Integration accounts should not use the Admin role

Rule number

SN-0438

Impact

External systems accessing ServiceNow with elevated privileges in the ServiceNow instance could mean security risks such as data leaks or unexpected actions. In general, every user should only have the required privileges in order to perform their tasks.

Remediation

Include a dedicated integration user that external systems will use to access the ServiceNow instance. The user should have specific and limited privileges required for the integration.

Time to fix

40 min