ServiceNow ITOM MCP Server

Create a powerful Model Context Protocol (MCP) server for ServiceNow IT Operations Management in minutes with our AI Gateway. This guide walks you through setting up seamless IT operations integration with enterprise-grade security and instant OAuth authentication.

About ServiceNow ITOM API

ServiceNow ITOM provides comprehensive visibility into your IT infrastructure, enabling proactive event management, service mapping, and operational intelligence. The API enables programmatic access to discovery, monitoring, event processing, and service analytics.

Key Capabilities

• Event Management: Collect and correlate events
• Service Mapping: Discover service dependencies
• Discovery: Automated infrastructure discovery
• Operational Intelligence: AI-powered insights
• Cloud Management: Multi-cloud visibility
• Orchestration: Automated remediation
• Health Monitoring: Service health tracking
• Capacity Planning: Resource optimization

API Features

• REST API: Event and metric ingestion
• Discovery API: Infrastructure scanning
• Service Mapping API: Dependency tracking
• OAuth 2.0: Secure authentication
• Metric API: Performance data
• Orchestration API: Workflow automation
• MID Server API: Distributed operations
• Integration Hub: Third-party connectors

What You Can Do with ServiceNow ITOM MCP Server

The MCP server transforms ServiceNow ITOM's API into a natural language interface, enabling AI agents to:

Event Management

• Event Processing

  • "Process incoming monitoring alerts"
  • "Correlate related events"
  • "Create incident from critical event"
  • "Suppress duplicate alerts"

• Alert Rules

  • "Configure alert correlation rules"
  • "Set event thresholds"
  • "Define notification policies"
  • "Create alert filters"

• Event Analytics

  • "Show event storm analysis"
  • "Identify noisy alerts"
  • "Track event patterns"
  • "Analyze root causes"

Service Mapping

• Service Discovery

  • "Map application dependencies"
  • "Discover service topology"
  • "Identify service components"
  • "Track service relationships"

• Dependency Tracking

  • "Show services affected by server"
  • "Map database dependencies"
  • "Trace network connections"
  • "Identify single points of failure"

• Impact Analysis

  • "Analyze change impact"
  • "Show affected business services"
  • "Calculate service availability"
  • "Predict outage impact"

Discovery

• Infrastructure Discovery

  • "Scan network for devices"
  • "Discover cloud resources"
  • "Identify software installations"
  • "Map virtualization infrastructure"

• Credential Management

  • "Configure discovery credentials"
  • "Test credential access"
  • "Rotate passwords securely"
  • "Manage SSH keys"

• Discovery Schedules

  • "Schedule weekly discovery"
  • "Run on-demand discovery"
  • "Configure discovery patterns"
  • "Set discovery windows"

Cloud Management

• Multi-Cloud Visibility

  • "Discover AWS resources"
  • "Map Azure infrastructure"
  • "Track GCP services"
  • "Monitor hybrid cloud"

• Cloud Governance

  • "Track cloud spending"
  • "Identify unused resources"
  • "Monitor compliance"
  • "Optimize cloud costs"

• Cloud Orchestration

  • "Provision cloud resources"
  • "Automate scaling"
  • "Manage cloud tags"
  • "Execute cloud workflows"

Operational Intelligence

• Anomaly Detection

  • "Identify performance anomalies"
  • "Detect unusual patterns"
  • "Predict failures"
  • "Alert on deviations"

• Predictive Analytics

  • "Forecast capacity needs"
  • "Predict service degradation"
  • "Estimate MTTR"
  • "Calculate failure probability"

• Health Scoring

  • "Calculate service health scores"
  • "Track health trends"
  • "Identify degrading services"
  • "Monitor SLA compliance"

Orchestration

• Workflow Automation

  • "Create remediation workflow"
  • "Automate recovery procedures"
  • "Execute runbooks"
  • "Trigger failover processes"

• Integration Actions

  • "Restart services remotely"
  • "Clear disk space"
  • "Update configurations"
  • "Scale resources"

• Approval Workflows

  • "Request automated actions"
  • "Approve critical changes"
  • "Validate orchestration steps"
  • "Audit automation activities"

Performance Monitoring

• Metric Collection

  • "Collect system metrics"
  • "Monitor application performance"
  • "Track network latency"
  • "Measure response times"

• Threshold Management

  • "Set performance thresholds"
  • "Configure baseline alerts"
  • "Define SLA metrics"
  • "Create composite metrics"

