Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Where to store authentication method for applications?

Cheshire Cat
Tera Contributor

3 weeks ago - last edited 3 weeks ago

Where should the authentication method be stored in the CSDM? If someone asked you to store the authentication method for every system, where would you keep it? I could add a custom field to the business application or service instance table or I could extend a ci class called cmdb_ci_auth_service and make a depends on / used by relationship, or there might be something I could do on the product model side, but I would think there is already a solution in play somewhere and I'm missing it or thinking of the problem from the wrong angle. Please help!

0 Helpfuls
  • 398 Views
4 REPLIES 4

Its_Azar
Tera Guru
Tera Guru

3 weeks ago

Hi there @Cheshire Cat 

There isn’t a single “official” CSDM field for authentication method, so CSDM doesn't prescribe storing auth mechanisms at the Business App level — that type of detail typically lives closer to the technical service layer / CI layer, not the conceptual layer.

 Preferred: model authentication as a CI (e.g., extending cmdb_ci_auth_service) and relate it to the application via Depends on / Used by. This aligns with CSDM because you're treating auth as an infrastructure/security capability instead of an app attribute.

 

So yes — your idea to use the auth CI class + relationships is the more CSDM-aligned approach, especially if the goal is traceability and future SecOps tie-ins.

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,

Mohamed Azarudeen Z

Developer @ KPMG

mkeeney
Tera Contributor

3 weeks ago

If you follow CSDM, we approached this by setting up a Technical Service for Identity & Access Management. Technical Service is the parent of the Service Offerings which we set up as the discrete authentication methods, and then did the mapping to the Application Services or CIs which consume whichever of those Service Offerings.

Mathew Hillyard
Mega Sage

3 weeks ago

Hi @Cheshire Cat 

The authentication method is likely to refer to the access to an application (even a file share like SFTP uses an app for access), so could be related to the business application (as any instance should be using the same method). I wouldn’t store it at a lower level (e.g. Service Instance or Application CI) as it would make managing the data less efficient.

 

If however you are talking about authentication between applications then this belongs in Digital Integration Management, where the consumer, provider, interface, protocol and other attributes are stored.

 

I hope this helps!

Mat 

Bruno De Graeve
ServiceNow Employee
ServiceNow Employee

18 hours ago

One could use the Credentials table within the EA/Digital Integration Management solution:

https://www.servicenow.com/docs/bundle/zurich-application-portfolio-management/page/product/applicat...

Bruno De Graeve,
Principal Platform Architect, Customer Success, ServiceNow
0 Helpfuls