The ServiceNow integration enables security and compliance teams to automatically monitor how security issues are tracked and prioritized. It connects Drata to ServiceNow so your team can verify that security issues are logged, categorized, and prioritized according to your organization’s security processes.
Key Capabilities
Security ticket monitoring: Track incidents, problems, and tasks used for security issues
Evidence collection: Verify that security issues are properly logged and prioritized
Optional ticket creation: Allow Drata to create security tickets directly in ServiceNow
This integration is used to automate tests such as security issue tracking verification, helping prove compliance with vulnerability management and incident response policies.
Prerequisites & Data Access
Access to your ServiceNow subdomain
A ServiceNow username and password
Recommended: ServiceNow user with the roles:
adminweb_service_admin
Required Drata Role with Write access: Admin, Workspace Managers, DevOps Engineer
Access Reviewers (Access Reviewers can only Read the connection page they can’t make changes)
Organizations can connect using either:
Admin Setup (Recommended) — Uses existing admin roles for easier setup
Non-Admin Setup (Least Privilege) — Uses a dedicated integration user with a custom role and ACL permissions
Permissions & Data Table
Permission/Scope | Why It’s Needed |
admin | Allows Drata to access ServiceNow records needed to verify security issue tracking |
web_service_admin | Enables API access for ServiceNow web services |
Custom integration role | Grants controlled access for least-privilege integrations |
Table ACL permissions (read/write/create) | Allows Drata to read or optionally create tickets |
Step-by-Step Setup
Step 1: Locate Your ServiceNow Subdomain
Sign in to your ServiceNow instance.
Check the URL in your browser.
Example: If your URL is
https://acme.service-now.com, your subdomain isacme.
Copy the subdomain value.
Expected outcome: You have the ServiceNow subdomain required for authentication.
Step 2: Account Setup
Option 1: Admin Setup (Recommended)
This method uses an existing ServiceNow admin account and is the fastest setup option.
Confirm Admin Roles
In ServiceNow, open the navigation menu and select All.
Navigate to User Administration → Users.
Search for and open the user account you will use for the integration.
In the Roles section, confirm the following roles are present:
adminweb_service_admin
If they are missing:
Click Edit
Locate each role in the collection list
Move them to the selected roles list
Click Save
Expected outcome: The user account has the required ServiceNow roles for API access.
Option 2: Non-Admin Setup (Least Privilege)
This method creates a dedicated integration user with restricted permissions.
Create a Custom Role
In ServiceNow, navigate to All → User Administration → Roles → New.
Enter:
Name/Suffix:
drata_integration_role(or similar)Description: Custom role for Drata API access
Click Save.
Expected outcome: A custom integration role is created.
Step 3: Create a Non-Admin Integration User
Navigate to All → User Administration → Users → New.
Enter the following:
User ID:
integration_userActive: enabled
Web service access only: optional (for API-only access)
Password: set a local password
Save the user record.
Expected outcome: A dedicated integration user exists for the integration.
Step 4: Assign the Role to the User
Open the integration user you created.
Scroll to Roles → Edit.
Add:
Your custom integration role (
x_<instance_prefix>_drata_integration_role)(Optional)
itil(Optional)
snc_platform_rest_api_access
Click Save.
Expected outcome: The integration user has the necessary role assignments.
Step 5: Create Custom ACLs
Before creating ACLs, ensure your account can manage security rules.
Elevate privileges:
Go to User Profile → Elevate role
Enable security_admin
Navigate to All → System Security → Access Control (ACL) → New.
Configure the ACL:
Type: record
Operation: read, write, or create
Name: table name (example:
incident)
Set Requires role to your custom integration role.
Click Submit.
Repeat for required tables such as:
incident
problem
task
sys_user
Expected outcome: The integration role has table-level permissions needed for API access.
Step 6: Configure Ticket Write Access (Optional)
If you want Drata to create tickets, ensure the integration user has create permissions for the relevant tables.
Table | Purpose | Required Role |
/now/table/incident | Create incidents | itil |
/now/table/problem | Create problems | itil |
/now/table/task | Create tasks | itil |
/now/table/sc_task | Create catalog tasks | itil |
/now/table/sc_request | Create service requests | itil or catalog_admin |
/now/table/sn_customerservice_case | Create customer cases | sn_customerservice_agent |
Expected outcome: The integration user can create tickets through the ServiceNow Table API if write access is enabled.
Step 7: Connect ServiceNow in Drata
Log in to Drata → go to the Connections page.
Navigate to your Available Connections.
Search for and start the ServiceNow connection process.
Enter the following when prompted:
ServiceNow subdomain
ServiceNow username
ServiceNow password
Select the ticket types your organization uses for security issues:
Incidents
Problems
Tasks
Enter your Security Tag (must exactly match the tag used in ServiceNow).
Ensure the Priority field is enabled in ServiceNow for your selected ticket types.
(Optional) Enable Write Access if you want Drata to create tickets automatically.
Expected outcome:
ServiceNow is successfully connected and ticket data begins syncing to Drata.
Important Notes
Supported ticket types currently include Incidents, Problems, and Tasks.
The Security Tag must exactly match the tag configured in ServiceNow.
Write access is optional and allows Drata to create security tickets automatically.
Using the admin setup is recommended for the simplest configuration.
Least-privilege setups require correctly configured roles, ACLs, and table permissions. If these are misconfigured, the integration may not retrieve or create tickets successfully.