ServiceNow with Entra Provisioning
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2025 06:45 AM
New to ServiceNow.
We have three instances (DEV/UAT/PROD) and have configured provisioning for all.
Am i right to assume that users & groups in different instances should and will have different sysIDs.
We have had problems with our Prod instance and trying to understand why, and when we look at groups & users, they have the same sysid in both UAT & Prod. I believe someone may have added the groups to an update set in UAT and moved it to Production, but not 100% sure.
Any advice for a ServiceNow Newbie.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2025 06:48 AM
Hi @dmanning
to have teh same sys ID in UAT and PROD is usually the desired outcome.
If the user change department, location, or even name, the sys ID will remain the same.
Why would that be a problem?
On the contrary, as a developer you develop something in DEV, the record is created by / udpated <your sys ID>, then it is moved to test and later to PROD, so it will be created by <sys id> pointing to your name.
That is just fine, unless you want it to be differently
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2025 06:49 AM
one more comment - there are regular clones from PROD to lower instances (everything from PROD is copied to TEST and DEV, one at time) and if you would have different sys IDs it would create duplicates.
Of coure during the clone you can exclude some of the data (e.g. users) or you can run some anonymisation procedures, but still.
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2025 06:55 AM
Thanks KamilT,
While i understand it would be the desired outcome, as if you have users referenced in workflows it will carry through... But the unique identifier we are using is the azure_object_id (created) and therefore when the Entra service creates the user in each Service Now instance, they will have seperate sysids.
Im just trying to wrap my head around why our development instance and UAT instance are syncing fine, but not our production instance.
Thanks for the prompt reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2025 07:01 AM
Yes, you can never have the same ID in two different systems...
for that you can use another field, that will be "Entra ID" for example or to use existing User Name in ServiceNow...
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */
