Overview
Although the "Web service access only" checkbox in the user profile used to help us recognise which users were created for API calls, this was not powerful enough to differentiate if the user is an AI-agent, a regular human or a service account performing calls.
Differentiating users by their type
Since Xanadu, ServiceNow created a new field that is not displayed on the User record that many people still haven't noticed. This field is called "Identity Type" and it's actually mentioned on any User record if you display the "Web service access only" checkbox as seen below:
Bear in mind the "Identity type" is read-only from then list view OOB, so if you want to manually manipulate it, you will have to either change the OOB ACL or showing it on the form:
Out of the box, this field has its value set to "-", which states the user is undefined yet:
ββ
If your platform doesn't have the AI capabilities enabled you will only see these two values:
But "AI Agent" can be displayed otherwise so that you can also recognise those.
As an Out of the box feature, if you check "Machine", the "Web service access only" checkbox is automatically ticked, hence why is read-only since Xanadu on.
Using this differentiation
There are many benefits of marking them such as controlling their access, reporting, etc... and some of them are out of the box.
There is the "Machine identity Console" which helps you report on them. I will write a blog post talking about it sooner rather than later and will link it here. In the meantime, you can check out the official documentation on the link there.
Feedback
Please like π and share π this article to your colleagues to ensure they also have their instances configured properly
