Asynchronous External Agents over Google A2A - ServiceNow as Secondary Agent

warren_chan · ‎03-02-2026

This article walks through the setup for ServiceNow External Agents where the external agent (A2A client) invokes a ServiceNow AI agent (A2A server) over Google A2A protocol in an asynchronous communication channel.

Requirements

A2A client is communicating over Google A2A 0.3.0 specification.
ServiceNow instance is running Now Assist AI Agents 6.0.x+ (December 2025 release).
This example assumes the A2A server is running in asynchronous communication mode.

Confirm that ServiceNow External Agents is set to asynchronous

Go to AI Agent Studio > Settings > External AI agents > Discoverability
Set Communication mode to Asynchronous

Screenshot 2026-03-02 at 9.28.37 AM.png

Alternatively, go to the Messaging Channels [sys_cs_channel] table
- Look for AI Agent A2A Channel
- Set to Synchronous to false

From your external AI agent (A2A client), attempt to invoke your ServiceNow AI Agent

Review setup for Authentication for Google A2A
Review Sample Payloads for Google A2A
Use your ServiceNow AI Agent's Agent Card URL to begin discovery process and invocation:

Screenshot 2026-03-02 at 9.32.54 AM.png

Discover your ServiceNow AI agent
Authenticate with your ServiceNow AI agent (most likely necessary in some way)

Screenshot 2026-03-02 at 9.39.58 AM.png

Send a message through the message/send method. You will probably get an error stating that "Push notification is not supported":

Screenshot 2026-03-02 at 9.41.37 AM.png

In the request payload (outgoing from your A2A client), look for your push notification URL. It should be in the pushNotificationConfig block of the message/send request. Take note and copy it:

"jsonrpc": "2.0",
  "method": "message/send",
  "params": {
    "configuration": {
      "acceptedOutputModes": [
        "application/json"
      ],
      "historyLength": 0,
      "pushNotificationConfig": {
        "url": "https://<your-a2a-client-host>.us-central1.run.app/a2a/callback/incident-helper-agent-efcc9526",
        "token": "incident-helper-agent-efcc9526",
        "authentication": {
          "schemes": [
            "Bearer"
          ]
        }
      }
    },

Create External Agent Callback Registry

In ServiceNow, go to the External Agent Callback Registry [sn_aia_external_agent_callback_registry] table.
Select New button
Enter the push notification URL from the A2A client into URL field.
Save the record.
If you left the Connection and Credential Alias field blank, a new Connection Alias record should be created automatically. It should work as-is if your A2A client does not require authentication, but if it does require authentication, then edit your associated Connection record, and add a Credential record to provide authentication information.

Screenshot 2026-03-02 at 9.51.01 AM.png

Select the Verify URL button.
After the verify URL process, the State changes to Verified.

Screenshot 2026-03-02 at 9.53.06 AM.png

Note that you will need to repeat this process for every external AI agent with a separate callback endpoint and push notification URL.

Resume your conversation from your A2A client

Resend a new message with the message/send method.
The asynchronous message handling should now be in effect:

Screenshot 2026-03-02 at 9.55.53 AM.png

HarshaSeetha · ‎03-06-2026

Hi @warren_chan ,

Thanks for the information and for sharing the steps in the article. I’m trying to invoke/execute a ServiceNow AI Agent asynchronously via A2A from an external client, and for testing I’m using POSTMAN.

I have included the Instance Specifications below
Platform Version : Yokohama Patch 11
Application Version : Now Assist AI Agents, Version 6.0.23

I followed the same steps mentioned in the article to invoke the AI Agent asynchronously. In my instance, the Communication Mode is set to Asynchronous, the AI Agent A2A Messaging Channel is also set as asynchronous(I have Set Synchronous to false), and in AI Agent Studio the “Allow third party to access this agent” option is enabled. My Callback URL (Push Notification URL) is added and shows Verified in the External Agent Callback Registry. The A2A client currently doesn’t require authentication, so no credentials are configured in the connection record.

I have attached the image of the External Agent Callback Registry where the URL is verified.

Screenshot 2026-03-06 213717.png

In the agent card of the AI Agent, under capabilities the pushNotifications is enabled

Screenshot 2026-03-06 214823.png

However, when I try invoking the AI Agent from POSTMAN, I keep getting the response "Push Notification is not Supported" with status code 400 stating Bad Request. I’ve also attached the request and response payload screenshot below for reference.

Screenshot 2026-03-06 212956.png

Could you please help me understand what might be causing this or if anything else needs to be configured or if something is missing in the request payload?

Thank you for your support in advance and please keep me notified if any further details required.

warren_chan · ‎03-09-2026

@HarshaSeetha we may have a bug on our side, trying to work through it quickly. More to come. Thanks for trying the feature so soon 😂

warren_chan · ‎03-16-2026

Update: The issue on the validate URL not working should be addressed in Now Assist AI Agents 7.1.x, to be released next month.

Rahul Chand · ‎03-17-2026

Hi @warren_chan ,

I am currently setting up an Agent-to-Agent (A2A) integration between two ServiceNow instances. I am acting as the secondary agent and have run into a roadblock.

Steps Taken:

Successfully verified the External Agent Callback Registry URL in the secondary instance using the required authentication.
Attempted to trigger the send/message method from the host instance external agent.
As a troubleshooting step, I re-discovered the secondary agent after verifying the URL.

The Issue: Despite the successful verification and re-discovery, triggering the send/message method consistently returns the following error: "Push Notification is not supported"

Could you please point me in the right direction to resolve this?

warren_chan · ‎03-29-2026

Hi @Rahul Chand , the fix for this is coming on April 9 as part of Now Assist AI Agents 7.1.x release.

HarshaSeetha · ‎03-30-2026

Hi @warren_chan

Could you please help me with the below queries?

1. When an external system sends a JSON‑RPC request to connect with an AI Agent, is it possible to pass additional data in the request payload (apart from the prompt)?
For example, can we include email‑related details or other contextual data in the JSON‑RPC payload so that the AI Agent can access and use it within its tools during processing?

2. In ServiceNow, is there a way to trace or validate the complete response payload (full JSON body) that the AI Agent sends to an external system or agent webhook, apart from checking the Execution Plans (sn_aia_execution_plan) table?

warren_chan · ‎03-30-2026

@HarshaSeetha - You are free to add whatever you want to the JSON-RPC payload, so long as it is compliant with the Google Agent2Agent protocol specification. You likely need to pass additional context in the message, task or artifact blocks to make it workable. The Google A2A specification provides additional detail on how each of these components is to be used.

Use the External Agent Execution History [sn_aia_external_agent_exec_history] table to view inbound and outbound request payloads - it should be pretty straightforward when you are examining those records.

HarshaSeetha · ‎04-17-2026

Hi @warren_chan ,

We have a host application where users log in and are authenticated using Microsoft Entra ID B2C. A single App Registration is configured in Entra ID B2C, through which an ID token and refresh token are generated upon user login. Using the refresh token, we generate a new access token.

This access token is successfully used to call ServiceNow Scripted REST APIs, and user identity is maintained correctly. On the ServiceNow side, an OIDC Identity Provider is configured and working as expected for these Scripted REST API calls.

However, when we attempt to use the same access token (to maintain user identity) to invoke the ServiceNow AI Agent via the A2A protocol from an external system/agent, authentication fails with an error indicating that the user is not authenticated.

I would like to understand whether this scenario is supported and, if so, how invoking the ServiceNow AI Agent using the same Microsoft Entra ID B2C access token while preserving user identity can be achieved ?

warren_chan

@HarshaSeetha it sounds like you are pulling a token via OIDC, then taking the same token and moving it over to A2A API calls?

I believe it could work if you set up the System OAuth app registry to include the "a2aauthscope" auth scope.

HarshaSeetha

Hi @warren_chan ,

In my architecture, the App Registration is in Microsoft Azure, and all tokens (ID token, access token, refresh token) are issued by Microsoft Azure Entra ID B2C.

On the ServiceNow side, we have an OIDC Identity Provider configured against Entra ID B2C. As part of that configuration, the "Configure an OIDC provider to verify ID tokens" System OAuth app registry is created and associated with the OIDC Identity Provider.

Using the Entra ID B2C-issued access token, we are successfully able to call scripted REST APIs and preserve end-user identity correctly via the OIDC setup.

Following your suggestion, I also added the "a2aauthscope" auth scope to this same System OAuth app registry (the one tied to the OIDC IdP). However, when invoking the ServiceNow AI Agent via the A2A protocol using the same Entra ID B2C access token authentication still fails and says the user is not authenticated.

Does A2A support external access tokens (generated from Microsoft Azure Entra ID B2C), or does it require a ServiceNow‑issued OAuth token?