External content security for AI Search

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of External content security for AI Search

External content security for AI Search enables ServiceNow customers to maintain and enforce user and group access permissions on documents indexed from external sources. By mapping externally defined users and groups to ServiceNow AI Platform® users, you can control access to search results derived from these external documents, ensuring that security policies are preserved and respected during search operations.

Show full answer Show less

Key Features

Preservation of Access Permissions: Access permissions specified on each external document during ingestion are maintained through indexing, allowing granular control over who can access each document globally or via specific user and group lists.
User and Group Mapping: Define mappings between externally defined user and group aliases and ServiceNow AI Platform users. These mappings are linked to the indexed external content sources, enabling AI Search to evaluate permissions accurately during queries.
Security Filtering During Search Queries: When a search query matches an indexed external record, AI Search cross-references the mapped external users and groups against the record’s access permissions to determine if the current ServiceNow user has rights to view the result.

Implementation Details

Ingestion Requirements: Two key steps must be included in your ingestion process:
- Specify access permissions on each external document for users and groups.
- Define user mappings in tables associated with external content sources.
User Mappings Management: Create tables to store user mappings and link them to external content indexed sources. User mappings can be imported via API, and import history can be reviewed to ensure accuracy.
Access Permissions Specification: Permissions can allow or deny access globally or to specific external users and groups. Special roles and precedence rules for permissions are supported to customize access control.

Benefits for ServiceNow Customers

Ensure compliance with external content security policies by preserving original access controls during indexing and search.
Provide secure, governed search results that respect both external and internal user access rights.
Leverage seamless integration of external user and group identities with ServiceNow AI Platform user accounts for consistent, secure access management.

AI Search preserves user and group security access permissions specified for documents indexed from external sources. You can control access to external content search results by mapping these externally defined users and groups to ServiceNow AI Platform® users.

For an overview of AI Search content security, see Content security in AI Search.

Requirements

To use external content security, include the following two steps in your ingestion and indexing process for external documents:


Step	Description
Specify access permissions on each external document fed for ingestion	Access permissions for an external document can allow or deny access to the document globally (for all users), or can include lists of specific externally defined users and groups who are allowed or denied access to the document. AI Search preserves the external document's security access permissions during indexing. Additional information: For an overview of specifying access permissions on external documents, see Defining access permissions for external documents. To learn about the set of access permissions supported for external content security, see External content access permissions. For details on special access permissions granted by certain user roles, see Special external content access permissions by role. To learn how to reverse the default precedence of users.read and groups.deny access permissions for an external content indexed source, see Change the precedence of user read and group deny permissions for an external content indexed source.
Define user mappings in tables linked to external content indexed sources	A user mapping specifies externally defined user and group aliases for a ServiceNow AI Platform user. Link these user mappings to indexed sources for external content. AI Search uses an indexed source's user mappings in conjunction with indexed records' access permissions to determine ServiceNow AI Platform user access for search results from the indexed source. Additional information: For an overview of user mappings, see Mapping external users and groups to ServiceNow AI Platform users. To learn about the set of externally defined security principal types supported in user mappings, see External user mapping security principal types. For instructions on creating a table to store your user mappings, see Create a user mapping table. For instructions on linking your user mapping tables to external content indexed sources, see Link a user mapping table to an external content indexed source. To learn about importing user mappings via the AI Search External User Mapping API, see Importing user mappings. For instructions on viewing user mapping import history records to confirm that user mappings imported correctly, see View history records for user mapping import operations.

Security implementation for search queries

When a user's search query matches an indexed record created from an external document, AI Search performs these steps:

Examines the user mappings linked to the record's indexed source and retrieves the set of all externally defined users and groups aliased to the current ServiceNow AI Platform user's account.
Compares the mapped set of externally defined user and group aliases with the access permissions on the indexed search result record to see whether the ServiceNow AI Platform user should be allowed to view the search result.