Domain separation and Now Assist AI Agent Studio

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain separation and Now Assist AI Agent Studio

    Now Assist AI Agent Studio supports domain separation, allowing you to logically separate data, processes, and administrative tasks into distinct domains. This separation controls user access and visibility, ensuring data protection and organizational segmentation.

    Show full answer Show less

    Domain separation in AI Agent Studio applies at two levels:

    • Design-time support: Enables domain-specific configurations for agentic workflows, agents, tools, and triggers. Records are accessible only if a user belongs to the same or a higher domain.
    • Run-time support: Governs agentic conversations initiated via the Now Assist panel, web client, or conversational channels. The domain visibility depends on the user impersonated by the agent or the "Run as" attribute in triggers, ensuring domain-appropriate access during interactions.

    All AI agent tables include the sysdomain field to enforce domain separation, supported further by the sysdomainpath feature enabled on your instance.

    How domain separation works in Now Assist AI Agent Studio

    Process separation is managed through the sysoverrides column in domain-aware tables, allowing different domains to have distinct processes from the parent domain. This applies to configuration tables only, such as:

    • snaiaagentconfig
    • snaiausecaseconfigoverride

    Key Capabilities Enabled by Domain Separation

    • Agentic workflow discovery respects domain boundaries, enabling workflows and tools to be active or inactive depending on the domain.
    • Memory categories can be selectively active or inactive across domains.
    • Properties (such as snaiaproperty) and triggers can be overridden per domain, allowing domain-specific customization.
    • Note that AI agent and agentic workflow details themselves cannot be overridden across different domains.

    Practical Impact for ServiceNow Customers

    By leveraging domain separation in Now Assist AI Agent Studio, you can ensure precise control over AI agent configurations and behavior aligned with your organizational structure and data governance policies. This separation protects sensitive information, supports multi-tenant environments, and enables tailored AI assistant experiences based on domain context.

    Domain separation is supported for Now AssistAI Agent Studio. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Domain Separation Overview

    Now Assist AI agents use basic domain separation capabilities to help protect your users' data. Domain separation support for AI agents is applied at design time and run time.

    Design-time support
    Refers to creating or updating agentic workflows, agents, tools, trigger configurations, and so on. AI agent configurations can be made domain-specific for individual agents and the actual agentic workflows. Administrators can apply specific domains to those records. Similar to other basic domain separations, records in the AI agents tables are accessible if the user belongs to the same or a higher domain than those records.
    Run-time support
    Refers to the agentic conversation on the Now Assist panel, web client, or any conversational channel. In the agentic conversations, the user that the agent impersonates functions as an agent with any AI agents who initiate the conversation on demand. For example, if the conversation is happening via a trigger mentioned on the Run as field on the Trigger form of an agentic workflow. If the user that the agent impersonates belongs to the same or a higher domain, that agent can access and use configurations that are associated with that domain.

    The domain visibility for an agentic workflow is resolved during run time based on the Run as attribute in the agentic workflow trigger condition. For more information, see defining a trigger for an agentic workflow.

    When an agentic conversation is triggered on demand, the domain visibility is applied to the particular agent in action. When an agentic conversation is initiated through a trigger, the domain visibility is applied to the user who resolves the caller (in an incident record where the Run as attribute is set to Caller), when the conversation runs against the incident record.

    Note:
    The sys_domain field is added to all AI agent tables to achieve domain separation in Now Assist AI agents. The sys_domain_path, which is available for domain separation, is enabled on your instance.

    To understand more about the ServiceNow domain separation, see Exploring domain separation.

    How domain separation works in Now Assist AI Agent Studio

    Process separation is enabled through the use of the sys_overrides column in domain-aware tables. Any table that contains both the sys_domain and the sys_overrides fields can be configured to have different processes from the parent domain.

    AI Agents support only configuration tables to be process separated. Below are the list of tables that are process separated:
    • sn_aia_agent_config
    • sn_aia_usecase_config_override
    Domain separation in Now Assist AI agents supports:
    • Agentic workflow discovery.
    • AI agent and its tools can be active in the X domain and inactive in the Y domain.
    • Memory category can be active in the X domain and inactive in the Y domain.
    • sn_aia_property can be overridden in a different domain.
    • Triggers can be overridden in different domain.
    Note:
    AI agent and agentic workflow details can’t be overridden in the different domains.