Enable AI agents to securely access parameters in AI Desktop Actions

  • Release version: Australia
  • Updated May 25, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Enable AI agents to securely access parameters in AI Desktop Actions

    This feature allows AI agents in ServiceNow to securely access sensitive stored values, such as credentials and input data, through Desktop Action Parameter records. These parameters protect sensitive information and provide dynamic inputs during AI agent execution, enhancing security and flexibility when interacting with systems.

    Show full answer Show less

    Parameter Records and Their Configuration

    Only users with the snaia.admin role can create Parameter records. Each Parameter record represents a distinct stored value that an AI agent can use. Key settings control how these values are stored and accessed at runtime:

    • Shared: When selected, the parameter is available to all users with a single Parameter Value record created by an admin. The AI agent uses this shared value regardless of who triggers the agent. This is ideal for shared credentials like service accounts or API keys.
    • Not Shared: When not selected, multiple users with the snaia.admin or nowassistpaneluser roles can create individual Parameter Value records. During execution, the AI agent retrieves the value specific to the user who triggered the action. This suits scenarios where users have personal credentials.
    • Mark As Sensitive: Encrypts the stored values, ensuring passwords, API keys, or other sensitive data are protected and only decrypted by the agent at execution time. Values are otherwise passed in plain text.

    Important: The Shared and Mark As Sensitive settings can only be changed if no Parameter Value records exist for that Parameter.

    Mapping Parameters to Desktop Action Inputs

    Within AI Desktop Actions’ Design workspace, you can configure inputs to retrieve values from Parameter records by selecting the Use parameter option. In AI Agent Studio, when adding a desktop action tool with such parameter-configured inputs, you must map each input to a corresponding Parameter record before saving the desktop action.

    • Multiple inputs can map to the same Parameter record, but each input maps to only one Parameter record.
    • Mapped parameter values override any input values specified in agent instructions or the Now Assist panel.
    • If a desktop action is updated after mapping inputs, the previous mappings remain until the configuration is reopened and saved again.
    • Renaming an input breaks existing mappings for that input, requiring remapping before saving.

    Example: SSH Parameters

    For SSH connector background task desktop actions, admins create separate Parameter records for usernames and passwords (e.g., unusernamegroup and unpasswordgroup). Users with appropriate roles create Parameter Value records for their credentials. During AI agent execution, instructions refer to these Parameter record names to retrieve the needed values securely.

    Note: When instructing an AI agent, clearly specify if credentials are provided directly or retrieved from Parameter records, using exact, case-sensitive Parameter record names.

    Practical Benefits for ServiceNow Customers

    • Securely manage and store sensitive inputs like passwords and API keys for AI agents.
    • Support both shared and user-specific credentials to flexibly handle different use cases.
    • Ensure encrypted transmission of sensitive values during AI agent execution.
    • Maintain clear and controlled parameter management via role-based access.
    • Enable dynamic, parameter-driven desktop actions that simplify agent configuration and execution.

    Enable AI agents to securely access stored values, such as credentials and other input data, through Desktop Action Parameter records. Parameters protect sensitive values and provide dynamic inputs to desktop actions during agent execution.

    Only users with the sn_aia.admin role can create Parameter records. Parameter records store the names of values that an AI agent accesses during desktop action execution. A separate Parameter record is required for each distinct value.

    Parameter record settings

    Each Parameter record includes two fields that control how parameter values are stored and retrieved at execution time.

    Setting Description
    Shared - selected Makes the parameter available to all users. When selected, only one Parameter Value record can be created under the parameter, and only a user with the sn_aia.admin role can create it. During execution, the agent always uses the single Parameter Value record regardless of which user triggered the agent.

    For example, use this setting for a service account or shared API key that all agents use to connect to the same system.
    Shared - not selected

    Enables multiple users with the sn_aia.admin or now_assist_panel_user role to create Parameter Value records under the Parameter record to store values. Only one Parameter Value record can be created per user for each Parameter record. If multiple users must trigger the same AI agent, each user must create a Parameter Value record for their own credentials or inputs.

    During execution, the agent retrieves the Parameter Value record that belongs to the user who triggered the agent.

    For example, use this setting when each user connects with their own credentials, such as individual usernames and passwords for an internal application.
    Mark As Sensitive Encrypts values of all associated Parameter Value records. The agent decrypts the value at execution time. When not selected, values are passed to the agent as plain text.

    For example, enable this setting for passwords, API keys, or any value that should not be visible in plain text in the instance.
    Important:

    The Shared and Mark As Sensitive fields can only be edited when there are no associated Parameter Value records.

    Map parameters to inputs of on-screen task desktop action

    In the Design workspace of the AI Desktop Actions application, you can select the Use parameter check box for desktop action inputs that must retrieve values from the parameter records during execution.Use parameter property in the AI Desktop Actions application.

    In AI Agent Studio, when you add a desktop action tool that contains inputs configured for parameters, the Map parameters section appears in the modal. Each input configured for a parameter is listed by step name and description, with a Parameter record drop-down. Map parameters section in the desktop action tool modal.

    The following rules apply to parameter mapping:

    • All inputs configured for parameters must be mapped to a Parameter record before the desktop action can be saved.
    • The same Parameter record can be mapped to multiple inputs.
    • Each input can only be mapped to one Parameter record.
    Note:
    If you specify values for inputs configured for parameters in the agent instructions or in the Now Assist panel, the mapped parameter values override them.
    Important:

    If you update a desktop action in AI Desktop Actions client application after mapping its inputs in AI Agent Studio, the agent continues to use the previous mapping until you reopen the tool configuration and save it again.

    If you rename an input in the desktop action, the agent treats it as a new input and the existing mapping for that input is removed. You must remap the renamed input before the desktop action can be saved.

    SSH parameter example

    Note:

    The following example applies to SSH connector, background task desktop actions. For on-screen task desktop actions, parameter values are supplied through the Map parameters section in AI Agent Studio and aren't referenced in agent instructions.

    Only users with the sn_aia.admin role can create Parameter records for SSH desktop actions. To store both a username and a password, the AIA admin must create two separate Parameter records, one for the username (for example, un_username_group) and one for the password (for example, un_password_group).

    Users with the sn_aia.admin or now_assist_panel_user role can then create Parameter Value records under each Parameter record to store the values. Only one Parameter Value record can be created per user for each Parameter record.

    AI Agent instructions during execution

    The following example shows how an AI agent instruction can reference stored parameter names:

    Connect to SSH server and retrieve my session info. Here are my details:
    • IP address: 172.27.50.123
    • Port: 22
    • Retrieve the user name stored in "un_username_group" and the password stored in "un_password_group" parameter records.
    Note:
    When triggering an AI agent, explicitly specify in your instructions whether the credentials are provided directly or stored in Parameter records. If Parameter records are used, clarify that the record names are for reference only and that the agent must retrieve the username and password from those records.

    Verify that you use the exact names of the Parameter records. Parameter record names are case sensitive. For example, "UserName" and "username" are treated as different values.