Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The ServiceNow Knowledge Copilot connector enables organizations to surface ServiceNow knowledge base (KB) articles within Microsoft 365 Copilot experiences. This article describes the steps to deploy and customize the ServiceNow Knowledge connector.
For advanced ServiceNow configuration information, see Set up the ServiceNow Knowledge service for connector ingestion.
Prerequisites
The following table summarizes the steps to configure the ServiceNow environment and deploy the ServiceNow Knowledge connector.
| Role | Task |
|---|---|
| ServiceNow admin | Configure the environment |
| ServiceNow admin | Set up prerequisites |
| Microsoft 365 admin | Deploy the connector in the Microsoft 365 admin center |
| Microsoft 365 admin | Customize connector settings (optional) |
Before you deploy the connector, make sure that the following prerequisites are met:
- You're a Microsoft 365 admin.
- You have access to a configured ServiceNow instance.
- REST API access is enabled for the required ServiceNow tables.
- Access control lists (ACLs) are configured to allow read access for the connector.
- You identified the ServiceNow instance URL.
Deploy the connector
To add the ServiceNow Knowledge connector for your organization:
- In the Microsoft 365 admin center, in the left pane, choose Copilot > Connectors.
- Go to the Connectors tab, and in the left pane, choose Gallery.
- From the list of available connectors, choose ServiceNow Knowledge.
Set display name
The display name is used to identify references in Copilot responses and helps users recognize the associated file or item. It also signifies trusted content and is used as a content source filter.
You can accept the default ServiceNow display name or customize it to use a name that users in your organization recognize.
For more information, see Enhance Copilot discovery of connector content.
Choose flow based on user criteria
The ServiceNow Knowledge connector supports two flows for user criteria permissions: Simple and Advanced.
The default is Simple. In this flow, advanced script-based user criteria and knowledge base (parent)-level user criteria aren't considered when article (child)-level user criteria are considered.
If your ServiceNow instance uses Advanced Scripts in your knowledge base or article-level user criteria or you want the connector to evaluate knowledge base or parent-level permissions when it evaluates article permissions, use the Advanced flow. This flow ensures accurate permissions handling when content is ingested into Microsoft Graph. For more information, see Check for advanced scripts and hierarchical permissions.
Set instance URL
To connect to your ServiceNow site, use your site URL, which is typically the following format:
https://<instance-name>.service-now.com
You can find your instance name in the ServiceNow admin dashboard or by checking the sign in URL used by your organization.
Choose authentication type
Choose the authentication method that aligns with your organization's security policies. The ServiceNow connector supports the following authentication types:
- Basic Authentication - Enter the username and password of a ServiceNow account with the knowledge role to authenticate to your instance.
- OAuth 2.0 (recommended) - For details, see OAuth 2.0.
- Microsoft Entra ID OpenID Connect - For details, see Microsoft Entra ID OpenID Connect.
OAuth 2.0
Provision an OAUTH endpoint in your ServiceNow instance for the ServiceNow Knowledge connector to access. For more information, see Create an endpoint for clients to access the instance.
Use the information in the following table to complete the endpoint creation form.
| Field | Description | Recommended value |
|---|---|---|
| Name | Unique value that identifies the application that you require OAuth access for. | Microsoft Search |
| Client ID | A read-only, autogenerated unique ID for the application. The instance uses the client ID when it requests an access token. | NA |
| Client secret | With this shared secret string, the ServiceNow instance and Microsoft Search authorize communications with each other. | Follow security best practices by treating the secret as a password. |
| Redirect URL | A required callback URL that the authorization server redirects to. | For M365 Enterprise: https://gcs.office.com/v1.0/admin/oauth/callback, For M365 Government: https://gcsgcc.office.com/v1.0/admin/oauth/callback |
| Logo URL | A URL that contains the image for the application logo. | NA |
| Active | Select the check box to make the application registry active. | Set to active |
| Refresh token lifespan | The number of seconds that a refresh token is valid. By default, refresh tokens expire in 100 days (8,640,000 seconds). | 31,536,000 (one year) |
| Access token lifespan | The number of seconds that an access token is valid. | 43,200 (12 hours) |
Enter the client ID and client secret to connect to your instance. After you connect, use a ServiceNow account credential to authenticate permission to crawl. The account should at least have the knowledge role. For information about the table records and index user criteria permissions to provide read access to, see Set up permissions to index items.
