User management
Summarize
Summary of User management
This guide explains how to configure and manage internal and external users within the Customer Service Management (CSM) environment on the ServiceNow platform. It covers user and group setup, role assignments, access control, team collaboration, and customer access management. Proper user management enables efficient case routing, team collaboration, and secure portal access.
Show less
Users, Groups, and Roles
Users are individuals accessing the CRM, while groups are collections of users sharing common purposes. Roles assigned to groups are inherited by members, simplifying access and routing management. Users and groups can be created or imported via platform user administration.
CSM provides two main role categories:
- Internal roles: Assigned to employees managing cases and service operations via the CSM Configurable Workspace. Examples include Service Agent (B2B), Consumer Agent (B2C), and Service Manager.
- External roles: Assigned to customers, partners, and consumers accessing CSM through self-service portals, controlling their visibility and permissions. Examples include Customer, Customer Administrator, Partner, and Consumer roles.
Contributor and Viewer Roles
Contributor users, either internal or external, assist in case resolution without full agent access and are mapped to specific requester scenarios such as Account Contributor or Consumer Contributor. Viewer roles provide read-only access to case and customer data without modification rights.
Account Teams and Customer Access Management
Account teams consist of employees and customer contacts assigned specific responsibilities to support accounts. Responsibility definitions determine team roles for internal employees and external contacts. Account managers can perform actions such as creating or updating cases on behalf of an account.
Customer access management allows multiple related parties to participate in or track cases and products with defined access levels. This supports complex scenarios (e.g., co-borrowers on loans) and improves customer collaboration, operational efficiency, and automation by controlling access based on relationships and sold products.
Unified User Profiles
The unified user feature enables a single individual to hold multiple profiles (internal and external) under one login, allowing seamless switching and eliminating the need for multiple accounts. This supports scenarios where a user may be both an employee and a consumer or have multiple external profiles across industries or ServiceNow applications.
Practical Benefits for ServiceNow Customers
- Efficient management of user access and permissions through roles and groups simplifies administration.
- Contributor roles enable flexible collaboration across teams and service functions without granting full agent access.
- Account teams and customer access management enhance service delivery by involving relevant internal and external users with appropriate permissions.
- Unified profiles reduce account duplication and streamline user experience, particularly for individuals with multiple roles or profiles.
Configure internal and external users, assign roles and group memberships, and control access to CRM features and case data. Establish the user structures that support case routing, team collaboration, and portal access across the CRM portfolio.
Users and groups
A user is any individual who can access the CRM environment. A group is a set of users who share a common purpose. Roles and assignment rules applied to a group are automatically inherited by all members, so access and routing can be managed at the team level rather than individually. Group information is used across CRM processes for assigning work to teams and requesting approvals.
Users and groups can be imported or created directly using the platform user administration feature. After users are configured, roles are assigned to control what each user can see and do.
Roles and access control
Roles control access to features, capabilities, and data in the CRM portfolio. The Customer Service Management application provides two categories of roles: internal roles for agents and managers, and external roles for customers, partners, and consumers. Roles can be assigned to individual users or to groups. When assigned to a group, all members inherit those roles.
| Role | Role name | What it covers |
|---|---|---|
| Service agent (B2B) | sn_customerservice_agent | Handles cases on behalf of business customers. Has access to case management, customer records, and agent tools in the configurable workspace. |
| Consumer agent (B2C) | sn_customerservice.consumer_agent | Handles cases for individual consumers in a B2C service model. Works with consumer profiles, households, and the consumer service portal. |
| Service manager | sn_customerservice_manager | Oversees service operations across B2B and B2C models. Manages queues, account teams, contact relationships, and has broader visibility across cases, teams, and performance data. |
| Role | Role name | What it covers |
|---|---|---|
| Customer (B2B) | sn_customerservice.customer | Submits and views cases through the customer portal. Can view assets and service contracts associated with their account. |
| Customer administrator (B2B) | sn_customerservice.customer_admin | Manages cases and contacts across their account or account hierarchy. Has broader visibility than a standard customer role. |
| Customer case manager (B2B) | sn_customerservice.customer_case_manager | Manages cases for their account with case management capabilities beyond the standard customer role. |
| Partner (B2B) | sn_customerservice.partner | Creates and manages cases on behalf of the customer accounts they support. Can view assets and service information for partner-managed accounts. |
| Partner administrator (B2B) | sn_customerservice.partner_admin | Manages contacts, cases, and account information across the partner’s customer accounts with administrative access. |
| Consumer (B2C) | sn_customerservice.consumer | Accesses services through the consumer portal. Submits and tracks cases, views products, and manages personal information. |
Contributor users
Contributor users are internal or external employees who participate in resolving customer issues without full agent access. These are typically back-office specialists, middle-office team members, or employees from shared service organizations brought in for specific case tasks. The contributor user model supports unified customer support where shared service teams can serve both internal and external customers.
The contributor users feature enables three capabilities: service organizations can serve one another and external customers, employees can request support for themselves and for external customers, and middle-office agents can work on specific tasks required to resolve cases.
| Contributor type | Role name | What they can do |
|---|---|---|
| Account contributor | sn_customerservice.account_contributor | Creates cases on behalf of any customer. Works with accounts and contacts. Uses the Customer Service Portal to assist customers. |
| Consumer contributor | sn_customerservice.consumer_contributor | Creates cases on behalf of any consumer. Works with consumers and households. Uses the Consumer Service Portal to assist consumers. |
| Relationship contributor | sn_customerservice.relationship_contributor | Creates cases on behalf of customers with whom they have an established relationship. Can view and follow up on all cases for related customers. Can update customer data such as contacts and addresses. |
| Self contributor | sn_customerservice.self_contributor | Creates cases on behalf of themselves as an internal employee. Uses the portal to request support for their own issues. |
| Service organization contributor | sn_customerservice.service_organization_contributor | Creates cases on behalf of customers associated with their service organization. Operates within the Service Model Foundation hierarchy. |
| Viewer role | What it provides |
|---|---|
| Case viewer | Enables employees to view case records without the ability to create or modify them. |
| Case task viewer | Enables employees to view case task records without the ability to create or modify them. |
| Customer data viewer | Enables employees to view core customer data (accounts, contacts, consumers) without the ability to modify records. |
Account teams
Account teams bring together employees and customer contacts who fulfill specific roles in supporting a particular account. Teams are built using responsibility definitions, named roles that the administrator creates and assigns to team members. There are two types of responsibility definitions: one for employees (internal users) and one for contacts (external users).
After responsibility definitions are created, the customer service manager can build an account team by selecting an account, choosing a role, and assigning it to an employee. The manager can also add a contact relationship to an account by selecting a role and assigning it to a contact. Account team members with an account manager responsibility can view information and perform actions on behalf of the account, such as creating or updating cases from the customer portal.
Customer access management
Customer access management enables multiple contacts and consumers to participate in a case or track a sold product, each with a defined level of access. This capability supports complex use cases across industry verticals, such as a loan application where a co-borrower, guarantor, and attorney all need access to the same case, or a product tracked by both a finance team (for renewals) and an operations team (for maintenance).
When adding related parties to a case, agents select a relationship type that determines the access level for each party. Customer access management improves the customer experience by enabling related parties to track and collaborate on cases, improves operational efficiency by enabling customers to track cases for products and services, and increases automation by automatically granting access to cases based on access to the sold product.
| Configuration task | What it does |
|---|---|
| Responsibility definition | Defines a role or responsibility that controls what a related party can see and do on a case or sold product. |
| Responsibility access configuration | Configures the access level for each responsibility definition using the declarative responsibility framework. |
| Related party configuration | Links related party entity responsibilities to responsibility definitions. Determines which relationship types are available when adding related parties to a case. |
Unified user profiles
The unified user feature allows a single individual who holds both an internal and external identity to maintain multiple profiles with one login and switch between them seamlessly. This eliminates the need to create and manage multiple user accounts for the same individual.
Before unified profiles, the platform prevented a user from holding both the snc_internal and snc_external roles simultaneously due to role collision. The unified consumer role resolves this by operating independently of both roles, enabling scenarios where an employee is also a consumer.
- An employee who is also a consumer (B2C). For example, a bank employee who also holds a personal account at the same bank.
- A user with multiple external profiles. For example, a consumer who has a patient profile in healthcare and a constituent profile in public sector services.
- A user with profiles across CSM and other ServiceNow applications. For example, a user with a CSM account for vendor support and a VRM account for vendor risk management.
Individual consumers can have multiple profiles for different needs. Consumer profiles allow organizations to identify and differentiate profile-specific data for the same user. For example, a patient profile and a constituent profile for the same individual. Each profile maintains its own data while sharing the underlying user record.