Applicative credentials

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Applicative credentials

    Applicative credentials are user names and passwords required by certain applications in addition to the host machine credentials. These credentials enable secure access to specific applications or devices, often enhancing security by separating host and application access. For example, ABAP SAP Central Services (ASCS) requires applicative credentials besides SSH or Windows host credentials.

    Show full answer Show less

    In ServiceNow, applications and devices within a service instance are managed as configuration items (CIs). Applicative credentials are created and assigned per CI type and are used by MID Servers during discovery to access those applications securely.

    Key Features

    • Credential Assignment: Applicative credentials are assigned to MID Servers and associated with specific CI types (e.g., SAP ASCS, Oracle Database, Microsoft Exchange Mailbox).
    • Credential Usage: MID Servers use applicative credentials to run discovery commands that require application-level access.
    • Credential Order: Multiple credentials for a CI type can be configured with an order of precedence to control the login attempts sequence.
    • Credential Alias: Allows assigning specific credentials for particular discovery schedules by linking to the CI type table.
    • Applicability: Credentials can be applied to all MID Servers or selected specific MID Servers.

    Practical Considerations for ServiceNow Customers

    • Check Discovery requirements to determine if applicative credentials are necessary for the CI types you are discovering.
    • Configure credentials with descriptive names avoiding spaces or special characters for clarity and system compatibility.
    • Assign credentials carefully to MID Servers to ensure discovery processes can authenticate successfully with the target applications.
    • Use the order field to prioritize credentials and avoid lockouts due to repeated failed login attempts during discovery.
    • Refer to the predefined CI types list to correctly associate applicative credentials with the corresponding application or device types.

    By configuring applicative credentials correctly, ServiceNow customers enable reliable discovery and accurate population of application-related CIs, which is essential for effective service management and operational insight.

    Some applications require credentials in addition to the credentials the that host machine requires. Credentials required to access these applications are referred to as applicative credentials.

    A typical credential contains a user name and a password for logging in to a device or application. While most applications require only one credential for accessing them, sometimes hosts and applications have separate credentials for extra security. For example, ABAP SAP Central Services (ASCS) requires applicative credentials in addition to the SSH or Windows host credentials for the server that hosts ASCS.

    Note:
    ServiceNow applications refer to devices and applications that comprise a service instance as configuration items (CIs).

    As with host credentials, you assign applicative credentials to MID Servers.

    You create applicative credentials per CI type, for example, the CI type for ASCS is SAP ASCS Application [cmdb_ci_appl_sap_ascs]. The preconfigured pattern for discovering CIs belonging to this CI type contains commands that require a MID Server to use the applicative credential for this CI type. If there’s more than one credential configured for this CI type, the MID Server tries using these credentials in the order you define until it finds the credential that fits.

    Check the Discovery requirements information in the ServiceNow documentation to determine if you need to configure applicative credentials for specific application CIs. There’s no need to configure applicative credentials, if Discovery prerequisites don’t mention it.

    Table 1. Applicative credentials form fields
    Field Description
    Name Name of the credential. Use a descriptive name like Oracle DB or London Oracle DB (for an Oracle database). Don’t use spaces or special characters for the credential name.
    Active Select the check box to use the credential.
    User name Enter the actual user name of the applicative credential.
    Password Enter the actual password of the applicative credential. Don’t use spaces or special characters for the credential name.
    CI type Select a CI type to which the CI belongs.
    Credential Alias Create an alias to assign specific credentials for specific discovery schedules. When assigning an alias, you must identify the table name for the CI type whose applicative credentials the application uses. Applications may use applicative credentials of a CI type different from their own. For a specific application, see the list for the appropriate table:
    • ABAP SAP Central Services (ASCS): cmdb_ci_appl_sap_ascs
    • IBM Security Access Manager appliance: cmdb_ci_app_server_webseal
    • SAP Central Instance: cmdb_ci_appl_sap_ascs
    • SAP Central Services (SCS): cmdb_ci_appl_sap_ascs
    • SAP Evaluated Receipt Settlement (ERS): cmdb_ci_appl_sap_ascs
    • SAP Java Cluster: cmdb_ci_appl_sap_ascs
    • SAP NetWeaver Dialog Instance: cmdb_ci_appl_sap_ascs
    • Microsoft Exchange Mailbox (for Microsoft Exchange): cmdb_ci_exchange_mailbox
    • Microsoft SQL Database: cmdb_ci_db_mssql_instance
    • MySQL Server: cmdb_ci_db_mysql_instance
    • Oracle Advanced Queue Queue: cmdb_ci_db_ora_instance
    • Oracle Database: cmdb_ci_db_ora_instance
    • Oracle E-Business Suite: cmdb_ci_db_ora_instance
    • Oracle WebLogic Module: cmdb_ci_app_server_weblogic
    • Tibco Enterprise Message Service (EMS): cmdb_ci_appl_tibco_message
    Applies to

    Select whether to apply these credentials to All MID servers in your network, or to one or more Specific MID servers. Specify the MID Servers that should use these credentials in the MID servers field.
    Order

    Order (sequence) in which Discovery tries this credential as it attempts to log on to devices. The smaller the number, the higher in the list this credential appears. Establish credential order when using large numbers of credentials or when security locks out users after three failed login attempts. If all the credentials have the same order number (or none), the instance tries the credentials in a random order.