Credential Management in RPA Hub

  • Release version: Australia
  • Updated March 12, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Credential Management in RPA Hub

    Credential management in RPA Hub allows RPA release managers, administrators, and developers to streamline the management of credentials used by automation bots. By creating credential groups that consolidate robot, application, and external credentials, users can associate these groups with multiple bot processes, enhancing efficiency and security.

    Show full answer Show less

    Key Features

    • Credential Groups: Define and reuse credentials across multiple bot processes, minimizing errors and improving productivity.
    • External Credential Vault: Securely retrieve credentials from an external source, enhancing access management.
    • Role-Based Access Control: Different roles have specific permissions for creating, viewing, updating, and deleting robot and application credentials, TOTP authenticators, and credential groups, ensuring appropriate access levels.
    • TOTP Authentication: Facilitate seamless multi-factor authentication for unattended robots by setting up Time-based One-time Password seeds.

    Key Outcomes

    Implementing credential management allows ServiceNow customers to:

    • Enhance security by securely managing sensitive credentials and accessing them through an external vault.
    • Increase operational efficiency by reusing credential configurations across various bot processes.
    • Maintain control over who can access and manage credentials, thereby reducing the risk of unauthorized access.

    Streamline the credentials that robots use to perform the automation that you defined in the bot process. Instead of creating the same set of credentials for each bot process, you can create a credential group that includes a robot credential, application credentials, and external credentials. You can then associate the credential group to multiple bot processes.

    Credential management overview

    If you're an RPA release manager, RPA administrator, or RPA developer, you can create and associate credential groups to an unattended bot process. You can also set up an external credential vault to retrieve the robot credentials, application credentials, or a Time-based One-time Password (TOTP) seed from an external source. The seed is the secret key of the authenticator that is used to generate the TOTP. An external credential vault is a secure storage system often used to store and manage sensitive information such as user names, passwords, and other access credentials for various applications, services, or systems.

    Benefits of credential management

    With credential management, you can do the following tasks:
    • Define the credentials once and reuse them in multiple bot processes to improve the overall productivity of your resources.
    • Reduce the number of errors that occur when you're configuring the same credential groups for different bot processes.
    • Improve how credentials are accessed with centralized credential management.
    • Securely retrieve the credentials from an external storage system by configuring the external credential vault.

    Robot credentials

    By creating robot credentials, you can enable robots to log in to a Windows machine and perform the automation. For more information, see Create a robot credential in RPA Hub.

    In the following table, learn what users with different roles can do or can't do.

    Table 1. Access control list for robot credentials
    Role Can do Can't do
    RPA release manager and RPA administrator Create, view, update, or delete the robot credentials. -
    RPA developer
    • Create the robot credentials.
    • View the robot credentials that are created by them or the robot credentials that are mapped to the bot processes that they’re assigned to.
    • Update or delete the robot credentials that are created by them.
    		 Can't view, update, or delete the robot credentials of the bot process that they aren’t assigned to or robot credentials that aren’t created by them.
    RPA robot user View all robot credentials. Can't create, update, and delete the robot credentials.
    RPA support user View the robot credentials that are mapped to the bot processes that they’re assigned to. Can't create, update, or delete the robot credentials.

    Application credentials

    By creating application credentials, you can add the user name and password that the robot can use to log in to a specific application at the time of the automation execution. For more information, see Create an application credential in RPA Hub.

    In the following table, learn what users with different roles can do or can't do.

    Table 2. Access control list for application credentials
    Role Can do Can't do
    RPA release manager and RPA administrator Create, view, update, or delete the application credentials. -
    RPA developer
    • Create or view the application credentials.
    • Update or delete the application credentials that are created by them.
    		 Can't view the application credentials that aren’t created by them.
    RPA business user
    • Create the application credentials.
    • View the application credentials that are created by them or the application credentials that are mapped to the bot processes that they’re assigned to.
    • Update or delete the application credentials that are created by them.
    		 Can't add the external credentials.
    RPA robot user View or edit all the application credentials. Can't create or delete the application credentials.
    RPA support user View the application credentials that are mapped to the bot processes that they’re assigned to. Can't create, update, or delete the robot credentials.

    TOTP authentication

    By setting up Time-based One-time Password (TOTP) seeds, you can enable the unattended robots to authenticate seamlessly against multi-factor authentication (MFA)-enabled applications. MFA-enabled applications provide additional security for users and their accounts.

    You can't edit a TOTP authenticator record. If changes are required to an existing TOTP authenticator record, you must retire an existing record and then create a TOTP authenticator record. For more information, see TOTP authentication in RPA Hub and Create a TOTP authenticator in RPA Hub.

    In the following table, learn what users with different roles can do or can't do.

    Table 3. Access control list for TOTP authentication
    Roles Can do Can't do
    RPA release manager and RPA administrator Create, view, or delete the TOTP authenticators. Can't update the TOTP authenticators.
    RPA developer
    • Create the TOTP authenticators.
    • View the TOTP authenticators that are created by them or TOTP authenticators that are mapped to the bot processes that they’re assigned to.
    		 Can't update or delete the TOTP authenticators.
    RPA robot user View all TOTP authenticators. Can't create, update, or delete the TOTP authenticators.

    Credential groups

    By configuring the credential groups, you can map the application credentials and a robot credential to one or more bot processes. For more information, see Create a credential group in RPA Hub.

    In the following table, learn what users with different roles can do or can't do.

    Table 4. Access control list for credential groups
    Roles Can do Can't do
    RPA release manager and RPA administrator Create, view, update, or delete the credential groups. -
    RPA developer
    • Create the credential groups.
    • View the credential groups that are created by them or the credential groups that are mapped to the bot processes that they’re assigned to.
    • Update or delete the credential groups that are created by them.
    		 Can't view, update, or delete the credential groups of the bot process that they aren’t assigned to or the credential groups that aren’t created by them.
    RPA robot user View all the credential groups. Can't create, update, or delete the credential groups.
    RPA support user View the credential groups that are mapped to the bot processes that they’re assigned to. Can't create, update, or delete the credential groups.

    External credential vault

    By configuring an external credential vault, you can retrieve a robot credential, application credentials, or Time-based One-time Password (TOTP) seed from an external source instead of a ServiceNow credentials record. For more information, see External credential vault in RPA Hub and Create an external credential vault record in RPA Hub.

    In the following table, learn what users with different roles can do or can't do.

    Table 5. Access control list for the external credential vault
    Roles Can do Can't do
    RPA release manager and RPA administrator Create, view, or update the external credentials. Can't delete external credentials.
    RPA developers View the external credentials. Can't create, update, or delete the external credentials.
    RPA support user View the external credentials. Can't create, update, or delete the external credentials.
    RPA business user View the external credentials. Can't create, update, or delete the external credentials.