How to secure client details in ServiceNow.

Go to solution
Vijay Baokar
Kilo Sage

‎03-24-2025 01:30 AM

Hi Folks,

 

What is the best way to keep client ID and Secret secure in ServiceNow instance?

 

0 Helpfuls
  • 723 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎03-24-2025 02:13 AM

@Vijay Baokar 

2 ways

1) have field level READ ACL on those 2 Fields on OAuth App registry and show only when role is security_admin

OR

2) enable column level encryption and give encryption context, only users with that encryption context can see it

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

4 REPLIES 4

Go to solution
Dr Atul G- LNG
Tera Patron
Tera Patron

‎03-24-2025 01:35 AM

Hi @Vijay Baokar 

Could you clarify which context you're referring to? Are you asking about a specific module, data, dashboard, or integration or another area? 

 

https://www.servicenow.com/community/itsm-forum/how-to-know-my-instance-client-secret-and-client-id/...

 

https://www.servicenow.com/docs/bundle/vancouver-platform-security/page/administer/reference-pages/c...

 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

Go to solution
Nilesh Pol
Tera Guru

‎03-24-2025 01:37 AM - edited ‎03-24-2025 01:38 AM

@Vijay Baokar 

ServiceNow provides an Encrypted Text data type that can be used to store sensitive information like Client IDs and Client Secrets securely.

 

  • Go to System Definition > Dictionary.

  • Create a new dictionary entry for a custom table where you will store the Client ID and Client Secret (e.g., u_credentials table).

  • Define fields as Encrypted text for it.

If you mensioning about credentials. Use OAuth 2.0 Application Registry for securely managing OAuth credentials.

 

 

Go to solution
Swapnil Shirsik
Giga Guru

‎03-24-2025 01:46 AM

I think the only users with security_admin role can fully access and manage the OAuth related things. So, one way could be to limit this role.

 

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎03-24-2025 02:13 AM

@Vijay Baokar 

2 ways

1) have field level READ ACL on those 2 Fields on OAuth App registry and show only when role is security_admin

OR

2) enable column level encryption and give encryption context, only users with that encryption context can see it

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader