).
@@ -49 +50 @@ Follow these steps to create your ServiceNow integration:
-     * **Name** \- Descriptive name for your ServiceNow integration.
+  4. Choose **Submit**.
@@ -51 +52 @@ Follow these steps to create your ServiceNow integration:
-     * **Description** (Optional) - Purpose of the integration.
+  5. Reopen the application registry entry and choose the lock icon next to **Client Secret** to reveal the value.
@@ -53 +54 @@ Follow these steps to create your ServiceNow integration:
-  4. Choose your connection type:
+  6. Copy the **Client ID** and **Client Secret** values. You need these when you configure the integration in Amazon Quick.
@@ -55 +55,0 @@ Follow these steps to create your ServiceNow integration:
-     * **User authentication** \- OAuth-based authentication for individual user access.
@@ -57 +56,0 @@ Follow these steps to create your ServiceNow integration:
-     * **Service authentication** \- API key-based authentication for service access.
@@ -59 +57,0 @@ Follow these steps to create your ServiceNow integration:
-  5. Fill in the connection settings based on your selected authentication method (either user or service):
@@ -61 +59 @@ Follow these steps to create your ServiceNow integration:
-    1. For **User authentication (OAuth)** , configure the following fields:
+### Additional steps for service authentication (client credentials)
@@ -63 +61 @@ Follow these steps to create your ServiceNow integration:
-       * **Base URL** \- ServiceNow instance URL (for example, https://your-instance.service-now.com).
+If you plan to use service authentication, complete these additional steps after registering the OAuth application. The client credentials grant type was introduced in the ServiceNow Washington DC release. For more information, see [Up Your OAuth2.0 Game: Inbound Client Credentials with Washington DC](https://www.servicenow.com/community/developer-blog/up-your-oauth2-0-game-inbound-client-credentials-with-washington/ba-p/2816891) in the ServiceNow Community.
@@ -65 +63 @@ Follow these steps to create your ServiceNow integration:
-       * **Client ID** \- ServiceNow OAuth application client ID.
+  1. Enable the client credentials grant type. Navigate to `sys_properties.list` using the filter navigator and create a new system property with the following values:
@@ -67 +65 @@ Follow these steps to create your ServiceNow integration:
-       * **Client Secret** \- ServiceNow OAuth application client secret.
+     * **Name** – `glide.oauth.inbound.client.credential.grant_type.enabled`
@@ -69 +67 @@ Follow these steps to create your ServiceNow integration:
-       * **Token URL** \- ServiceNow OAuth token endpoint.
+     * **Type** – `true | false`
@@ -71 +69 @@ Follow these steps to create your ServiceNow integration:
-       * **Auth URL** \- ServiceNow OAuth authorization endpoint.
+     * **Value** – `true`
@@ -73 +71 @@ Follow these steps to create your ServiceNow integration:
-       * **Redirect URL** \- OAuth redirect URI.
+  2. Verify that the following plugins are installed (navigate to **Admin** > **Application Manager**):
@@ -75 +73 @@ Follow these steps to create your ServiceNow integration:
-ServiceNow OAuth authentication doesn't require specific OAuth scopes - access is controlled through ServiceNow's role-based permissions system.
+     * OAuth 2.0 (`com.snc.platform.security.oauth`)
@@ -77 +75 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-    2. For **Service authentication (API Key)** , configure the following fields:
+     * REST API Provider (`com.glide.rest`)
@@ -79 +77 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-       * **API Key** \- ServiceNow API access token.
+     * Authentication scope (`com.glide.auth.scope`)
@@ -81 +79 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-       * **Base URL** \- ServiceNow instance URL.
+     * REST API Auth Scope Plugin (`com.glide.rest.auth.scope`)
@@ -83 +81 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-       * **Email** \- Associated ServiceNow user email.
+  3. Return to your OAuth application in **System OAuth** > **Application Registry**. Add the **OAuth Application User** field to the form if it isn't visible (use **Configure** > **Form Builder** to add it).
@@ -85 +83 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-  6. Select **Create and continue**.
