Kick-off your Quality Clouds usage

What's here


Step 1: Configuring ServiceNow instances

The following steps are used to configure your ServiceNow instance in order to connect to it from Quality Clouds. 

1. Grant IP address access

For instances with IP restrictions, make sure you add exceptions for the following Quality Clouds IP addresses (in the IP Address Access Control in ServiceNow):

IP whitelisting

If your infrastructure implements IP whitelisting, make sure that you add these IPs to the allowed origins, so that requests from Quality Clouds are not blocked:

All servers located in: EU (Ireland)


20.82.159.225 → 20.123.120.238

20.82.221.17 → 20.123.123.70

20.93.80.6


Important Note - 19 October 2022.

Due to changes in our infrastructure, the IPs in our EU cluster have changed. Please replace the old IPs (grayed out) with the current ones in your whitelist.

On your network infrastructure level, make sure traffic is allowed from the IP.

2. Decide on admin vs non-admin access

Quality Clouds uses the REST API to connect to and scan the code and configuration of your ServiceNow instance. This means that a valid username / password must be configured in Quality Clouds in order for the scan to execute successfully. 

The first decision to make is whether you will grant the admin role to the user which Quality Clouds will use to connect to your instance. Bear in mind that the snc_read_only role can (and should) also be assigned to this user, which makes all access read-only. Also, this user can be a Web-service-only user, so it will not be possible to log into the ServiceNow UI with that user.

If you are not comfortable with granting the admin role, it is also possible to use a Quality Clouds specific role. The creation of this role, and of the ACLs which grant read only access on the required tables to the role, are available as an Update Set which you can install in your instance.

In general, using a read-only admin user is the preferred option, as it allows customers to ignore the Delta Update Sets and automatically enjoy all the new functionality provided by Quality Clouds releases.

In order to help you make the decision which is right for you, the below table summarizes the key differences between each approach.


Admin user

Non-admin user

Configuration Frequency

One time only - Initial setup

Delta Update set needs to be applied whenever Quality Clouds includes additional tables to scan.

Typically twice a year.

Read-only visibility to

All tables

Only tables required by Quality Clouds.

Quality Clouds rule coverage

Full

99% - The Best Practices "Modules pointing to big tables without filters" and "Custom Tables with no records" can not be guaranteed to work unless additional roles are granted.

The application field on all Roles detected by the scan will be shown as "Global".

Application coverage

Full

ServiceNow scoped applications which are created upon plugin activation can not be identified. All their CEs will be assigned to the Global Scope.


For admin user

If you decide to use a read-only admin user, simply enter the credentials for the user on the Instance Configuration page on the Quality Clouds scan web site, as described on the page Defining ServiceNow instances.

For non-admin user

If you decide to use a non-admin user, retrieve and apply relevant update sets, as described on Configuring for non-admin user

For ServiceNow instances with encrypted data

 Edge encryption does not affect Quality Clouds scans nor does it need any extra configuration.

For ServiceNow instances with SSO system

Make sure that the user to be launching scans in Quality Clouds uses local authentication and is able to use the REST API.

3. Configure the user

We recommend creating a dedicated user for setting up access and running scans from Quality Clouds. 


Ensure that the user configured to run the scans has the following characteristics:

  • use local authentication mode

  • have read access to the following tables:

ServiceNow tables accessed by Quality Clouds

Following is the list of all tables accessed by Quality Clouds for each ServiceNow instance:

asmt_condition

catalog_script_client

catalog_ui_policy

catalog_ui_policy_action

item_option_new

item_option_new_set

sc_cat_item

sc_category

sc_cat_item_producer

sp_angular_provider

sp_widget

sys_app

sys_app_application

sys_app_category

sys_app_module

sys_data_policy2

sys_data_source

sys_db_object

sys_dictionary

sys_dictionary_override

sys_group_has_role

sys_package

sys_properties

sys_rest_message

sys_scope

sys_script

sys_script_client

sys_script_email

sys_script_include

sys_security_acl

sys_soap_message

sys_transform_map

sys_transform_script

sys_ui_action

sys_ui_element

sys_ui_form

sys_ui_policy

sys_ui_script

sys_ui_section

sys_ui_form_section

sys_ui_style

sys_update_set

sys_update_version

sys_update_xml

sys_upgrade_history

sys_user*

sys_user_has_role

sys_user_preference

sys_user_role

syscript_pattern

sysevent

sysevent_email_action

sysevent_in_email_action

sysevent_script_action

syslog_transaction

sysrule_escalate_am

v_index_creator

v_plugin

wf_workflow_version

wf_workflow


* The only fields accessed on sys_user table are: userid, active. No personal information is accessed.

4. (optionally) Enable collection of client-side performance data

Optionally, to enable the collection of client-side performance data, install and enable the ServiceNow Client Transaction Timings plugin. 

If this plugin is not active, the client-side performance widgets in the Performance Dashboard will not be populated. For detailed instructions on how to do this, check the ServiceNow documentation article

See it in a video


What's here


Related content

Our knowledge base article on 401 response





Step 2: Defining ServiceNow instances in Quality Clouds

Before performing these steps, make sure you have the following information:

Setting up your instances

In order to be able to scan your instances, you need to point Quality Clouds to them.

→ To create an instance in Quality Clouds

  1. Login to the Quality Clouds Admin portal at https://portal.qualityclouds.com/.
  2. Go to Account > Instances section.
  3. Select the ServiceNow tab (if you use several SaaS with Quality Clouds).
  4. Click + (Add button). 
  5. Fill in the following information:
    • URLURL of the ServiceNow instance. If your ServiceNow instance uses SSO or any other external authentication method, make sure that the account you provide has local authentication in ServiceNow (does not need to be authenticated by external providers) and is able to use the REST API.

    • Description -Short and meaningful description of the instance. For example: MyCompany UAT
    • Username and Password - ServiceNow access credentials to the instance.
    • Do not persist credentials - Set this flag ON if you do not want to persist the credentials in the Quality Clouds environment. If you activate this option, a popup form will appear when launching a scan and you will have to provide the credentials manually. In this mode, all scans must be interactive (only manual scans allowed, no schedule can be completed).

    • EnvironmentEnvironment type of the instance. This is used to add descriptive context to your instance.

      Note

      ServiceNow production (PROD) instances are subject to an extra check: Debugging properties enabled in production environments.
    • Go-live Date - Date on which the instance was first started, serves as a baseline for Org changes.

  6. Click Save.


You can now continue with the following steps:

  1. Test connectivity.
  2. Schedule scans or Run scans manually.

What's here





Step 3: Scheduling scans

Use scan schedules to plan and automatically execute regular recurring or one-off scans.


This is a Quality Clouds admin action, available for admin users in the admin portal.

Your license comes with a limited number of scans. We recommend that you set your full scans every week or month, and your profiling scans every week.

Note: You can only set one schedule per each scan type, i.e. one profiling and one full scan schedule.


→ To schedule a scan

  • Login to the Quality Clouds Admin portal.
  • Go to Schedules section.
  • Click Add

  • New schedule window opens. 
  • Fill in the New schedule form.

  • Click Add

The default time zone of the Quality Clouds application is based on GMT+1 time. In order to schedule scans in your timezone, make sure you factor in the difference.


What's here


Related content

Scans

Launching scans



Confused? Check our Glossary






Last modified on Feb 9, 2021