Microsoft Entra ID OpenID Connect
To use Microsoft Entra ID OpenID Connect:
Register a new app as a single tenant in Microsoft Entra ID. A redirect URI isn't required. For more information, see Register an application.
Copy the Application (client) ID and Directory (tenant) ID for the app.
Create a client secret for the app and save it securely.
- Go to Manage > Certificates and secrets.
- Choose new client secret.
- Provide a name and choose Save.
Use the following PowerShell cmdlets to retrieve the service principal object ID.
Install-Module -Name Az -AllowClobber -Scope CurrentUserConnect-AzAccountGet-AzADServicePrincipal -ApplicationId "Application-ID"Replace "Application-ID" with the Application (client) ID of the application you registered in step 2. Note the value of the ID object from the PowerShell output; this value is the Service Principal Object ID.
Alternatively, you can retrieve the information from the Microsoft Entra admin center:
a. On the app registration, go to Overview. b. Choose managed application in local directory. c. Choose the URL and copy the ObjectID. This is the Service Principal Object ID.
In your ServiceNow instance, register a new OAuth OIDC entity. For details, see Create an OAuth OIDC provider. Use the values listed in the following table in the registration form; leave the default values for the other fields.
| Field | Description | Value |
|---|---|---|
| Name | A unique name for the OAuth OIDC entity. | Microsoft Entra ID |
| Client ID | From Microsoft Entra ID registration | Application (client) ID |
| Client Secret | From Microsoft Entra ID registration | Client secret |
Note
After you create the OAuth OIDC entity, the client secret is generated automatically in ServiceNow. Replace this client secret with the client secret generated in the Microsoft Entra Admin center.
In the OAuth OIDC Provider Configuration field, select the search icon, and then select New.
Fill out OIDC provider configuration form as follows:
Field Value OIDC Provider Microsoft Entra ID OIDC Metadata URL Use the following URL: https://login.microsoftonline.com/<tenantId>/.well-known/openid-configuration.
Replace<tenantId>with the Directory (tenant) ID.OIDC Configuration Cache Life Span 120 Application Global User Claim sub User Field User ID Enable JTI claim verification Disabled Choose Submit to save the configuration.
Create a ServiceNow account. For details, see Create a user in ServiceNow. Use the following values; leave other fields as default:
| Field | Recommended value |
|---|---|
| User ID | Service Principal ID |
| Web service access only | Checked |
- Assign the Knowledge role to the ServiceNow account. For details, see Assign a role to a user. Use the Application ID as the Client ID and Client secret in the admin center configuration wizard to authenticate with Microsoft Entra ID OpenID Connect.
Add API namespace
If you're using the Advanced flow, enter the API namespace that you created in your ServiceNow instance. For details, see Set up REST API.
Roll out
To roll out to a limited audience, choose the toggle next to Rollout to limited audience and specify the users and groups to roll the connector out to. For more information, see Staged rollout for Copilot connectors.
Choose Create to deploy the connection. The ServiceNow Knowledge Copilot connector starts indexing content right away.
The following table lists the default values that are set. To customize these values, see Customize settings.
| Category | Setting | Default value |
|---|---|---|
| Users | Access permissions | Only people with access to the content in the data source. |
| Users | Map identities | Data source identities mapped using Microsoft Entra IDs. |
| Content | Query string | active=true^workflow_state=published |
| Content | Manage properties | To see default properties and schemas, see Manage properties. |
| Sync | Incremental crawl | Frequency: Every 15 minutes |
| Sync | Full crawl | Frequency: Every day |
After you create your connection, you can review the status in the Connectors section of the Microsoft 365 admin center.
