MID Server

SatishChitti
Tera Contributor

Hello Everyone,

Can anyone tell me when we can recommend the customer to implement "Credential-Less Discovery".
And also, is recommending credential less discovery a good practice.

Thanks

 

3 ACCEPTED SOLUTIONS

Dr Atul G- LNG
Tera Patron
Tera Patron

Hi @SatishChitti 

 

Might be helpful

 

https://www.servicenow.com/community/in-other-news/new-feature-credential-less-discovery/ba-p/228866...

 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

View solution in original post

Harish Bainsla
Tera Sage
Tera Sage

Hi @SatishChitti 

Credentials less Discovery refers to the ability to discover and populate the cmdb without requiring credentials. It will only populate few values. It will gather information with help of NMAP. I have already created a article on it check below link

https://www.servicenow.com/community/itom-articles/what-is-credential-less-discovery/ta-p/3125835

if my answer helps you mark helpful and accept solution

 

View solution in original post

AJ-TechTrek
Giga Sage
Giga Sage

Hi @SatishChitti ,

 

Lets Understand When can we recommend “Credential-Less Discovery”?


You can recommend Credential-Less Discovery (using methods like agent-based discovery, public cloud APIs, or connector-based approaches) when all of the following conditions apply:
* The environment is primarily cloud-based (AWS, Azure, GCP, etc.) and the customer already uses:
* Cloud accounts / service accounts with read-only permissions, or
* Cloud connectors / discovery connectors.
* The customer cannot provide or is unwilling to share credentials (e.g., Windows domain, SSH) for direct access.
* The customer has strong security policies that:
* Disallow credentials being stored in ServiceNow, even encrypted, or
* Prohibit MID servers from directly accessing target infrastructure over typical discovery ports.
* The customer accepts that discovery might be limited to higher-level data coming from cloud control planes or APIs.
* The business requirement does not include collecting detailed OS-level attributes, installed software, running processes, etc.

 

But is it good practice to recommend Credential-Less Discovery by default?
Generally, no — and here’s why:


* Traditional (credential-based) MID Server Discovery provides:
* Detailed data: running processes, software installs, patch levels, memory, disk, kernel versions, etc.
* Relationship and dependency data for Service Mapping and event correlation.
* Credential-Less Discovery only collects what is exposed by the cloud control plane or connector APIs:
* Often missing OS-level details and real-time metrics.
* Cannot get granular data for on-premises infrastructure.
* It might affect:
* CMDB completeness and correctness.
* Service Mapping accuracy.
* Software Asset Management (SAM) data, because many SAM use cases depend on discovery of installed software.

 

Recommended best practice:
* Use Credential-Less Discovery only when:
* You have strict compliance or security requirements, or
* You are discovering SaaS applications, serverless services, or purely managed cloud resources where OS access is impossible.
* Use Credential-Based Discovery (via MID servers) for:
* Virtual machines (cloud and on-prem)
* Physical servers
* Network devices
* Combine both for hybrid environments:
* Use cloud connectors or ACC for control plane data.
* Use credentials via MID servers for deeper OS-level discovery.

 


* 1. Recommend Credential-Less Discovery when the environment or policy requires it.
* 2. It’s not generally a best practice to default to it — because it limits the richness and accuracy of the CMDB.
* 3. Best practice is often a hybrid approach: credential-less + credential-based.

 

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 
Thank You
AJ - TechTrek with AJ
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
ServiceNow Community MVP 202

View solution in original post

4 REPLIES 4

Dr Atul G- LNG
Tera Patron
Tera Patron

Hi @SatishChitti 

 

Might be helpful

 

https://www.servicenow.com/community/in-other-news/new-feature-credential-less-discovery/ba-p/228866...

 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Harish Bainsla
Tera Sage
Tera Sage

Hi @SatishChitti 

Credentials less Discovery refers to the ability to discover and populate the cmdb without requiring credentials. It will only populate few values. It will gather information with help of NMAP. I have already created a article on it check below link

https://www.servicenow.com/community/itom-articles/what-is-credential-less-discovery/ta-p/3125835

if my answer helps you mark helpful and accept solution

 

AJ-TechTrek
Giga Sage
Giga Sage

Hi @SatishChitti ,

 

Lets Understand When can we recommend “Credential-Less Discovery”?


You can recommend Credential-Less Discovery (using methods like agent-based discovery, public cloud APIs, or connector-based approaches) when all of the following conditions apply:
* The environment is primarily cloud-based (AWS, Azure, GCP, etc.) and the customer already uses:
* Cloud accounts / service accounts with read-only permissions, or
* Cloud connectors / discovery connectors.
* The customer cannot provide or is unwilling to share credentials (e.g., Windows domain, SSH) for direct access.
* The customer has strong security policies that:
* Disallow credentials being stored in ServiceNow, even encrypted, or
* Prohibit MID servers from directly accessing target infrastructure over typical discovery ports.
* The customer accepts that discovery might be limited to higher-level data coming from cloud control planes or APIs.
* The business requirement does not include collecting detailed OS-level attributes, installed software, running processes, etc.

 

But is it good practice to recommend Credential-Less Discovery by default?
Generally, no — and here’s why:


* Traditional (credential-based) MID Server Discovery provides:
* Detailed data: running processes, software installs, patch levels, memory, disk, kernel versions, etc.
* Relationship and dependency data for Service Mapping and event correlation.
* Credential-Less Discovery only collects what is exposed by the cloud control plane or connector APIs:
* Often missing OS-level details and real-time metrics.
* Cannot get granular data for on-premises infrastructure.
* It might affect:
* CMDB completeness and correctness.
* Service Mapping accuracy.
* Software Asset Management (SAM) data, because many SAM use cases depend on discovery of installed software.

 

Recommended best practice:
* Use Credential-Less Discovery only when:
* You have strict compliance or security requirements, or
* You are discovering SaaS applications, serverless services, or purely managed cloud resources where OS access is impossible.
* Use Credential-Based Discovery (via MID servers) for:
* Virtual machines (cloud and on-prem)
* Physical servers
* Network devices
* Combine both for hybrid environments:
* Use cloud connectors or ACC for control plane data.
* Use credentials via MID servers for deeper OS-level discovery.

 


* 1. Recommend Credential-Less Discovery when the environment or policy requires it.
* 2. It’s not generally a best practice to default to it — because it limits the richness and accuracy of the CMDB.
* 3. Best practice is often a hybrid approach: credential-less + credential-based.

 

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 
Thank You
AJ - TechTrek with AJ
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
ServiceNow Community MVP 202

Thanks @AJ-TechTrek  for your valuable information.