Domain separation and Service Mapping

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain separation and Service Mapping

    Domain separation in Service Mapping allows ServiceNow customers to logically isolate data, processes, and administrative tasks into domains. This separation controls user access and visibility, ensuring that data is assigned to the correct domain for multi-tenant or service provider scenarios. It supports separation across the user interface, caching, reporting, and data aggregation.

    Show full answer Show less

    The feature is designed to enable service providers to manage multiple tenants within one instance while maintaining data and process isolation. For example, a service provider can respond to a tenant’s chat message, and the tenant will only see responses relevant to their domain.

    How Domain Separation Works in Service Mapping

    • Users must switch into the appropriate leaf domain (a domain without child domains) to perform Service Mapping actions.
    • When creating service instances, these are assigned to the user’s current domain.
    • When manually adding configuration items (CIs) or connections to service instances, only CIs within the user’s domain can be selected, and users must belong to the same domain as the service.
    • Imported service instances and service groups are assigned to the user’s domain during service definition transfers between instances.

    Support for Automated Service Suggestions

    Automated Service Suggestions support domain separation starting with version 1.9.0, but only for cloud instances (no on-premise support yet). The source and target processes must be within the same domain to create connections, and users can only view data within their current domain.

    After installing Service Mapping Plus with domain separation, customers should verify that all content is properly assigned to domains following the prescribed steps.

    Practical Considerations for ServiceNow Customers

    • Domain separation must be configured by the instance owner to enable multi-tenant service mapping.
    • Users should be trained to operate within the correct leaf domain to ensure accurate mapping and data segregation.
    • Ensure all CI types and discovery patterns are configured with domain separation in mind to maintain data integrity.
    • Refer to operational guides on enabling traffic-based discovery, tagging, pattern creation, and entry point configuration within domain-separated environments.

    This domain separation capability empowers service providers and multi-tenant organizations to maintain secure, isolated environments within a single ServiceNow instance, improving governance and clarity across service mapping tasks.

    Domain separation is supported in Service Mapping. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Basic

    • Business logic: Ensure that data goes into the proper domain for the application’s service provider use cases.
    • The application supports domain separation at run time. The domain separation includes separation from the user interface, cache keys, reporting, rollups, and aggregations.
    • The owner of the instance must set up the application to function across multiple tenants.

    Sample use case: When a service provider (SP) uses chat to respond to a tenant-customer’s message, the customer must be able to see the SP's response.

    For more information on support levels, see Application support for domain separation.

    How domain separation works in Service Mapping

    In domain-separated environments, switch into relevant leaf domains to access actions related to mapping performed by Service Mapping. A leaf domain is a child domain of the lowest level, meaning it does not have any child domains itself.

    Domain separation is handled in a slightly different way than simply configuring separate domains. Notice that you must select or specify the relevant leaf domain to perform the following mapping actions in domain-separated environments:
    • When creating an service instance, the service instance is assigned to the user's domain.
    • When manually adding a CI to an service instance, you can choose only CIs that belong to the service domain.
    • When manually adding connections to CIs to an service instance, users must belong to the same domain as the application service.
    • When transferring service definitions between instances, imported service instances and service groups are assigned to the user's domain.

    Domain separation and Automated Service Suggestions

    Automated Service Suggestions supports domain separation. This means that:
    • The source and target process must reside in the same domain to create a connection.
    • The user can view only the data in the current domain.
    Note:
    After installing Service Mapping Plus with domain separation support, verify that all content is in the appropriate domain. For a detailed explanation of the required steps, see the Service mapping plus for domain separated instance [KB1303398] article in the Now Support Knowledge Base.

    Automated Service Suggestions supports domain separation starting with version 1.9.0. No support is currently offered for on-premise instances. Reach out to product management for further information.

    For more context, refer to Discovery patterns used by ITOM Visibility topic and MID Server configuration for Service Mapping. The following topics provide operational information on how to use Service Mapping in deployments with domain separation: