Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
With the ServiceNow Tickets Microsoft 365 Copilot connector, your organization can index various tickets that are serviced to users. After you configure the connector and index content from ServiceNow, end users can search for those tickets from any Microsoft Search and Microsoft 365 Copilot client.
This article is for Microsoft 365 administrators or anyone who configures, runs, and monitors a ServiceNow Tickets Copilot connector. It supplements the general instructions provided in the Set up Microsoft 365 Copilot connectors in the Microsoft 365 admin center article.
Each step in the setup process is listed in the following steps, along with either a note that indicates you should follow the general setup instructions or other instructions that apply to only the ServiceNow Copilot connector, including information about Troubleshooting and Limitations.
Prerequisites
ServiceNow Instance URL: To connect to your ServiceNow data, you need your organization's ServiceNow instance URL. Your organization's ServiceNow instance URL typically looks like https://<your-organization-domamin>.service-now.com. (Do not have one? Check how to create a test instance).
Service Account: For the connector setup, you need a service account to set up the connection to ServiceNow and to allow Microsoft Search and Microsoft 365 Copilot to periodically update the ticket details based on the refresh schedule.
Table Access: In ServiceNow, the task table is the base class for ticket management. It can be extended to create ticket applications such as incident, problem, and change management. Learn more about ServiceNow Task tables.
Note
Crawling is done on the child tables that you select for ingestion and the task table.
The service account you use to configure the tickets connection must have read access to the following ServiceNow table records to successfully crawl default ticket fields.
| Feature | Read access required tables | Description |
|---|---|---|
| Index base Task table fields | task |
Read default fields from out of the box task tables |
| Sync user tables | sys_user |
Read user access details for tickets |
sys_user_has_role |
Read role information of users | |
sys_user_grmember |
Read group membership of users | |
sys_user_group |
Read user group segments | |
sys_user_role |
Read user roles | |
cmn_location |
Read location information | |
cmn_department |
Read department information | |
core_company |
Read company attributes |
If you want to index custom properties from extended tables of task table, provide read access to these tables: sys_dictionary and sys_db_object. It is an optional feature. You would be able to index task table properties without access to the two extra tables.
| Feature | Read access required tables | Description |
|---|---|---|
| Index custom fields from a specific table | sys_dictionary |
Crawling custom fields from a specific table like incident, problem, or change_management |
| Select a custom table from your organization | sys_db_object |
Find the list of extended task tables, including custom tables |
You can create and assign a role for the service account you use to connect with Microsoft Search and Microsoft 365 Copilot. Learn how to assign role for ServiceNow accounts. Read access to the tables can be provided to the created role. To learn about setting read access to table records, see Securing Table Records. When providing read access to sys_db_object, you should create two Access Control Lists: one for row access and one for field access.
Get Started: Steps to setup the ServiceNow Tickets Copilot connector
Step 1: Select the ServiceNow Tickets Copilot connector in the Microsoft 365 admin center.
Add the ServiceNow Tickets Copilot connector The connector setup page that opens has 4 sections – Setup, Content, Users, and Sync. First, you need to provide the details for Setup & authorize the connection (covered in Steps 2 to Steps 4) before proceeding to configure the Content, Users & Sync (optional) & then finally create the connection.
Step 2: [Setup] Provide “Display Name”
A display name is used to identify each reference in Copilot, helping users easily recognize the associated file or item. Display name also signifies trusted content. Display name is also used as a content source filter. A default value is present for this field, but you can customize it to a name that users in your organization recognize.
Step 3: [Setup] ServiceNow URL
To connect to your ServiceNow data, you need your organization's ServiceNow instance URL. Your organization's ServiceNow instance URL typically looks like https://your-organization-name.service-now.com.
Step 4: [Setup] Authentication Type
To authenticate and sync content from ServiceNow, choose one of three supported methods:
- Basic authentication
- ServiceNow OAuth (recommended)
- Microsoft Entra ID OpenID Connect
Step 4.1: Basic authentication
Enter the username and password of the ServiceNow account with read access to the task and sys_user tables to authenticate to your instance.
Step 4.2: ServiceNow OAuth
[Select to expand] To use ServiceNow OAuth for authentication, follow these steps.
A ServiceNow admin needs to provision an endpoint in your ServiceNow instance, so that the ServiceNow Tickets Copilot connector can access it. To learn more, see [Create an endpoint for clients to access the instance](https://docs.servicenow.com/bundle/xanadu-platform-security/page/administer/security/task/t_CreateEndpointforExternalClients.html) in the ServiceNow documentation.
The following table provides guidance on how to fill out the endpoint creation form:
| Field | Description | Recommended Value |
|---|---|---|
| Name | Unique value that identifies the application that you require OAuth access for. | Microsoft Search |
| Client ID | A read-only, auto generated unique ID for the application. The instance uses the client ID when it requests an access token. | NA |
| Client secret | With this shared secret string, the ServiceNow instance and Microsoft Search authorize communications with each other. | Follow security best practices by treating the secret as a password. |
| Redirect URL | A required callback URL that the authorization server redirects to. | For M365 Enterprise: https://gcs.office.com/v1.0/admin/oauth/callback, For M365 Government: https://gcsgcc.office.com/v1.0/admin/oauth/callback |
| Logo URL | A URL that contains the image for the application logo. | NA |
| Active | Select the check box to make the application registry active. | Set to active |
| Refresh token lifespan | The number of seconds that a refresh token is valid. By default, refresh tokens expire in 100 days (8,640,000 seconds). | 31,536,000 (one year) |
| Access token lifespan | The number of seconds that an access token is valid. | 43,200 (12 hours) |
Enter the client ID and client secret to connect to your instance. After connecting, use a ServiceNow account credential to authenticate permission to crawl. The account should at least have the read access to task and sys_user tables. Refer to the table mentioned under the Prerequisites section for providing read access to more ServiceNow table records and index user criteria permissions.
Step 4.3: Microsoft Entra ID OpenID Connect
[Select to expand] To use Microsoft Entra ID OpenID Connect for authentication, follow the following steps
Step 4.3.1: Register a new application in Microsoft Entra ID
To learn about registering a new application in Microsoft Entra ID, see Register an application. Select single tenant organizational directory. Redirect URL is not needed. After registration, note down the Application (client) ID and Directory ID (Tenant ID).
Step 4.3.2: Create a client secret
To learn about creating a client secret, see Creating a client secret. Take note of client secret value.
Step 4.3.3: Retrieve Service Principal Object Identifier
Follow the steps to retrieve Service Principal Object Identifier
Run PowerShell.
Install Azure PowerShell using the following command.
Install-Module -Name Az -AllowClobber -Scope CurrentUserConnect to Azure.
Connect-AzAccountGet Service Principal Object Identifier.
Get-AzADServicePrincipal -ApplicationId "Application-ID"Replace "Application-ID" with the Application (client) ID (without quotes) of the application you registered in step 4.3.1. Note the value of ID object from PowerShell output. It is the Service Principal ID.
Now you have all the information required from the Azure portal. A quick summary of the information is given in the following table.
| Property | Description |
|---|---|
| Directory ID (Tenant ID) | Unique ID of the Microsoft Entra tenant, from step 4.3.1. |
| Application ID (Client ID) | Unique ID of the application registered in step 4.3.1. |
| Client Secret | The secret key of the application (from step 4.3.2). Treat it like a password. |
| Service Principal ID | An identity for the application running as a service. (from step 4.3.3) |
Step 4.3.4: Register ServiceNow Application
The ServiceNow instance needs the following configuration:
Register a new OAuth OIDC entity. To learn, see Create an OAuth OIDC provider.
The following table provides guidance on how to fill out OIDC provider registration form
Field Description Recommended Value Name A unique name that identifies the OAuth OIDC entity. Microsoft Entra ID Client ID The client ID of the application registered on the third-party OAuth OIDC server. The instance uses the client ID when requesting an access token. Application (Client) ID from step 4.3.1 Client Secret The client secret of the application registered in the third-party OAuth OIDC server. Client Secret from step 4.3.2 All other values can be default.
In the OIDC provider registration form, you need to add a new OIDC provider configuration. Select the search icon against OAuth OIDC Provider Configuration field to open the records of OIDC configurations. Select New.
The following table provides guidance on how to fill out OIDC provider configuration form
Field Recommended Value OIDC Provider Microsoft Entra ID OIDC Metadata URL The URL must be in the form https://login.microsoftonline.com/<tenandId">/.well-known/openid-configuration
Replace "tenantID" with Directory ID (Tenant ID) from step 4.3.1OIDC Configuration Cache Life Span 120 Application Global User Claim sub User Field User ID Enable JTI claim verification Disabled Select Submit and Update the OAuth OIDC Entity form.
Step 4.3.5: Create a ServiceNow account
Refer the instructions to create a ServiceNow account here: Create a user in ServiceNow.
The following table provides guidance on how to fill out the ServiceNow user account registration.
| Field | Recommended Value |
|---|---|
| User ID | Service Principal ID from step 4.3.3 |
| Web service access only | Checked |
All other values can be left to default.
Step 4.3.6: Enable Task, User table access for the ServiceNow account
Access the ServiceNow account you created with ServiceNow Principal ID as User ID and assign the read access to task and sys_user table. Instructions to assign a role to a ServiceNow account can be found here: Assign a role to a user. Refer to the table mentioned under the Prerequisites section for providing read access to more ServiceNow table records and index custom fields.
Use Application ID as Client ID (from step 4.3.1), and Client secret (from step 4.3.2) in the M365 admin center configuration window to authenticate to your ServiceNow instance using Microsoft Entra ID OpenID Connect.
Once all the details are entered as per any of the mentioned authentication types, Select "Authorize". But before we publish the connection, we need to set up the Content & Users as well for the connector. As part of the custom setup, you can also choose to configure the Sync details (optional) for the connector.
Step 5: [Content] Filter
With a ServiceNow query string, you can specify conditions for syncing tickets. It is like a Where clause in a SQL Select statement. For example, if you choose to index only tickets that are created in the last six months, then you can provide the query as: sys_created_on>javascript:gs.beginningOfLast6Months(). To learn about creating your own query string, see Generate an encoded query string using a filter.
Step 6: [Content] Tables
In this step, you can add or remove available tables from your ServiceNow data source. Microsoft 365 selects the “incident” table by default. You can choose to select more tables from the dropdown provided in this section.
Step 7.1: [Content] Manage Properties
Here, you can add or remove available properties that you want to index from the source tables selected from your ServiceNow data source. Additionally,
- you can define the schema for the property (define whether a property is searchable, queryable, retrievable, or refinable), Learn more about schema attributes here.
- change the semantic label, if needed. Know more about semantic labels here.
- add an alias to the property to enhance search relevance. Learn more about aliases here.
- customize the URL property value in your desired format. Learn more about it here or refer to the following section for quick steps.
The list of properties that you select here can impact how you can filter, search, and view your results in Microsoft 365 Copilot. By default, Microsoft ServiceNow Tickets Copilot connector indexes certain properties.
[Select to expand the default indexed properties]
| Property | Semantic Label | Description | Schema Attributes |
|---|---|---|---|
| AccessUrl | url |
The target URL of the ticket in the data source. | Retrieve |
| AssignedTo | Name of the person to whom the ticket is assigned | Query, Refine, Retrieve | |
| AssignmentGroup | The team or department responsible for working on and resolving the ticket. | Query, Refine, Retrieve | |
| BusinessDaysTaken | A system-calculated field that shows the number of business days it took to complete the ticket. | ||
| Category | The broad classification of the ticket, such as "Hardware," "Software," or "Network." | ||
| CausedBy | Links the current ticket to another record (like a problem or a change request) that caused the issue. | ||
| CausedByURL | The URL field provides a direct link to that causing record. | ||
| ClosedAt | The date and time the ticket was closed. | Query, Retrieve | |
| ClosedBy | The user who closed the ticket. | Query, Retrieve | |
| CompletedWork | Resolution Notes where agents can log the work they've performed to resolve the ticket. | Query, Retrieve | |
| ConfigurationItem | A reference to the specific piece of item or service affected that the ticket relates to. | Query, Retrieve, Search | |
Description [Content] |
Description for the item | Search | |
| DueDate | The date by which the ticket should be resolved | Query, Retrieve | |
| EntityType | Entity Type of the item such as incidents, change request, etc. | Query, Refine, Retrieve | |
| FollowUp | A field used to schedule a follow-up action or reminder for the ticket. | Query, Retrieve | |
| IconUrl | IconUrl |
Icon URL that represents the ticket's type. | Retrieve |
| ItemCategoryPath | The path of the item's category | Query, Refine, Retrieve | |
| Location | The physical location associated with the user or the configuration item. | Query, Retrieve, Search | |
| Number | A unique, system-generated identifier for the ticket (e.g., INC0012345). | Query, Retrieve, Search | |
| OpenedBy | Authors |
Name of people who participated/collaborated on the item in the data source. | Query, Retrieve |
| Parent | Provides the ticket number of the parent ticket. | Query, Retrieve | |
| ParentURL | Provides the URL of the parent tickets | Retrieve | |
| Priority | The importance of the ticket, often calculated based on the ticket's Impact and Urgency. | Query, Refine, Retrieve | |
| RequestedBy | The user who submitted the ticket or requested the service. | Query, Refine, Retrieve | |
| Severity | The degree to which the incident affects the business, which is a factor in determining its Priority. | ||
| ShortDescription | Title |
