Long due post on this about a feature which many of us have been waiting for (IRE rules for the non-CMDB tables).
If you’ve ever tried pulling user data into ServiceNow from more than one system, you know it can get messy fast. HR wants to push employee info, IT relies on Azure AD, and suddenly you’ve got duplicates, missing managers, and half of the workflows start breaking.
With the Washington release, ServiceNow provideda a very handy feature of Identification and Reconciliation Engine (IRE) rules on non-CMDB tables like sys_user. In plain words, that means we can finally apply the same governance we’ve been using in the CMDB to our user records
Most orgs don’t have one clean source of truth for users:
ERP/HR feeds know about job titles, cost centers, hire dates.
Active Directory knows about logins, emails, groups.
Sometimes even contractor/vendor systems get in the mix.
If you just point multiple integrations at the sys_user table without rules, you’ll end up with duplicates or worse—one feed overwriting critical data from another.
Here’s the simple recipe I’ve used:
Bring in the feeds
Set up your ERP and AD integrations as usual (REST, Graph API, etc.). Treat them as separate data sources. Please note that for the Azure Active Directory, you may need to move away from the Microsoft Azure Pllugin for Active Directory (as it doesnt support the IRE rules). We had build the custom integration for the Azure Active Directory with the graph APIs to fetch user information, manager, groups.Build transform maps
Use robust transform maps to clean and map fields before they hit sys_user.
Pro tip: use scripting in the map to add fallback logic—e.g., “if ERP manager is blank, take it from AD.”Define IRE rules
Pick your unique identifiers (email or employee number usually work).
Define precedence per field. For example:
First/Last Name → ERP
Email & Groups → AD
Job Title & Department → ERP
To define the IRE rules per data source , Go to Configuration->IRE Data Source rules (attaching a snapshot of the sample IRE rule)
Test with real cases
Run an initial full load to build your baseline. Then simulate tricky scenarios, users available in one source and not available in other, user getting inactive in one source and still active in the other source. Watch how IRE merges them instead of duplicating.High level solution design.
Reconciliation Definition snapshot
Error logging: Make sure API failures and parsing errors are getting logged
Auditing: Add sys_user to audited tables so you can see exactly when and how a field changed
