ServiceNow and CyberArk: New REST API Integration for Enhanced Credential Management

Ram Devanathan1
ServiceNow Employee
‎01-21-2026 09:46 AM

Empowering Enterprises with Flexible, Secure Credential Resolution

Authors: Ram Devanathan (Director, ITOM - ServiceNow), Paul Cleary (Sr. Tech Alliances Product Manager - CyberArk), with inputs from Ashish Kumar (Sr. Software Engineer - ServiceNow)

RamDevanathan1_0-1769014859774.png

 

ServiceNow’s External Credential Storage and Management Application is designed to help organizations securely retrieve and manage credentials from external vaults during IT operations, such as discovery and orchestration, without storing sensitive data in ServiceNow. This ensures compliance, reduces risk, and strengthens privileged access security across hybrid environments.

 

Building on this foundation, ServiceNow is excited to announce a significant enhancement to our External Credential Storage and Management plugin, developed in close collaboration with CyberArk. Responding directly to customer feedback—with over 60 upvotes requesting this capability—we're introducing REST-based CCP (Central Credential Provider) integration for CyberArk alongside our existing AIM SDK method.

 

What This Means for You

Organizations can now choose their preferred integration approach for CyberArk credential resolution:

  • REST API Integration (New): Leverage CyberArk's REST APIs for streamlined, dependency-light credential retrieval
  • AIM SDK Integration (Existing): Continue using the proven SDK-based approach

Both methods support the full spectrum of credential resolution types and query complexities, giving you the flexibility to align with your security architecture and operational requirements.

 

The Power of Partnership

This integration exemplifies world-class collaboration. CyberArk's technical team provided exceptional support throughout development—from ready-to-use environments to expert guidance—ensuring a robust, production-ready solution that meets the exacting standards of enterprise security.

 

Customer-Driven Innovation

Your voice drives our roadmap. This enhancement directly addresses feedback from our community, demonstrating our commitment to delivering solutions that matter most to your organization's security posture and operational efficiency.

 

Key Benefits

✓ Choice & Flexibility: Select the integration method that best fits your environment
✓ Reduced Complexity: REST option minimizes external dependencies
✓ Enterprise-Grade Security: Maintain credentials in CyberArk Vault while ServiceNow MID Servers securely retrieve them for discovery operations
✓ Seamless Integration: Out-of-the-box connectivity between ServiceNow ITOM and CyberArk Privileged Access Security

 

Ready to enhance your credential management strategy? Explore the External Credential Storage and Management plugin in the ServiceNow Store today.

 

ServiceNow and CyberArk: Together, securing the enterprise with intelligent automation and privileged access management.

 

Key Links:

ServiceNow Store App - External Credential Storage and Management Application

Please find below KB to enable CCP integration in Zurich

 

 

 

 

  • 4,099 Views
6 Comments
sadafgkhan
Tera Contributor
‎01-22-2026 07:30 AM
‎01-22-2026 07:30 AM

Hi @Ram Devanathan1 , 

We have an automation use case like whenever password gets updated in CyberArk, it should be updated in ServiceNow too.

 

Is this REST API going to work in this scenario? can i get more details on these APIs

0 Helpfuls
Steve H3
Tera Contributor
‎02-02-2026 11:54 AM
‎02-02-2026 11:54 AM

@sadafgkhan , we have a similar use case in our company, and we are working on leveraging the ServiceNow API Plug-in for the Central Policy Manager plugin available on the CyberArk store to accomplish.  I was unsuccessful in finding any way for ServiceNow to do this natively, but hoping it's OOTB on the CyberArk side.

0 Helpfuls
Michael Walsh
Tera Contributor
4 weeks ago
4 weeks ago

Will this work with SaaS integrations using a Direct Integration Profile?

0 Helpfuls
georgeromo
Tera Explorer
4 weeks ago
4 weeks ago

How do we setup to the mid server xml config file to use option B, allowed machine policy as the current CCP ServiceNow documentation shows that a certificate path and password is required?

0 Helpfuls
JerryB-76
Tera Contributor
Tuesday
Tuesday

Could you please provide relavant links to ServiceNow Docs related to:
REST API Integration (New)

Currently we are on the Zurich release, did note this link that you provided:

Please find below KB to enable CCP integration in Zurich
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2682524

But I would like to know what links should I use to do the REST API integration.
0 Helpfuls
JerryB-76
Tera Contributor
Tuesday
Tuesday

A follow up question:
In my case I want to use mTLS (client certificates) on a dedicated MidServer to integrate with CyberArk CCP server, is that currently not supported in Zurich?

Noted this information when reading about "Create a protocol profile":
https://www.servicenow.com/docs/r/zurich/api-reference/web-services/t_CreateAProtocolProfile.html

Note:

Mutual authentication is not available when making outbound web service calls through a MID Server.

The only way we have found to do integration on our dedicated Windows MidServer to CyberArk CCP is by using a PowerShell step since the certificate is also stored in Windows Local certificate store.
0 Helpfuls