• Capacity Planning

  • "Analyze resource utilization"
  • "Predict capacity needs"
  • "Identify bottlenecks"
  • "Plan infrastructure growth"

Compliance & Reporting

• Compliance Monitoring

  • "Track configuration compliance"
  • "Monitor security patches"
  • "Verify license compliance"
  • "Audit access controls"

• Operational Reports

  • "Generate availability reports"
  • "Create performance dashboards"
  • "Track SLA metrics"
  • "Export executive summaries"

• Audit Trail

  • "Track configuration changes"
  • "Monitor discovery activities"
  • "Log orchestration actions"
  • "Record event processing"

Prerequisites

• Access to Cequence AI Gateway
• ServiceNow instance with ITOM modules
• Admin role in ServiceNow
• MID Server configured (for Discovery)

Step 1: Configure ServiceNow OAuth

1.1 Create OAuth Application

1. Log in to your ServiceNow instance
2. Navigate to System OAuth Application Registry
3. Click New Create an OAuth API endpoint

1.2 Configure OAuth Settings

1. Fill in application details:

   • Name: "AI Gateway ITOM MCP"
   • Client ID: Auto-generated
   • Client Secret: Click to generate

2. Set OAuth parameters:

   • Redirect URL:

     https://auth.aigateway.cequence.ai/v1/outbound/oauth/callback

   • Access Token Lifespan: 3600
   • Refresh Token Lifespan: 86400

1.3 Configure ITOM-Specific Settings

1. Enable ITOM application scopes
2. Configure Event Management access
3. Set Discovery permissions
4. Enable Service Mapping APIs

1.4 Configure MID Server

1. Install MID Server if needed
2. Configure discovery credentials
3. Set up network access
4. Test connectivity

Step 2-4: Standard Setup

Follow standard steps to access AI Gateway, find ServiceNow ITOM API, and create MCP server.

Step 5: Configure API Endpoints

1. Base URL: https://{instance}.service-now.com/api
2. Select ITOM endpoints:
   • Event Management endpoints
   • Discovery endpoints
   • Service Mapping endpoints
   • Orchestration endpoints
3. Click Next

Step 6: MCP Server Configuration

1. Name: "ServiceNow ITOM"
2. Description: "IT Operations Management platform"
3. Configure production mode
4. Click Next

Step 7: Configure Authentication

1. Authentication Type: OAuth 2.0
2. Instance Name: Your ServiceNow instance
3. Authorization URL:

   https://{instance}.service-now.com/oauth/authorize

4. Token URL:

   https://{instance}.service-now.com/oauth_token.do

5. Enter Client ID and Secret
6. Select required scopes

Available ServiceNow ITOM OAuth Scopes

Core ITOM Scopes

• itom:read

  • Read events and alerts
  • View service maps
  • Access discovery data
  • Read metrics

• itom:write

  • Create and update events
  • Modify service maps
  • Configure discovery
  • Execute orchestration

• itom:admin

  • Configure event rules
  • Manage discovery patterns
  • Set up integrations
  • Administrative tasks

Module-Specific Scopes

• Event Management

  • em_event - Event operations
  • em_alert - Alert management
  • em_alert_rule - Alert rules

• Service Mapping

  • sa_pattern - Discovery patterns
  • cmdb_ci_service - Service CIs
  • sa_map - Service maps

• Discovery

  • discovery_status - Discovery runs
  • discovery_schedule - Schedules
  • discovery_credential - Credentials

Recommended Scope Combinations

For Event Management:

itom:read
itom:write
em_event
em_alert
em_alert_rule
incident

For Full ITOM:

itom:read
itom:write
itom:admin
em_event
em_alert
sa_pattern
cmdb_ci_service
discovery_status
orchestration

Step 8-10: Complete Setup

Configure security, choose deployment, and deploy.

Using Your ServiceNow ITOM MCP Server

With Claude Desktop

{
  "servers": {
    "servicenow-itom": {
      "url": "your-mcp-server-url",
      "auth": {
        "type": "oauth2",
        "client_id": "your-client-id",
        "instance": "your-instance"
      }
    }
  }
}

Natural Language Commands

• "Show all critical events from last hour"
• "Map dependencies for payment service"
• "Run discovery on production subnet"
• "Analyze event storm for web servers"
• "Predict capacity needs for next quarter"

API Integration Example

// Initialize MCP client
const mcpClient = new MCPClient({
  serverUrl: 'your-mcp-server-url',
  auth: {
    type: 'oauth2',
    token: 'access-token'
  }
});