Customize settings
You can customize the default values for the ServiceNow Knowledge connector settings. To customize settings, on the connector page in the admin center, choose Custom setup.
Customize user settings
Access permissions
The ServiceNow Knowledge Copilot connector supports the following user search permissions:
- Everyone
- Only people with access to this data source (default)
If you choose Everyone, indexed data appears in the search results for all users. If you choose Only people with access to this data source, indexed data appears in the search results for users who have access to it.
If you select the Simple flow for reading user criteria permissions, the ServiceNow Knowledge connector treats permissions in the following way:
- If an article has
Can Readuser criteria, those criteria are applied during ingestion. Knowledge base-levelCan ReadorCan Contributeuser criteria are ignored. - If both article and knowledge base have
Cannot Readuser criteria, both are honored. - If a user is part of the article-level
Can Readuser criteria but not the knowledge base-level, they might still see the article in Microsoft 365 surfaces even if they can't access it in ServiceNow. To prevent users from seeing the article, remove the user from the article-levelCan Readuser criteria. - If a knowledge article doesn't have a user criterion applied, it appears in the results for everyone in the organization.
If you select the Advanced flow for reading user criteria permission, both knowledge base (parent)-level and knowledge article (child)-level permissions are considered when evaluating article level permissions. This is how permissions are handled in ServiceNow. For more information, see Managing access to knowledge bases and knowledge articles.
Note
The Advanced flow permissions management functionality is currently in preview.
Mapping identities
By default, ServiceNow maps email IDs to Microsoft Entra ID (UPN or Mail). You can provide a custom mapping formula if your organization uses different identity attributes. For more information, see Map non-Microsoft Entra ID identities.
Customize content settings
Query string
ServiceNow uses the following default filter: active=true^workflow_state=published.
You can modify this filter to index only specific articles based on your organizational needs. Use ServiceNow’s encoded query string builder to create custom filters. For more information, see Generate an encoded query string through a filter.
Manage properties
You can manage properties in the following ways:
- Add properties to index from ServiceNow.
- Customize the AccessUrl property to reflect your organization’s URL format.
The following table lists the properties that the ServiceNow Knowledge connector indexes by default.
Note
You can view but not edit the schema attributes (Searchable, Queryable, Retrievable, Refinable), semantic labels, and aliases for these properties.
| Property | Semantic Label | Description | Schema Attributes |
|---|---|---|---|
| AccessUrl | url | The target URL of the item in the data source. | Retrieve |
| Active | A Boolean field that indicates whether the article is currently active and can be viewed or searched by users. | ||
| ArticleType | The format of the article, often an HTML or Wiki type. | Query | |
| Author | Authors | All the people who participated/collaborated on the item in the data source | Query, Refine Retrieve |
| CanReadUserCriteria | Provides the user criteria that define the audience that has access to view the article. | ||
| CannotReadUserCriteria | Provides the user criteria that define the audience that is explicitly denied access to view the article. | ||
| CmdbCi | A reference to a Configuration Item (CI) from the CMDB, linking the article to a specific asset or service. | Query, Retrieve, Search | |
| Description | A brief summary of the article's content, which helps users understand what the article is about from search results. | Retrieve, Search | |
| Direct | This field's function isn't a common and is likely a customization. | ||
| DisableCommenting | A Boolean field to prevent users from adding comments to the article | ||
| DisableSuggesting | A Boolean field to prevent users from suggesting changes to the article. Removes 'Flag Article' button from the article | ||
| DisplayAttachments | A Boolean field that controls whether attachments are displayed on the article's page. | ||
| EntityType | The type of entity the article is about (Knowledge) | Query, Refine, Retrieve | |
| Flagged | A Boolean field that is set to true if a user flagged the article for review due to an issue with its content. |
Query | |
| GeneratedWithNowAssist | A flag that indicates if the article was created with the help of ServiceNow's AI assistant. | Query | |