+  4. Set the **OAuth Application User** to an appropriately permissioned user, such as a user with the System Administrator role.
@@ -87 +84,0 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-  7. Choose users to share the integration with.
@@ -89 +85,0 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-  8. Click **Next**.
@@ -91,0 +88 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
+###### Important
@@ -92,0 +90 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
+With service authentication, all actions execute as the configured OAuth application user. Any Amazon Quick user with access to this integration can perform actions using that account's permissions. Configure the account permissions to match your organization's security requirements.
@@ -94 +92,19 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-## Available actions
+## Set up the integration in Amazon Quick
+
+After you complete the ServiceNow OAuth configuration, create the integration in Amazon Quick.
+
+  1. In the Amazon Quick console, choose **Integrations**.
+
+  2. Choose **ServiceNow** and choose the Add (plus "+") button.
+
+  3. Enter the integration details:
+
+     * **Name** – Descriptive name for your ServiceNow integration.
+
+     * **Description** (Optional) – Purpose of the integration.
+
+  4. Choose your connection type and fill in the connection settings:
+
+    1. For **User authentication (OAuth)** , configure the following fields:
+
+       * **Base URL** – `https://`{your-instance}`.service-now.com`
@@ -96 +112 @@ ServiceNow OAuth authentication doesn't require specific OAuth scopes - access i
-After you create your ServiceNow integration, you can review the available actions for interacting with ServiceNow instances. Common ServiceNow actions include:
+       * **Client ID** – Client ID from your ServiceNow OAuth application.
@@ -98 +114 @@ After you create your ServiceNow integration, you can review the available actio
-  * Create, read, update, and delete (CRUD) operations on ServiceNow tables.
+       * **Client Secret** – Client secret from your ServiceNow OAuth application.
@@ -100 +116 @@ After you create your ServiceNow integration, you can review the available actio
-  * Manage incidents, requests, and change records.
+       * **Token URL** – `https://`{your-instance}`.service-now.com/oauth_token.do`
@@ -102 +118 @@ After you create your ServiceNow integration, you can review the available actio
-  * Query ServiceNow data using REST API.
+       * **Auth URL** – `https://`{your-instance}`.service-now.com/oauth_auth.do`
@@ -104 +120 @@ After you create your ServiceNow integration, you can review the available actio
-  * Execute ServiceNow workflows and business rules.
+       * **Redirect URL** – `https://`{region}`.quicksight.aws.amazon.com/sn/oauthcallback`
@@ -106 +122 @@ After you create your ServiceNow integration, you can review the available actio
-  * Manage user accounts and group memberships.
+    2. For **Service authentication (client credentials)** , configure the following fields:
@@ -108 +124 @@ After you create your ServiceNow integration, you can review the available actio
-  * Access ServiceNow reports and analytics.
+       * **Authentication type** – Service-to-service OAuth
@@ -109,0 +126 @@ After you create your ServiceNow integration, you can review the available actio
+       * **Base URL** – `https://`{your-instance}`.service-now.com`
@@ -110,0 +128 @@ After you create your ServiceNow integration, you can review the available actio
+       * **Client ID** – Client ID from your ServiceNow OAuth application.
@@ -111,0 +130,47 @@ After you create your ServiceNow integration, you can review the available actio
+       * **Client Secret** – Client secret from your ServiceNow OAuth application.
+
+       * **Token URL** – `https://`{your-instance}`.service-now.com/oauth_token.do`
+
+  5. Choose **Create and continue**.
+
+  6. Choose users to share the integration with.
+
+  7. Choose **Next**.
+
+
+
+
+For user authentication, navigate to **Integrations** > **Actions** > your ServiceNow integration name, and choose **Sign in** to complete the OAuth authorization flow.
+
+## Available actions
+
+After you set up the integration, the following actions are available.
+
+ServiceNow available actions Category | Action | Description  
+---|---|---  
+Incidents | List Incidents | Retrieve existing incidents.  
+Incidents | Create Incident | Create an incident record to document a deviation from an expected standard of operation.  
+Incidents | View Incident | Retrieve the details of a specific incident.  
+Incidents | Update Incident | Update an incident record.