Applicative credentials

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Applicative Credentials

    Applicative credentials are additional login credentials required for certain applications beyond the host machine's credentials. They typically consist of a username and password and are essential for maintaining security, particularly when applications like ABAP SAP Central Services (ASCS) need separate access credentials. ServiceNow refers to devices and applications as configuration items (CIs), and applicative credentials are assigned to MID Servers based on CI types.

    Show full answer Show less

    Key Features

    • Credential Creation: Applicative credentials are created per CI type, such as SAP ASCS, and multiple credentials can be defined.
    • Discovery Configuration: The MID Server uses the defined applicative credentials in a specified order during the discovery process.
    • Form Fields: When configuring credentials, fields include Name, Active status, User name, Password, CI type, Credential Alias, Applies to, and Order.

    Key Outcomes

    By effectively configuring applicative credentials, ServiceNow customers can ensure secure access to applications, streamline the discovery process, and prevent security lockouts by managing the order of credential attempts. Customers should check the Discovery requirements in ServiceNow documentation to determine if applicative credentials are necessary for specific CIs.

    Some applications require credentials in addition to the credentials the that host machine requires. Credentials required to access these applications are referred to as applicative credentials.

    A typical credential contains a user name and a password for logging in to a device or application. While most applications require only one credential for accessing them, sometimes hosts and applications have separate credentials for extra security. For example, ABAP SAP Central Services (ASCS) requires applicative credentials in addition to the SSH or Windows host credentials for the server that hosts ASCS.

    Note:
    ServiceNow applications refer to devices and applications that comprise a service instance as configuration items (CIs).

    As with host credentials, you assign applicative credentials to MID Servers.

    You create applicative credentials per CI type, for example, the CI type for ASCS is SAP ASCS Application [cmdb_ci_appl_sap_ascs]. The preconfigured pattern for discovering CIs belonging to this CI type contains commands that require a MID Server to use the applicative credential for this CI type. If there’s more than one credential configured for this CI type, the MID Server tries using these credentials in the order you define until it finds the credential that fits.

    Check the Discovery requirements information in the ServiceNow documentation to determine if you need to configure applicative credentials for specific application CIs. There’s no need to configure applicative credentials, if Discovery prerequisites don’t mention it.

    Table 1. Applicative credentials form fields
    Field Description
    Name Name of the credential. Use a descriptive name like Oracle DB or London Oracle DB (for an Oracle database). Don’t use spaces or special characters for the credential name.
    Active Select the check box to use the credential.
    User name Enter the actual user name of the applicative credential.
    Password Enter the actual password of the applicative credential. Don’t use spaces or special characters for the credential name.
    CI type Select a CI type to which the CI belongs.
    Credential Alias Create an alias to assign specific credentials for specific discovery schedules. When assigning an alias, you must identify the table name for the CI type whose applicative credentials the application uses. Applications may use applicative credentials of a CI type different from their own. For a specific application, see the list for the appropriate table:
    • ABAP SAP Central Services (ASCS): cmdb_ci_appl_sap_ascs
    • IBM Security Access Manager appliance: cmdb_ci_app_server_webseal
    • SAP Central Instance: cmdb_ci_appl_sap_ascs
    • SAP Central Services (SCS): cmdb_ci_appl_sap_ascs
    • SAP Evaluated Receipt Settlement (ERS): cmdb_ci_appl_sap_ascs
    • SAP Java Cluster: cmdb_ci_appl_sap_ascs
    • SAP NetWeaver Dialog Instance: cmdb_ci_appl_sap_ascs
    • Microsoft Exchange Mailbox (for Microsoft Exchange): cmdb_ci_exchange_mailbox
    • Microsoft SQL Database: cmdb_ci_db_mssql_instance
    • MySQL Server: cmdb_ci_db_mysql_instance
    • Oracle Advanced Queue Queue: cmdb_ci_db_ora_instance
    • Oracle Database: cmdb_ci_db_ora_instance
    • Oracle E-Business Suite: cmdb_ci_db_ora_instance
    • Oracle WebLogic Module: cmdb_ci_app_server_weblogic
    • Tibco Enterprise Message Service (EMS): cmdb_ci_appl_tibco_message
    Applies to

    Select whether to apply these credentials to All MID servers in your network, or to one or more Specific MID servers. Specify the MID Servers that should use these credentials in the MID servers field.
    Order

    Order (sequence) in which Discovery tries this credential as it attempts to log on to devices. The smaller the number, the higher in the list this credential appears. Establish credential order when using large numbers of credentials or when security locks out users after three failed login attempts. If all the credentials have the same order number (or none), the instance tries the credentials in a random order.