Hi @PattenM1 ,

1 – As per my understanding lets Clarifying the Goal
You want:
* A central register of service accounts (API, SGC, traditional service, test accounts)
* Attributes like environment, owning function, expiry date, last review date, etc.
* Relationships to Business Services / Application Services
* To model them in CMDB if possible
* These accounts may be not discoverable or not monitorable by APIs

2 – Should This Live in CMDB?

Yes, if:
* Accounts are considered Configuration Items because they’re critical to delivering services.
* You want to establish dependency mapping between services and accounts.
* You want to leverage CMDB relationships for impact analysis (e.g., if an account is compromised or expires).

No, if:
* You only need an inventory for compliance or audit with no service mapping requirement (then a custom standalone table could suffice).
Since you’ve mentioned alignment with Business Services and Application Services, CMDB is the right place — but with careful design.

3 – Recommended Design
Option A – New CI Class (Preferred)
* Extend from cmdb_ci → Create cmdb_ci_account (custom class)
* Create two sub-classes:
* cmdb_ci_service_account
* cmdb_ci_test_account
* This ensures:
* Inclusion in CMDB queries, reports, and CMDB Health
* Reuse of CI relationships (Depends on, Used by, Runs on)
* Service mapping capability

Example Hierarchy:
cmdb_ci
└── cmdb_ci_account
├── cmdb_ci_service_account
└── cmdb_ci_test_account

Option B – Custom App Table (If not treated as CIs)
* Create u_account_register as the master table
* Create u_service_account and u_test_account extending it
* Maintain relationships manually to Business/Application Services via cmdb_rel_ci or a custom relationship table
Trade-off: This approach avoids polluting the CMDB but loses native CI capabilities.

4 – Suggested Attributes
Common fields (in cmdb_ci_account or base table):
* Environment (Dev / Test / Prod)
* Related Primary Business Function
* Expiry / Renewal Date
* Owner Group
* Associated Business Service / Application Service

Service Account–specific:
* Credential Type (API Key, Username/Password, Certificate)
* Credential Location (Vault, Encrypted Store)
* Last Reviewed Date
* Rotation Frequency

Test Account–specific:
* Current Assigned To
* Equivalent Role
* Access Scope

5 – Relationship Modeling
* Service Account CI → Used by → Application Service
* Test Account CI → Used by → Application Service
* Both can also link to:
* Specific environments (via relationship to Environment CIs)
* Owner groups (via standard Owned by field)
* If you use Impact Analysis, these relationships allow:
* Expiring account alerts → list impacted services
* Breach or compromise → list at-risk services

6 – CMDB Governance Considerations
* Since many accounts will be manually entered, use:
* CMDB Data Certification to enforce periodic review
* CMDB Health Dashboard to track completeness and correctness
* Use Read ACLs to limit visibility — service accounts often hold sensitive info.

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 

Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025