Using the Personal Authentication dashboard

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using the Personal Authentication dashboard

    The Personal Authentication dashboard in ServiceNow enables users to manage their personal credentials for third-party integrations through a simplified, consolidated interface. It allows users to view, authenticate, revoke, and renew personal authentications without sharing superuser credentials, thereby enhancing security and reducing the need to manage ACLs for external systems. This feature requires an Integration Hub subscription.

    Show full answer Show less

    Dashboard Structure and Functionality

    The dashboard is divided into two main sections:

    • My Integrations: Displays integrations where the user has active authenticated credentials. Each integration is represented by a card offering options to Revoke or Renew the authentication. Revoking invalidates tokens and moves the integration to the "Integrations I can use" section. Renewing updates tokens and expiration dates via reauthentication.
    • Integrations I can use: Lists available integrations that the user has not authenticated yet. Users can authenticate by selecting the Authenticate button, which opens a credential pop-up similar to the renewal process.

    For ServiceNow integrations, authentication involves entering a username and password to obtain an OAuth token. Non-ServiceNow integrations display the OAuth credential page for the respective application.

    Setup and Configuration

    • To enable the dashboard, install the Personal Authentication [com.snc.snihubpersonalauth] plugin. After installation, access the dashboard via All > IntegrationHub > Personal Authentication > Personal Integrations.
    • The dashboard populates integrations based on the Connection & Credential Aliases [sysalias] table. Aliases with valid tokens appear under "My Integrations"; those without valid tokens appear under "Integrations I can use".
    • If not already configured, create a Connection & Credential Alias using an OAuth 2.0 credential with the Integration Type set to Personal to use this feature.

    Token Revocation

    Revoking an authentication removes all active tokens for the user in the instance. Optionally, token revocation can be enabled at the OAuth Server level by specifying the server's token revocation endpoint in the Token Revocation URL field within the Application Registries form for the OAuth Provider. This ensures tokens are also revoked on the external OAuth server.

    Roles and Permissions

    Access to the Personal Authentication dashboard requires the snpersonalauth.personalauthuser role.

    Use your personal credentials to connect to third-party integrations. View, authenticate, revoke, and renew your personal authentications through a simplified, consolidated interface.

    The Personal Authentication dashboard provides a streamlined way to manage your personal authentication integrations. With personal authentication, multiple users can use Integration Hub without needing to share superuser credentials. It also enhances security by removing the need to manage ACLs for third-party systems.

    This feature requires an Integration Hub subscription. For more information, see Legal schedules - IntegrationHub overview.

    Dashboard overview

    The Personal Authentication dashboard has two main sections.
    • The My Integrations section at the top of the page, which shows your authenticated integrations.
    • The Integrations I can use section at the bottom of the page, which shows the integrations available to you.
    Figure 1. Personal Authentication dashboard
    The Personal Authentication dashboard with two sections: The My Integrations section, and the Integrations I can use section.
    My Integrations section

    Displays authenticated integrations. Each integration has its own card. From the card, you can Revoke or Renew the authentication.

    When you revoke an authentication, you revoke any relevant access or refresh tokens for the personal authentication credential associated with the integration. Revoking invalidates the existing authentication. You can reauthenticate later to reestablish the connection. Once the authentication is revoked, the integration card moves to the Integrations I can use section of the dashboard.

    Renewing an authentication renews the associated token and updates the expiration date. To renew, select the Renew button on the integrations card. This button opens a pop-up window where you can reauthenticate the credential. The contents of the pop-up window depend on the integration.
    • For ServiceNow integrations, the pop-up window has fields where you can enter the Username and Password for the credential, then select Get OAuth Token.
    • For all other integrations, the pop-up window displays your OAuth credential page for that application.
    Integrations I can use section

    Displays the integrations that are available but not authenticated. To authenticate, select the Authenticate button on the integration card. Authenticating opens the same pop-up window that opens when you Renew an integration: For ServiceNow integrations, the pop-up window has the Username, Password, and Get OAuth Token buttons. For all other integrations, the pop-up window displays your OAuth credential page for that application.

    Once the credential is authenticated, the integration card moves to the My Integrations section at the top of the dashboard.

    Required dashboard setup

    If you're already using the personal authentication credential type, you can upgrade to the dashboard by installing the Personal Authentication [com.snc.sn_ihub_personal_auth] plugin. After installing the plugin, navigate to All > IntegrationHub > Personal Authentication > Personal Integrations to see the dashboard.

    The integrations on the dashboard all come from the Connection & Credential Aliases [sys_alias] table. Any alias where the credential has a personal integration type is displayed on the dashboard, according to the following guidelines.
    • If the credential currently has a valid token, it's listed in the My Integrations section of the dashboard.
    • If the credential doesn't currently have a valid token, it's listed in the Integrations I can use section of the dashboard.

    If you're not already using the personal authentication credential type, you can configure one by creating a Connection & Credential Alias that uses an OAuth 2.0 credential with the Integration Type of Personal. For more details and instructions, see Create a Connection & Credential alias.

    Token revocation URL

    Revoking an authentication revokes all the related active tokens stored in the instance for the user that initiated the session. You can also enable token revocation on the OAuth Server by providing the server's token revocation endpoint in the Token Revocation URL field.

    To enable authentication revocation at the OAuth Server, fill in the Token Revocation URL field in the Application Registries form for the integration's OAuth Provider. To fill in this field, follow these steps.
    1. Navigate to All > System OAuth > Application Registry.
    2. Select the form for the appropriate OAuth Provider from the Application Registries [oauth_entity] table.
    3. In the Token Revocation URL field, enter the OAuth Server's token revocation endpoint.

    Roles

    The Personal Authentication dashboard requires the sn_personal_auth.personal_auth_user role.