What is an Integration User?
In ServiceNow, an Integration User plays a crucial role in connecting the plataform with other systems or sources. These users are specifically designed for information exchange between ServiceNow and external applications, databases, or APIs.
Why is this an issue?
Authentication is required for all SOAP requests, including internal integration communications, such as the MID Server, ODBC Driver, Remote Update Sets, and high availability cloning, when Web Services Security (WWS) is enabled. If the instance utilizes these SOAP interfaces, bypassing the WS-Security authentication requirement can be achieved by designating their user accounts as Internal Integration Users.
For security reasons an user assigned to perform integrations should not have the admin role.
How do I fix it?
A dedicated Integration User (not admin) should be included for external systems to integrate with the ServiceNow instance during authentication. The user should have specific and limited privileges required only for integration.
Integration Users are created by selecting the Internal Integration User checkbox and setting it to true:
Navigate to All > User Administration > Users.
Select the user account for the MID Server or ODBC Driver.
If the field is not visible on the record, proceed to configure the form to include the Internal Integration User field by adding it to the appropriate section via Form Layout.
Check the Internal Integration User box and Save.
Unlike the Internal Integration User, Web service access only ensures that the user's credentials can be shared with a third party wishing to consume their SOAP or REST endpoint. To configure it:
Navigate to All > User Administration > Users.
Select the user account for the MID Server or ODBC Driver.
If the field is not visible on the record, proceed to configure the form to include the Web service access only field by adding it to the appropriate section via Form Layout.
Check the Web service access only box and Save.