Notifications on tool credential expiration

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Notifications on Tool Credential Expiration

    This feature provides notifications to users regarding the expiration of tool credentials, specifically for GitHub tools using basic authentication. Notifications are sent both proactively before expiration and reactively upon expiration to ensure users can update credentials and maintain access to tools.

    Show full answer Show less

    Key Features

    • Proactive Notifications: Alerts are sent to users with the sndevops.toolowner or sndevops.admin roles before tool credentials expire. The default setting is 3 days prior to expiration, which can be adjusted.
    • Universal Task Creation: A universal task is assigned to relevant users when credentials are about to expire, ensuring they are notified through multiple channels, including email and workspace notifications.
    • Banner and Field Messages: A banner message appears on the tool record for all users when credentials expire, while a field message is displayed specifically for GitHub tools using basic auth.
    • Hourly Credential Checks: The system checks for credential expirations every hour, meaning notifications for expired credentials may take up to one hour to be sent.

    Key Outcomes

    By utilizing these notifications, ServiceNow customers can effectively manage tool credentials, reduce the risk of data loss due to expired credentials, and streamline the process of updating necessary access. Users can quickly respond to notifications to maintain continuous access to their tools and ensure operational integrity.

    Notifications are sent to tool users on expiration of tool credentials to alert them. Notifications are also sent proactively before the expiration of tool credentials for GitHub tools created with basic authentication. This enables tool users with the sn_devops.tool_owner or sn_devops.admin roles to update the tool credentials and prevent any loss of data.

    A universal task is created and assigned to users with the sn_devops.tool_owner role who are part of any user group specified in the Maintained by field, and any user with the sn_devops.admin role. They will be notified of the universal task through notification (in the bell icon), email, and an open task in the workspace home page.

    Maintained by field in the tool record

    Notifications are also displayed in the tool record in the form of a banner message to any user with access to the tool when the tool credentials expire. But the credentials can be updated only by users with the sn_devops.tool_owner or sn_devops.admin role.

    The credentials expiration check happens in the system every one hour. If your tool credentials have expired, it might take a maximum of one hour for the system to send notifications.

    For GitHub tools created with basic auth, notifications are also sent proactively before the expiration of tool credentials. Apart from the universal task and banner notification, a field message is also displayed in the case of proactive expiration notifications. You can set the number of days before which expiration notifications must be sent in the Number of days before tool credential expiry to assign a universal task and notify (if applicable) property. By default, it is set to 3 days. To stop sending proactive notifications, select 0 as the value for this property. Properties to configure notifications on tool credential expiry

    If you want to stop sending notifications for expired credentials after expiry, disable the Assign a universal task and notify to update tool credentials when expired property. For more information, see DevOps Change Velocity properties.

    The following types of notifications are sent:

    Universal task
    A universal task is created and notifications are sent to users with the sn_devops.tool_owner role who are part of any user group specified in the Maintained by field, and any user with the sn_devops.admin role.

    Bell notifications on credentials expiration

    Email notification on credential expiration

    Open task on landing page on credential expiration

    Banner message
    A banner message is displayed on the tool record to all users with access to the tool record.

    Banner notification on credential expiration

    Field message
    A field message is displayed on the Credentials expiration field in the tool record for a GitHub tool created with basic auth.

    Proactive field notification before credential expiration

    When the credentials of your tool expire, the tool gets disconnected. You can select the Update credentials link in the notifications, and update your tool credentials. After the credentials are updated, connect to the tool again to start receiving data. For information on updating tool credentials, see Update third-party tool credentials in DevOps Change Velocity.