Configuring a ServiceNow instance for Employee Navigator For ServiceNow

Employee Navigator for ServiceNow brings incident, case, and service‑request capabilities directly into Microsoft Teams, giving employees a unified place to get work done.

With its built‑in Catalog Request Agent, users can easily submit and track ServiceNow catalog requests without leaving Teams. This streamlined access reduces context switching, maintains data consistency, and speeds up issue resolution by keeping all essential actions in one familiar interface.

Before you begin

Make sure that the isAzureBot parameter in the skill configuration is set to true. For more information, see Updating the configuration parameters of a skill.

Process overview

The following flow chart explains the tasks required to configure a ServiceNow instance:

Task 1: To obtain a ServiceNow instance

1. Make sure you have access to the ServiceNow instance.
2. Test the ServiceNow instance. 
   For more information, see the Personal Developer Instance (PDI) Guide in ServiceNow documentation.
3. In ServiceNow, configure an External Application Provider.
   1. Open a command-line interface and run the following command to generate a private certificate:
      openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
   2. Use the above private certificate, generate a public certificate. 
      See the following example:
      bin\openssl req -config <path of openssl.cnf> -new -x509 -key private_key.pem -out public_cert.pem -days 3
   3. Log in to the ServiceNow instance, navigate to System Definition > Certificates >  New.
   4. Enter the following details:

      Field name	Description
      Name	Enter a name for the certificate.
      Format	Select PEM.
      Type	Select Trust Store Cert.
      Active	Select the check box.

       

   5. Copy the public_cert.pem file and paste it into the PEM Certificate field in ServiceNow and click Save.
      
   6. Navigate to System OAuth > Application Registry > New.
   7. Select Create an OAuth JWT API endpoint for external clients and enter the following details and click Save.

      Field name	Description
      Name	Enter a name for the OAuth provider.
      Client ID and Client Secret	These fields are auto-populated. You can modify the values if required.
      User Field	Select a user field as required.

       

   8. In the JWT Verifier Maps related list and click New and enter the following details and click Submit.

      Field name	Description
      Name	Enter a name for the verifier map.
      Certificate	Select the certificate created earlier.

       

   9. Click Update to save the record.
      
   10. Navigate to the App Registry list.
   11. Add a new column named Public Client, if it is not already available.

   12. Locate the newly created app registry entry.
       The Public Client value is set to false by default.

   13. Click on the false value next to the Public Client column and change the value to true.
       
4. Create a Read-only user with the following roles and permissions:
   • The user must have read access to Incidents and Change Requests.
   • Assign the sn_incident_read and sn_change_read roles on the development instance.
   • The example user is aiops_ro. Use this user in in scenarios like 5 Whys and GetSituationId to workaround user access constraints.
5. Enable Knowledge API. 
   For more information, see Knowledge API in ServiceNow documentation.
6. To configure ServiceNow integration, in BMC Helix Innovation Studio, enable the Basic and OAuth ServiceNow integration by adding the following fields on the connection_servicenow record definition. For more information, see Adding data sources in BMC HelixGPT.
   
    
7. 

Task 2: To enable read data access for ServiceNow Catalog Request Agent

1. Log in to Innovation Studio and on the Workspace tab, select HelixGPT Agent Studio.
2. On the Records tab, select Agent and click Edit data.
   
3. On the Data editor (Agent) page, select ServiceNow Catalog Request Agent and click Edit.
   
4. In the Edit record window, navigate to the Configuration field and modify the following fields:

   Field	Description
   limit	Specifies the maximum number of catalog results returned per query.
   bot_connection_id	Specifies the user-scoped OAuth connection ID used for user context operations, including search, submission, and request creation.
   connection_id	Specifies the Basic Authentication identifier, required only if oauth_metadata_user is not configured, and it is used exclusively for metadata read operations.
   oauth_metadata_user	Specifies the OAuth service account username that the agent uses to create an OAuth metadata client. When this is configured, connection_id is optional or not used, and the agent uses the OAuth metadata client for all metadata read operations. This field refers to a service account with the required permissions, not an admin role. OAuth tokens cannot be assigned to admin roles in ServiceNow.
   use_portal_link	Specifies whether links open the Service Portal for end users when set to true or the platform UI for admins when set to false.

   Default configuration:

   {
     "limit": 20,
     "bot_connection_id": "AGGIZN0GH37JIATBHCOxxxxxx",
     "connection_id": "",
     "oauth_metadata_user": "api_catalog_agent",
     "use_portal_link": true
   }
5. Click Save.

Where to go from here

Creating a Microsoft Teams bot and application