AI Service Graph Connector for Snowflake
The AI Service Graph Connector for Snowflake enables you to discover and import AI assets from your Snowflake environment into ServiceNow AI Control Tower.
The connector integrates with your Snowflake account to catalog AI systems, agents, models, and prompts. Usage data is automatically collected and populated into the AI Control Tower value dashboard, providing comprehensive visibility and governance of your AI operations.
- Automated discovery of Cortex agents and models
- Fine-tuning job monitoring and metadata capture
- AI asset lineage and dependency tracking
- Usage analytics and session monitoring
- Integration with ServiceNow CMDB for comprehensive asset management
- Support for multi-account Snowflake deployments
Download apps from the Store
Visit the ServiceNow store website to download the AI Service Graph Connector for Snowflake application.
Supported ServiceNow versions
| Release | Status |
|---|---|
| Australia | Supported |
| Zurich | Supported |
User Roles
You must have one of the following roles assigned.
| Required Roles |
|---|
| sn_ai_disc.discovery_admin |
| sn_cmdb_int_util.sgc_admin |
ServiceNow Prerequisites
Complete the following setup steps once when configuring the connector for the first time.
The connector requires write permissions to the Data Source table to create data sources.
- Select Global from the application picker.
- Navigate to Application Access.
- Select the Can create, Can update, and Can delete checkboxes.
- Select Update.
- Switch to the connector application scope.
Clear the cached data for the Data Source and Tables.
- Navigate to System Definition > Background Scripts
- Paste the following script into the Run Script text box:
GlideTableManager.invalidateTable('sys_data_source'); GlideCacheManager.flushTable('sys_data_source'); GlideTableManager.invalidateTable('sys_db_object'); GlideCacheManager.flushTable('sys_db_object'); - Select Run Script.Note:The script may take several minutes to complete.
- After completion, switch to the connector application scope.
Snowflake Prerequisites
Complete the following configuration steps in your Snowflake environment before creating a connection.
Use the following format for your connection URL: https://<account_locator>.snowflakecomputing.com and don't use this format: https://<account_identifier>.snowflakecomputing.com.
If your account identifier contains uppercase letters or special characters, use your account locator (for example, xy12345) instead. Your account locator is always LDF-safe.
Service Account and Role Configuration
Create a dedicated service account in Snowflake with least-privilege access. The connector requires specific permissions to query Cortex agents, models, and observability data.
Create a new role for the connector and grant the following privileges:
Core Discovery Access:
- GRANT USAGE ON DATABASE <database_name>
- GRANT USAGE ON SCHEMA <schema_name>
- GRANT MANAGE ACCOUNTS
- GRANT DATABASE ROLE SNOWFLAKE.CORTEX_USER
Create a service account user and assign the connector role:
- CREATE USER <service_account_name> TYPE=SERVICE
- GRANT ROLE <connector_role> TO USER <service_account_name>
- ALTER USER <service_account_name> SET DEFAULT_WAREHOUSE = <warehouse_name>
The connector uses JWT key-pair authentication to securely connect to Snowflake.
For detailed steps on generating RSA key pairs and configuring key-pair authentication in Snowflake, see the Configuring Keystore for Snowflake Keypair authentication [KB2834688] article in the Now Support Knowledge Base.
Data Mapping
The connector maps Snowflake AI assets to ServiceNow CMDB tables and custom tables for comprehensive asset management.
.
| Data Source | Staging Table | Target CMDB Tables |
| Snowflake Agents | sn_ai_disc_sgc_sno_sgc_snowflake_agents |
cmdb_ci_function_ai, alm_ai_system_digital_asset, alm_ai_model_digital_asset, sn_ai_disc_ai_usage |
| Snowflake Usage | sn_ai_disc_sgc_sno_sgc_snowflake_usage | sn_ai_disc_ai_usage |
Snowflake Service Account Role with Least Privileges
Create a role and set the privileges.
- Core discovery access
- Grant usage on database
- Grant usage on schema
- Cortex access
- Grant manage accounts
- Grant database role (SNOWFLAKE.CORTEX_USER)
- Applies to the user
- Grant role to the user
- Set a default warehouse for the user
- Alter user is to SET DEFAULT_WAREHOUSE
Data Mapping
The following table lists the data sources, the staging tables, and the target tables CMDB CI classes and non-CMDB classes where data is stored for Snowflake connector.
| Data Source | Import Set Table | Target Table(s) |
| SG-Snowflake Agents | sn_ai_disc_sgc_sno_sgc_snowflake_agents |
cmdb_ci_function_ai cmdb_ci_ai_model_deployment cmdb_ai_model_product_model cmdb_ai_dataset_product_model cmdb_ai_prompt_product_model cmdb_ai_system_component_product_model alm_ai_model_digital_asset alm_ai_dataset_digital_asset alm_ai_system_digital_asset cmdb_ci_ai_model_deployment cmdb_rel_ci sn_ai_disc_ai_lineage sn_ai_disc_ai_tool sn_ai_disc_ai_prompt sn_ai_disc_ai_usage sn_ent_ai_system_subcomponent_m2m |
| SG-Snowflake Usage | sn_ai_disc_sgc_sno_sgc_snowflake_usage | sn_ai_disc_ai_usage |