Skip to main content

Installing the Kandji ServiceNow App

If the app is not installed yet, install the Kandji ServiceNow app in your ServiceNow instance. The install adds dependencies your tenant needs for the integration.
1

Access ServiceNow Store

Go to the ServiceNow store.
2

Find the Kandji ServiceNow app

In the store, search for Kandji to find the Kandji ServiceNow app.
3

Install Kandji ServiceNow app

Install the Kandji ServiceNow app by selecting Get. Sign in to the ServiceNow store if prompted. The account you use must be allowed to install Integration Hub store apps.

Creating an OAuth App

Iru Endpoint uses a ServiceNow OAuth API client with grant type Resource Owner Password Credentials (ROPC) to get access and refresh tokens for your instance.
On ServiceNow Zurich and later releases, set Scope Restriction to Broadly scoped when you create the OAuth API endpoint for external clients. If this field is set to a narrower scope, inbound API calls from Iru Endpoint can fail with errors such as OAuth client does not have unrestricted access to unscoped APIs is not allowed. For more information, see ServiceNow KB2731346.
1

Access ServiceNow

Using a ServiceNow admin account, log in to your ServiceNow tenant (.service-now.com).
2

Navigate to System OAuth

In the Filter navigator, search for System OAuth.
3

Open Application Registry

Click Application Registry.
4

Create OAuth Endpoint

Click Create an OAuth API endpoint for external clients.
5

Configure OAuth App

Give the OAuth app a name (for example, kandji_oauth_api).
6

Set Redirect URL

In the Redirect URL field, enter https://kandji.io.
7

Submit Configuration

Click Submit.
8

Access OAuth App

Go back to the OAuth app that you just created.
9

Copy Client ID

Highlight and copy the Client ID.
10

Reveal Client Secret

Reveal the Client Secret by clicking the padlock.
11

Copy Client Secret

Copy the Client Secret. If you set your own client secret, select Update to save it.

Adding a Service Account

The service account user credentials are used to configure the ServiceNow integration in Iru Endpoint.
Any ServiceNow user account can be used as long as it has access to web services and has the roles cmdb_read, import_transformer, and rest_api_explorer. Create a dedicated service account for this integration when possible.
1

Access ServiceNow

Using a ServiceNow admin account, log in to your ServiceNow tenant (.service-now.com).
2

Navigate to Users

In the Filter navigator, search for Users.
3

Open User Administration

Under User Administration, click Users.
4

Create New User

Click New to add a new user.
5

Configure User Details

Enter a descriptive name for the user (for example, kandji_rest_api_user). Copy the username to a secure location. You need it when you configure the integration in Iru Endpoint.
  • Optionally, enter any additional information required by your organization.
6

Set Web Service Access

Select Web service access only.
7

Submit User Creation

Click Submit.
8

Set User Password

Open the user you just created, then select Set Password.
9

Generate Password

Click Generate to create the new password.
10

Copy Password

Copy the new password.
11

Save Password

Click Save Password. Store the password in a secure location. You enter it in Iru Endpoint when you configure the ServiceNow integration.
12

Close Password Dialog

Click Close to go back to the Users page.
13

Access User Roles

While still on the user page, go to Roles.
14

Edit Roles

Click Edit.
15

Add Required Roles

Add the following roles to the service account user:
  • cmdb_read
  • import_transformer
  • rest_api_explorer
16

Verify Role Assignment

You should see six roles in total: three you added directly and three inherited.
17

Save User Configuration

To complete the user creation, click Save.

Troubleshooting

Verify that Kandji is a Discovery Source

1

Access Dictionary

In ServiceNow, enter Dictionary in the Filter navigator.
2

Open Dictionary

Under System Definition, click Dictionary.
3

Search for Discovery Source

In Dictionary Entries, select Column name, then enter discovery_source.
4

Select CMDB Table

Select the cmdb_ci table.
5

Access Choices Tab

Scroll down and select the Choices tab.
6

Verify Kandji

Confirm Kandji is listed. If it does not appear, search for the label Kandji.

If Kandji does not show up as a Discovery Source

Run kandji_fix_script manually if Kandji does not appear as a discovery source after you install the Kandji ServiceNow app.
1

Access Fix Scripts

In ServiceNow, enter Fix Script in the Filter navigator.
2

Open Fix Scripts

Under System Definition, click Fix Scripts.
3

Search for Fix Script

In Fix Scripts, select Name, then enter kandji_fix_script.
4

Select Fix Script

Open the kandji_fix_script record.
5

Run Fix Script

Click Run Fix Script.
6

Execute in Background

In the Run Fix Script modal, click Proceed in Background.
Kandji should now appear as a discovery source choice in ServiceNow.

Considerations

Service accounts

Prefer a dedicated account for this integration instead of reusing an interactive user, so access and changes are easier to audit.

OAuth

On Zurich and later, set Scope Restriction to Broadly scoped when you create the OAuth app (see Creating an OAuth App). Set the redirect URL to https://kandji.io and store client credentials securely.

Roles

The service account needs cmdb_read, import_transformer, and rest_api_explorer.

Discovery source

After install, confirm Kandji appears under discovery source choices for cmdb_ci in Dictionary.

Troubleshooting

If discovery source or sync looks wrong, run the kandji_fix_script fix script and confirm the service account has the three roles above.

ServiceNow integration: Overview

How inventory flows from Iru Endpoint to ServiceNow tables and transforms, and how SAM Pro data flows when enabled.

ServiceNow integration: Iru Endpoint configuration

Connect Iru Endpoint with your OAuth app and service account, and manage the integration after ServiceNow is ready.