Step‑by‑Step Guidance Needed: Configuring Cross‑Instance Application Trust

NarasimhaRC · 3 weeks ago

Hello ServiceNow Community,

I’m looking for step‑by‑step guidance and best practices to correctly configure Cross‑Instance Application Trust (CIAT) across multiple ServiceNow environments.

Current Environment Setup

10 Development instances
1 QA instance
1 Production instance

We need to securely enable cross‑instance features and integrations, such as:

AI Platform / future AI capabilities
Shared or reusable scoped applications
Controlled data exchange across instances
Future cross‑instance functionality

Any real‑world advice or lessons learned would be appreciated.
Thanks in advance!

Tanushree Maiti · 3 weeks ago

Cross-instance application trust configuration

Configure Managed Instances

Configure Manager Instances

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

Pavan Srivastav · 3 weeks ago

To configure cross-instance application trust in ServiceNow, follow these step-by-step instructions:

Understand Trust Concepts:
- A trust profile defines how a set of instances communicate for a specific application, detailing which instances are trustors (granting access) and trustees (receiving access).
- Capabilities are application features used for cross-instance communication, managed at the application and capability level 1️⃣2️⃣.
Prepare Multi-Instance Framework:
- Ensure ADCv2 mTLS is enabled on all instances by checking <instance>.service-now.com/adcv2/supports_tls. If not enabled, submit a Now Support ticket.
- Install the Multi-Instance Framework mTLS plugin (com.glide.mif.mtls) via Now Support ticket and wait 24 hours after installation 3️⃣.
Configure Manager and Managed Instances:
- On each non-production instance, navigate to All > Multi-Instance Management > Manager Instances and create a record pointing to the primary production instance.
- On the production instance, verify all non-production instances are listed under All > Multi-Instance Management > Managed Instances 3️⃣.
Create and Edit Trust Profiles:
- In the production instance, go to All > Multi-Instance Management > Application Trust profiles.
- Open or create the relevant trust profile for your application.
- For each non-production instance, add a trust profile item specifying:
  - Capability (e.g., Proactive Code Check Data Transfer)
  - Application
  - Application Capability Version
  - Trusting Instance (non-production)
  - Trusted Instance (production)
  - Set Active to true 3️⃣.
Sync Trust Profiles:
- In the production instance, select "Sync Trust Profiles" to propagate trust settings to all managed instances.
- Verify trust records under All > Multi-Instance Management > Trusting Instances 3️⃣.
Manage Data Sharing:
- By default, non-production instances allow data sharing with production only; production does not share by default but can be configured.
- Adjust sharing permissions as needed in All > Multi-Instance Management > Trust Configuration. Use the "Grant access" column to control which instances can access data for each application 4️⃣5️⃣.
Review and Maintain:
- The managing instance (usually production) centrally controls trust settings. If no trust profile manager is defined, manual configuration is required on each instance 1️⃣2️⃣.

For more details, refer to the ServiceNow documentation on cross-instance application trust configuration and multi-instance management

https://www.servicenow.com/docs/r/yokohama/platform-administration/grant-access-v2.html