Notifications on tool credential expiration

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Notifications on tool credential expiration

    This feature notifies ServiceNow users when tool credentials expire or are about to expire, specifically for tools integrated via DevOps Change Velocity. It helps users maintain uninterrupted data flow by prompting timely credential updates.

    Show full answer Show less

    Key Features

    • Proactive and Expiration Notifications: Users receive alerts both before and after tool credentials expire. Proactive alerts currently apply to GitHub tools using basic authentication.
    • Role-Based Notification Recipients: Notifications target users with sndevops.toolowner or sndevops.admin roles, ensuring those responsible for tool maintenance are informed.
    • Universal Task Creation: When credentials are near expiry or expired, a universal task is automatically assigned to tool owners within specified user groups and admins, visible via workspace tasks, bell notifications, and email.
    • Multiple Notification Channels: Users are notified through a combination of banner messages on tool records, universal tasks, emails, and field messages (for GitHub basic auth tools).
    • Customizable Notification Timing: The number of days before expiration to send proactive notifications can be configured (default is 3 days) via a system property. Setting this to 0 disables proactive notifications.
    • Automatic Credential Expiration Checks: The system checks credential status every hour, so notifications may take up to an hour to appear after expiration.
    • Credential Update Process: Notifications include links to update credentials. Only users with the appropriate roles can update credentials to restore tool connectivity and data flow.

    Practical Benefits

    • Prevents unexpected tool disconnections and data loss by ensuring tool credentials remain valid.
    • Streamlines credential management by automating alerts and task assignments to the right users.
    • Enhances visibility into tool credential status through multiple notification types directly in the ServiceNow interface.
    • Provides flexibility to customize notification timing and disable notifications as needed.

    Recommended Actions

    • Ensure that responsible users have the sndevops.toolowner or sndevops.admin roles to receive notifications and update credentials.
    • Configure notification timing properties to align with your operational requirements.
    • Monitor universal tasks and banner messages regularly to promptly update expiring credentials.
    • Use the provided links in notifications to update credentials and reconnect tools quickly.

    Notifications are sent to tool users on expiration of tool credentials to alert them. Notifications are also sent proactively before the expiration of tool credentials for GitHub tools created with basic authentication. This enables tool users with the sn_devops.tool_owner or sn_devops.admin roles to update the tool credentials and prevent any loss of data.

    A universal task is created and assigned to users with the sn_devops.tool_owner role who are part of any user group specified in the Maintained by field, and any user with the sn_devops.admin role. They will be notified of the universal task through notification (in the bell icon), email, and an open task in the workspace home page.

    Maintained by field in the tool record

    Notifications are also displayed in the tool record in the form of a banner message to any user with access to the tool when the tool credentials expire. But the credentials can be updated only by users with the sn_devops.tool_owner or sn_devops.admin role.

    The credentials expiration check happens in the system every one hour. If your tool credentials have expired, it might take a maximum of one hour for the system to send notifications.

    For GitHub tools created with basic auth, notifications are also sent proactively before the expiration of tool credentials. Apart from the universal task and banner notification, a field message is also displayed in the case of proactive expiration notifications. You can set the number of days before which expiration notifications must be sent in the Number of days before tool credential expiry to assign a universal task and notify (if applicable) property. By default, it is set to 3 days. To stop sending proactive notifications, select 0 as the value for this property. Properties to configure notifications on tool credential expiry

    If you want to stop sending notifications for expired credentials after expiry, disable the Assign a universal task and notify to update tool credentials when expired property. For more information, see DevOps Change Velocity properties.

    The following types of notifications are sent:

    Universal task
    A universal task is created and notifications are sent to users with the sn_devops.tool_owner role who are part of any user group specified in the Maintained by field, and any user with the sn_devops.admin role.

    Bell notifications on credentials expiration

    Email notification on credential expiration

    Open task on landing page on credential expiration

    Banner message
    A banner message is displayed on the tool record to all users with access to the tool record.

    Banner notification on credential expiration

    Field message
    A field message is displayed on the Credentials expiration field in the tool record for a GitHub tool created with basic auth.

    Proactive field notification before credential expiration

    When the credentials of your tool expire, the tool gets disconnected. You can select the Update credentials link in the notifications, and update your tool credentials. After the credentials are updated, connect to the tool again to start receiving data. For information on updating tool credentials, see Update third-party tool credentials in DevOps Change Velocity.