Set up Azure service accounts

  • Release version: Xanadu
  • Updated January 30, 2025
  • 2 minutes to read

    • Create and configure cloud service accounts at ServiceNow AI Platform for the corresponding Microsoft Azure accounts.

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    Before you begin

    Ensure the configuration of Azure credentials
    For more information, see Create Azure cloud credentials and Configuration steps for Azure Service Principal User and Credentials (KB2202765)
    Ensure that you are familiar with the hierarchy of the Azure service accounts in your environment.
    Set up the service accounts at ServiceNow AI Platform to reflect the hierarchy of your environment. You can set up the Azure service accounts for the following Azure account types:
    • Management group.
    • Subscription.

    Role required: discovery_admin

    About this task

    A service account is a secure record on your instance that stores the credentials and access information for your provider account. Discovery uses the information to access your provider account to get data on each resource in each specified datacenter. A cloud account is the logical representation in cloud management of all or part of your managed cloud infrastructure. A cloud account can include multiple service accounts—even service accounts from different providers. For each service account, you specify which datacenter to include in the cloud account.

    Procedure

    1. In the navigation filter, enter cmdb_ci_cloud_service_account.list.
    2. Select New.
    3. Fill in the fields by the following order:
      1. Select the datacenter.
      2. Select the check box of the Is management account if your are creating a service account for a management group.
      3. Select Should pull events to preform event-based discovery. For more information, see Microsoft Azure Alert driven discovery
      Table 1. Cloud Service Account form
      Field Description
      Name The unique and meaningful name for this service account.
      Account ID If you are creating a service account for a management group, fill in the Azure management group ID that belongs to the management group. If you are creating a service account for a subscription, fill in the Azure subscription ID.
      Discovery credentials

      The credentials needed for ServiceNow applications to access this account.
      Datacenter URL

      URL of the datacenter.

      Configuring this field is required for Azure Gov Cloud (US) accounts. For example, https://management.usgovcloudapi.net/.
      Datacenter type Type of the datacenter where the account is hosted.

      Select Azure datacenter.
      Datacenter discovery status Auto-generated value: Status and timestamp of the last execution of discovery on the datacenter.
      Parent account

      When setting up a service account for an Azure subscription, fill in the management group ID.

      When the Is management account check box is selected, the Parent account field is not applicable
      Accessor account Not applicable for Azure service accounts.
    4. Select Submit.