// Process monitoring event
const event = await mcpClient.servicenow.events.create({
  source: 'Prometheus',
  node: 'web-server-01',
  type: 'CPU Usage',
  severity: '3',
  description: 'CPU usage exceeded 90%',
  metric_name: 'cpu_usage_percent',
  metric_value: '92.5',
  additional_info: {
    threshold: '90',
    duration: '5 minutes',
    process: 'java'
  }
});

// Create service map
const serviceMap = await mcpClient.servicenow.serviceMapping.create({
  name: 'E-Commerce Application',
  entry_point: 'https://shop.example.com',
  discovery_source: 'ServiceNow Discovery',
  components: [
    {
      type: 'Web Server',
      name: 'nginx-lb-01',
      ci_class: 'cmdb_ci_web_server'
    },
    {
      type: 'Application Server',
      name: 'tomcat-app-01',
      ci_class: 'cmdb_ci_app_server'
    },
    {
      type: 'Database',
      name: 'mysql-db-01',
      ci_class: 'cmdb_ci_database'
    }
  ]
});

// Run discovery
const discovery = await mcpClient.servicenow.discovery.run({
  schedule: 'Immediate',
  mid_server: 'mid-server-prod',
  ip_range: '10.0.1.0/24',
  credentials: [
    'ssh-prod-credential',
    'snmp-credential',
    'wmi-credential'
  ],
  patterns: [
    'Linux Server',
    'Windows Server',
    'VMware vCenter',
    'AWS EC2'
  ]
});

// Configure alert rule
const alertRule = await mcpClient.servicenow.eventManagement.createRule({
  name: 'Database Connection Alert',
  active: true,
  conditions: [
    {
      field: 'source',
      operator: 'contains',
      value: 'database'
    },
    {
      field: 'severity',
      operator: '<=',
      value: '3'
    }
  ],
  actions: [
    {
      type: 'create_incident',
      priority: '2',
      assignment_group: 'Database Team'
    },
    {
      type: 'send_notification',
      recipients: ['dba-oncall@company.com']
    }
  ]
});

// Get service health
const health = await mcpClient.servicenow.health.calculate({
  service: 'e-commerce-service',
  time_range: 'last_24_hours',
  metrics: [
    'availability',
    'response_time',
    'error_rate',
    'throughput'
  ]
});

// Execute orchestration
const orchestration = await mcpClient.servicenow.orchestration.execute({
  workflow: 'Auto-Remediation',
  target: 'web-server-01',
  action: 'restart_service',
  parameters: {
    service_name: 'httpd',
    wait_time: 30,
    health_check_url: 'http://localhost/health'
  },
  approval_required: false
});

// Analyze capacity
const capacity = await mcpClient.servicenow.capacity.analyze({
  ci_type: 'vmware_vcenter_server',
  metrics: ['cpu', 'memory', 'storage'],
  forecast_period: '90_days',
  growth_rate: 'historical',
  threshold_alerts: {
    cpu: 80,
    memory: 85,
    storage: 90
  }
});

Common Use Cases

Event Management

• Alert correlation and suppression
• Automated incident creation
• Event storm detection
• Root cause analysis

Service Visibility

• Application dependency mapping
• Business service modeling
• Impact analysis
• Service health tracking

Infrastructure Discovery

• Automated CMDB population
• Cloud resource discovery
• Network topology mapping
• Software inventory

Operational Automation

• Auto-remediation workflows
• Predictive maintenance
• Capacity optimization
• Performance tuning

Security Best Practices

1. OAuth Security:

   • Use minimal required scopes
   • Implement token rotation
   • Monitor API usage
   • Set IP restrictions

2. Discovery Security:

   • Secure credential storage
   • Use least privilege
   • Audit discovery runs
   • Network segmentation

3. Event Security:

   • Validate event sources
   • Encrypt sensitive data
   • Monitor anomalies
   • Access control

Troubleshooting

Common Issues

1. Authentication Errors

   • Verify OAuth configuration
   • Check instance URL
   • Validate credentials
   • Review scope permissions

2. Discovery Issues

   • Check MID Server status
   • Verify network connectivity
   • Validate credentials
   • Review discovery logs

3. Event Processing

   • Check event rules
   • Verify source integration
   • Review transformation maps
   • Monitor event queue

Getting Help

• Documentation: AI Gateway Docs
• Support: support@cequence.ai
• ServiceNow Docs: docs.servicenow.com/itom

---