The title of the item that you want to be shown in search and other experiences. | Retrieve, Search |
| Status | The current state of the ticket in its lifecycle, such as "New," "In Progress," or "Closed." | Query, Refine, Retrieve | |
| Subcategory | A more specific classification within the main category, like "Laptop" under "Hardware." | ||
| SysCreatedBy | Created by |
Name of the person who created the item in the data source. | Query, Retrieve |
| SysCreatedOn | Created date time |
Date and time that the item was created in the data source. | Query, Retrieve |
| SysId | The unique 32-character ID for the ticket record, used for back-end identification | ||
| SysTags | Keywords or tags that can be added to the ticket to improve searchability. | Query, Refine, Retrieve | |
| SysUpdatedBy | Last modified by |
Name of the person who most recently edited the item in the data source. | Query, Retrieve |
| SysUpdatedOn | Last modified date time |
Date and time the item was last modified in the data source. | Query, Refine, Retrieve |
Step 7.2: [Content] Customize URL property
You can customize the URL property (AccessURL) as per your organization's needs. For example, if the URL of the ServiceNow Ticket items in your organization is different from the ServiceNow URL, which opens up through the citation links present in responses to your queries in Microsoft Search or Copilot, then you can use this customization capability to configure the value of the AccessURL property in your desired manner.
Note
Currently to use this capability of customizing the schema property, you need to create a new ServiceNow Tickets connection for your copilot connector. We do not currently support editing an existing connection to make this change in the schema property.
Following are the steps to customize the value of any schema property:
- During connection setup before you publish your connection, select 'Custom Setup' shown at the top of the window & then successfully 'Authenticate' your instance first.
- Next before publishing, select 'Content' tab & go down to the 'Manage Properties' section
- In the table shown under the 'Properties' Column, select the URL property (for example, AccessUrl) which you want to customize
- In the right-side panel that opens, look for 'Default expression' section
- Under this section, enter the default expression that you want to set for the property in the 'New default expression' text field box.
- For any variable components within the expression, reference them by their precise Property Name enclosed within the symbols ${ and }
- Do remember to select 'Save changes' at the bottom of the side panel once all the details are provided for the changes to be saved & become effective for preview.
- Once the expression is defined, you can preview the results by selecting 'Preview data' shown at top the 'Content' tab & scrolling right to the property you customized to ensure the expression is correctly captured as set by you.
For example:
Let us assume that in the ServiceNow Tickets instance for your organization, the URL for a ticket item is shown as
https://instancedomain.service-now.com/esc?id=ticket&table=sc_req_item&sys_id=113851de1b7894&view=sp)
So, we need to use the entire URL as it is & just replace the ticket specific variable component, which is sys_id & table type i.e. Entity Type in this case, with the Exact Property Name (including case match) used to index the sys_id & table type in the connector properties. Look for the table under Manage Properties under Content Tab & search for the property you are looking for (which is SysId & EntityType in this case). So, here we need to provide the expression as
https://instancedomain.service-now.com/esc?id=ticket&table=${EntityType}&sys_id=${SysId}&view=sp
[Select to Expand] Check how to add rules for further customizing the URL based on EntityType or the tables selected for indexing
You can additionally bypass the default expression for select ticket tables by adding rules for defining different default expressions based on property filter like EntityType. Following are the steps to set the rules for defining another default expression for specific ticket items:
Repeat steps 1 to 4 as mentioned earlier.
Under the section 'Set additional rules to configure expressions', select 'Add new rules'
Upon selecting 'Add new rule', a new section opens in the side panel wherein you can
- Select the 'Filter Property', that is, 'EntityType' for ServiceNow Tickets
- Provide the 'Value' for the Filter property using the exact case format as it is in your connection's schema properties. If you want to set the same expression for multiple values of the property, then provide the names of all values separated by comma.
- Define the 'Expression' that you want to set for items belonging to those filter properties.
Once you enter all the details, select 'Save changes' to save your changes & set the rule for the expression
You return to the previous side panel & see that the new rule is added in a table shown under the sub section 'Set additional rules to configure expressions'
Do remember to again select 'Save changes' at the bottom of the side panel once all the details are provided for the changes to be saved & become effective for preview.
If there are more rules to be added, you can further select 'Add new rule' & follow the same steps to set the new rule.
You can also edit or delete an existing rule by selecting the 3 dots (...) that appear on the right-hand side of each row for the rules & then selecting either the 'Edit' or 'Delete' action.