| HelpfulCount | The number of times users marked the article as helpful. | ||
| IconUrl | IconUrl | Icon URL that represents the article's category or type. | Retrieve |
| Image | A reference to an image used for the article's thumbnail displays next to short description | ||
| InstrumentationMetadata | A field that stores technical metadata about the article's creation and usage. | ||
| ItemPath | The path of the article within the knowledge base hierarchy. | Query, Refine, Retrieve, Search | |
| KbCategory | The category the article belongs to within its knowledge base. | Query, Retrieve, Search | |
| KbKnowledgeBase | The knowledge base the article is stored in. | Query, Retrieve, Search | |
| KbKnowledgeBaseUrl | A URL linking to the knowledge base | Query, Retrieve | |
| Meta | A field to add search keywords (meta tags) to the article to improve search engine results. | ||
| MetaDescription | A short description used in search engine results | Retrieve, Search | |
| Number | A unique identifier automatically assigned to the knowledge article, such as 'KB0000001' | Query, Retrieve, Search | |
| PreviewContent | The content used for a quick preview of the article. | Retrieve | |
| Published | A date/time stamp indicating when the article was published and made visible to users. | Query, Retrieve | |
| Rating | The average rating given to the article by users. | Query, Retrieve | |
| ReplacementArticle | A field that points to a newer, more up-to-date article that replaced this one. | ||
| Retired | A date/time stamp for when the article was retired | ||
| Roles | Specifies which user roles can view or search the article. If empty, all users can see | ||
| ShortDescription | Title | The title of the item that you want to be shown in Copilot and other search experiences | Query, Retrieve, Search |
| Source | The source task from which the article originated, can be another record in ServiceNow (like an incident or problem). | Query | |
| SysClassName | Identifies the template for the knowledge. Knowledge for standard templates, Other values can be FAQ, How to, and so on. | ||
| SysCreatedBy | Created by | Name of the person who created the article | Query, Refine, Retrieve |
| SysCreatedOn | Created date time | Date and time that the article was created | Query, Refine, Retrieve |
| SysDomain | The domain to which the knowledge article belongs in a multi-domain instance | ||
| SysDomainPath | System-generated string that represents the hierarchical path of a knowledge article's domain. | ||
| SysId | The unique 32-character ID for the article, used for backend identification. | Query, Retrieve | |
| SysModCount | The number of times the article was modified. | Retrieve | |
| SysTags | Keywords or tags that can be added to the article to improve searchability and organization. | Query, Refine, Retrieve, Search | |
| SysUpdatedBy | Last modified by | Name of the person who most recently edited the article. | Query, Refine, Retrieve |
| SysUpdatedOn | Last modified date time | Date and time when the item was last modified | Query, Refine, Retrieve |
| SysViewCount | The number of times the article was viewed. | Query, Retrieve | |
| TaxonomyTopic | A reference to a topic in a defined taxonomy, used for a structured organization. | Query, Retrieve, Search | |
| Topic | Another field for article categorization | Query, Retrieve, Search | |
| UseCount | The number of times the article was attached to another record, like an incident or problem. | ||
| ValidTo | The expiration date of the article. After this date, article won't be returned in search result | Query, Retrieve | |
| ViewAsAllowed | Allow a permitted user to search and view this article as another user | ||
| WorkflowState | The current state of the article in its lifecycle, such as 'Draft', 'Review', 'Published', or 'Retired'. | Query, Refine, Retrieve | |
Content Content |
The main body of the article, where the detailed information is written. | Search |
Customize AccessURL property
You can customize the AccessURL property according to the needs of your organization; for example, if the URL of the ServiceNow Knowledge articles in your organization is different from the ServiceNow URL that opens when a user selects a citation link in a Copilot or Microsoft Search response, you can update the value of the AccessURL property accordingly. For more information, see Customize values for certain schema properties.
Customize sync intervals
Configure the sync schedule to keep indexed content up to date:
- Full crawl – Reindexes all content and permissions. The default frequency is daily.
- Incremental crawl – Syncs only changed content, not permission updates. The default frequency is every 15 minutes.
For more information, see Guidelines for sync settings.