Hi @Hrishabh Kumar ,
As per my understanding you want to know What are credentials in ServiceNow Discovery?
Credentials are secure records stored in ServiceNow, which Discovery (and other processes) use to log into target devices or applications during the discovery process.
They allow the MID Server to authenticate and collect data without hard-coding passwords or exposing sensitive information.
Common credential types:
* Windows credentials (username + password or certificate)
* SSH credentials (username + password or private key)
* SNMP community strings (for network devices)
* vCenter credentials (for VMware discovery)
* JDBC credentials (for databases)
* Cloud credentials (AWS, Azure, GCP access keys/service principals)
In which phase of discovery are credentials used?
Discovery runs in 4 key phases:
| Phase |
Purpose |
Credentials used? |
| 1. Scanning |
Ping / port scan to find active devices |
No credentials needed (just network reachability) |
| 2. Classification |
Identify device type (Windows, Linux, network device, etc.) |
Tries credentials to probe basic info (e.g., SSH banner, WMI query, SNMP sysDescr) but Mainly Credentails used on this Phase of Discovery |
| 3. Identification |
Match to existing CI or create new |
Needs credentials to fetch identifying attributes (serial number, host name, etc.) |
| 4. Exploration |
Collect detailed data: software, CPU, disks, services, etc. |
Credentials essential to run patterns, probes and sensors |
So:
* Credentials are used from Classification phase onwards (especially heavily in Identification & Exploration).
* No credentials are required just to do network discovery (scan IPs & ports).
How are credentials used in the discovery process?
When Discovery runs:
1. MID Server sees a target IP.
2. It consults the Credential Affinity and Discovery Credentials tables to find applicable credentials.
3. It tries each credential in order (credential affinity optimizes order based on past successes).
4. Once valid credentials are found → the MID Server:
* Connects via SSH / WMI / SNMP / API
* Collects data needed by patterns, probes & sensors.
Credentials are never sent to the ServiceNow instance; they are used locally by the MID Server to connect to target systems.
How are credentials secured?
* Stored encrypted in the Credential table (discovery_credentials).
* MID Server only retrieves and decrypts them at runtime.
* Supports Vault integration (e.g., CyberArk, HashiCorp Vault) to avoid storing credentials directly in ServiceNow.
Extra: why credentials are so central to Discovery success
* Correct credentials = accurate, complete discovery.
* Wrong / missing credentials → incomplete data, missing CIs, failed discovery.
* Best practice: always test credentials using the Credential Test feature.
* Credential Affinity remembers which credentials work best for specific devices → speeds up discovery next time.
Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025
