Need Guidance on Service Graph Connector for Microsoft Azure

String · 3 weeks ago

Hi Team,

I am new to Service Graph Connector (SGC) for Microsoft Azure and would like some guidance to understand it better.

Specifically, I am looking for:

Step-by-step process to set up and configure the Azure connector in ServiceNow (from Azure app registration, permissions, and client secret → to ServiceNow guided setup).
Target tables in CMDB where the Azure connector stores discovered data (e.g., VM instances, network interfaces, storage accounts, processes, software, TCP connections, etc.).
Best practices to start with (like running imports on a smaller subscription/resource group first, monitoring import sets, reconciliation, etc.).
Any recommended videos, documents, or training modules for better understanding.

My goal is to clearly understand:

How the connector brings in data from Azure.
Which CMDB classes are impacted.
How to validate the imported data in ServiceNow.

Any pointers, sample runbooks, or lessons learned from your experience would be very helpful.

Thank you!

Nikhil Bajaj9 · 3 weeks ago

Hi @String ,

Please check - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1515928

I guess it will help you.

If my answer helped you, please mark it- solution accepted.

Regards,

Nikhil Bajaj

Please appreciate my efforts, help and support extended to you by clicking on – “Accept as Solution”; button under my answer. It will motivate me to help others as well.
Regards,
Nikhil Bajaj

AJ-TechTrek · 3 weeks ago

Hi @String ,

As per my understanding, below will help you :-

1. Step-by-Step Setup of Azure SGC in ServiceNow

A. Azure side (App Registration & Permissions)
1. Register an App in Azure AD
* Go to Azure Portal → Azure Active Directory → App registrations → New registration.
* Give it a name (e.g., “ServiceNow_Azure_SGC”).
* Redirect URI is not needed for client credential flow.

2. Create a Client Secret
* Under the App → Certificates & Secrets → New client secret.
* Copy the value (you’ll need it in ServiceNow).

3. Assign Required API Permissions
* Go to API permissions → Add permission → Microsoft Graph + Azure Service Management APIs.
* Common ones:
* User.Read
* Directory.Read.All
* Application.Read.All
* For Azure Resource Manager: user_impersonation
* Grant admin consent.

4. Collect IDs
* Tenant ID
* Client ID
* Client Secret
* Subscription ID(s)

B. ServiceNow side (SGC Guided Setup)
1. Navigate to All → Service Graph Connectors → Microsoft Azure → Guided Setup.
2. Create a new Credential record (OAuth Client Credentials).
* Provide Tenant ID, Client ID, and Client Secret.
3. Create a new Azure Account record in SGC.
* Link Subscription ID(s).
* Associate with the Credential.
4. Run a Connection Test from the account form to verify.
5. Run Data Collection Jobs (can schedule or trigger manually).
6. Monitor Import Sets & Transform History (Import Set tables start with u_azure_…).

2. Target Tables in CMDB (Common Mappings)
Azure SGC brings data into Service Graph (CSDM-aligned CMDB classes). Some important mappings:
* VM Instances → cmdb_ci_vm_instance
* Virtual Machines (Computer level) → cmdb_ci_computer (after IRE reconciliation)
* Network Interfaces → cmdb_ci_network_adapter
* Disks / Storage → cmdb_ci_disk / cmdb_ci_storage_volume
* Resource Groups → cmdb_ci_cloud_resource_group
* Subscriptions → cmdb_ci_cloud_subscription
* Public IPs → cmdb_ci_ip_address
* Load Balancers → cmdb_ci_lb
* SQL / Databases → cmdb_ci_database
* App Services / Functions → cmdb_ci_appl or cloud-specific subclasses
* Relationships → cmdb_rel_ci (ownership, runs on, connected to, etc.)

Note: By default, OS version for VMs may not always come from cloud metadata → you need hybrid discovery (Cloud + normal Discovery) to enrich.

3. Best Practices
1. Start small
* Begin with one subscription or a single resource group to validate.
* Gradually expand once you’re confident.

2. Monitor Import Sets & Reconciliation
* Import tables: u_azure_* (staging).
* Use Transform Maps & IRE to see how data lands in CMDB.
* Check CMDB Health → Duplicate / Completeness.

3. Use IRE rules properly
* Azure connector relies on Identification & Reconciliation Engine (IRE) to merge cloud data with on-prem discovery.
* Make sure identification rules for cmdb_ci_computer and cmdb_ci_vm_instance are active and correct.

4. Tag Management
* If your org uses Azure Tags, map them to cmdb_key_value for better filtering.

5. Governance
* Set Schedules for sync (daily or hourly).
* Monitor via SGC Dashboard (shows imports, failures, health).

Documentation :- https://www.servicenow.com/docs/bundle/zurich-servicenow-platform/page/product/configuration-managem...

https://developer.hashicorp.com/terraform/cloud-docs/integrations/service-now/service-graph/resource...

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.

Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025

Harish Bainsla · 3 weeks ago

Hi @String check below link

https://www.servicenow.com/docs/bundle/zurich-servicenow-platform/page/product/configuration-managem...

https://youtu.be/1gc4iNsbFmE?si=O93ScR7iQ2BCF0F0

Pratiksha · 3 weeks ago

Hi

Azure cloud discovery setup is relatively simple. Few links which will help you : https://www.servicenow.com/docs/bundle/xanadu-it-operations-management/page/product/discovery/task/c...

You dont need mid server if you dont want to horizantal discovery.

Please note cloud discovery will give you VM instance and Horizontal discovery will give you OS level data.

These information will be collected if you do cloud discovery : https://www.servicenow.com/docs/bundle/zurich-it-operations-management/page/product/discovery/refere...

Regards,

Pratiksha