This article explains how to configure the App Activities integration for ServiceNow.
Overview
App Activities provides you with an API-based solution for out-of-band visibility of all activity made by any user in a connected SaaS application. To provide App Activities with visibility of data within an app, you need to set up an integration with the required application. Once you create the integration, if a field has changed or expired, you can edit it from the Resources >Integrations > Integrated Apps page. For more information, see What is Application Control via API with App Activities.
To configure the App Activities integration, you need to:
Configure the integration within the SaaS application
Create the API connector in the CMA
A CASB license is required for App Activities. This license includes app and data control and App Activities via API. For more about purchasing a CASB license, please contact your Cato representative.
Configuring the ServiceNow Integration
To configure the ServiceNow integration, create the required information from the ServiceNow Developer Portal.
Prerequisites
You must have a ServiceNow Platform License
Step 1: Configure the Integration in the ServiceNow Developer Portal
In the ServiceNow Developer Portal, create the required information.
To configure the ServiceNow integration:
Log into the ServiceNow Developer Portal (
https://<your_tenant>.service-now.com).
Create an Application
In the search bar, search for and select Application Registry.

Create a New Integration.
Select Create an OAuth API endpoint for external clients.

Add a name for the application integration and copy and save the Client ID and Client Secret so they can be added to the CMA.
Create a Role
In the search bar, search for and select User Administration.
On the Roles tab, create a new role with a name you can recognize.
Add Access Control Lists
Click on the User icon and select Elevate Role.
Check Security Admin and select Update.
In the search bar, search for and select System Security.
In the Access Controls (ACL) tab, create a new Access Control List.
Choose these options:
Name: sys_audit
Type: Record
Operation: Read
Decision Type: Allow If
Press Submit and select the role you created in the Create a Role step.
Repeat steps 5 and 6 an additional 4 times with these values as the name:
sys_user_session
sys_data_source
sys_history_set
sys_audit_delete
Create a User
In the search bar, search for and select User Administration.
On the Users tab create a new user.
Add a name and email address and check the Web service access only box, and select Submit.

Search for and select the user you created in step 2.
Click Set Password and generate a password. Copy and Save the password so it can be added to the CMA.
On the user's page, select the Roles tab.

Add these roles to the Roles list:
The role you created in the Create a Role step
The Personalize role
Step 2: Create the API Connector in the CMA
After you have set up an integration with the required application, add the details in the CMA.
To create the API connector in the CMA:
From the navigation menu, click Resources > Integrations.
Click the Integrated Apps tab.
Click New.
The New Integration panel opens.
Select the SaaS Application you want to add.
In the Capability drop down select App Activities.
Add the details created during step one.
Note: the user name is the email address of the user you created at step 16 above. The BaseURL is
https://<your_tenant>.service-now.com.Click Save.
The app is visible on the Integrated Apps table with a Connected status.
After connecting your APIs, you can track the App activities in the Cloud Activities dashboard. Data may take a few minutes to appear.
Sources
Login - using the OAuth endpoint
sys_audit - Querying field changes
sys_user_session - Querying login activities
sys_audit_delete - Querying deletion activities
sys_data_source - Querying import activities
sys_history_set - Querying View and Edit activities
Known Limitations
Only tables that audit changes are queried