Once the expression is defined, you can preview the results by selecting 'Preview Data' shown at top the 'Content' tab & scrolling right to the desired Property to validate the customized expression.
[Note:]
- If an item is part of multiple rules defined here, then the rule which was defined first in the order of rules is applied, i.e. From the table, the rule which appears first in the table gets applied.
- The changes to the URL property, i.e., setting of default expressions, addition of rules or any edit/delete of rule, starts reflecting in the copilot results only after the next scheduled periodic full crawl.
For example:
In ServiceNow Tickets, if the default URL expression needs to be set differently for tickets belonging to "incident" & "change_request" table, then set rule by choosing Filter as "EntityType", defining its values which are separated by comma as "incident, change_request", and then defining the expression as per the tickets from these tables, let’s say like this-
https://instancedomain.service-now.com/sp?id=ticket&table=${EntityType}&sys_id=${SysId}
Step 8: [Content] Preview Data
Use the preview results button shown at the top of the content page to verify the sample values of the selected properties and query filter.
Step 9: [Users] Access Permissions
The ServiceNow Tickets Copilot connector supports search permissions visible to “Only people with access to this data source”.
Select “Only people with access to this data source” under Access Permissions
Provide at least one rule for all the tables selected for indexing. For each of the tables that appear in the side panel, select the down arrow to expand & then select “Edit rule”.
For each table selected, you can allow “read” permissions for users by selecting the allowed user fields from the dropdown list. Indexed ticket items are visible to only users who have access to them via any of the column fields that you can select, like Assigned to, Opened by, Closed by, etc.
Do the same for the tables that you have selected to index.
Step 10: [Users] Map Identities
Next, you need to further choose whether your ServiceNow instance has Microsoft Entra ID provisioned users or non-Azure AD users. To identify which option is suitable for your organization:
- Choose the default mapping option of “Microsoft Entra ID” if the email ID of ServiceNow users is the same as the UserPrincipalName (UPN), or Mail of the users in Microsoft Entra ID.
- If you believe the default mapping would not work for your organization, choose the “Non-Azure AD” option if the email ID of ServiceNow users is different from the UserPrincipalName (UPN) of users in Microsoft Entra ID. You can provide a custom mapping formula. Know more about mapping Non-EntraID identities here.
Note
- If you choose Microsoft Entra ID as the type of identity source, the connector maps the email IDs of users obtained from ServiceNow directly to UPN property from Microsoft Entra ID.
- If you chose "Non-Azure AD" for the identity type see Map your non-Azure AD Identities for instructions on mapping the identities. You can use this option to provide the mapping regular expression from email ID to UPN.
- Updates to users or groups governing access permissions are synchronized only during periodic full crawls. Incremental crawls do not currently support the processing of updates to item permissions or group membership updates.
Step 11: [Sync] Define incremental & full crawl frequencies - [optional]
The refresh interval determines how often your data is synchronized between the data source and the ServiceNow Tickets Copilot connector index. There are two types of refresh intervals:
- Full crawl: Synchronizes all data at scheduled intervals.
- Incremental crawl: Updates only the changed or new data.
You can change the default values of the refresh interval from here if you want to or just continue with the recommended defaults. Find more details here.
You can see the default values in the following table:
| Refresh Intervals | Default frequency |
|---|---|
| Incremental Crawl | Every 15 min |
| Full Periodic Crawl | Every day |
Note
- Identities or access permissions are only updated with full crawl.
- Incremental crawls do not update permissions or ACLs.
Step 12: [Setup] Rollout to a limited audience.
Deploy this connection to a limited user base if you want to validate it in Copilot and other Search surfaces before expanding the rollout to a broader audience. Know more about limited rollout here.
At this point, you are ready to create the connection for ServiceNow Tickets. You can select the Create button, and the ServiceNow Tickets Copilot connector will now start indexing tickets from your ServiceNow account.
After publishing the connection, you need to customize the search results page. To learn about customizing search results, see Customize the search results page.
Limitations
The ServiceNow Tickets Copilot connector has the following limitations in its latest release:
- Under the Access permissions step in Users tab, “Everyone” feature does not process any permissions. Do not select this option unless you want to test the connection between selected team members in an isolated environment.
- Access permissions do not allow defining role-based ACLs.
Troubleshooting
After publishing your connection and customizing the results page, you can review the status in the Connectors section of the admin center. To learn how to make updates and deletions, see Manage your connector. You can find troubleshooting steps for commonly seen issues here.