Set up a ServiceNow instance for CPQ integration

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • Set up a ServiceNow instance, generate a JSON Web Token (JWT), and authenticate API calls to Logik.ai.

    Before you begin

    Role required: admin

    Procedure

    1. Validate that the CPQ Integration application is installed on your ServiceNow instance by doing the following:
      1. Navigate to https://<service_instance_url>/oauth_entity.do?sys_id=3b119df83b566210a0c0989e53e45a15
      2. Check that the Logik.AI Admin UI Application Registry exists with a ClientID and secret.
        This information is used later.
    2. In a directory on your local machine, generate the private and public certificates by using the openssl tool, then use keytool to convert the certificate from PKCS to JKS format.
      1. Create the private key by using the command openssl genrsa -out private.key 2048.
        The key is created in the current folder in a file named private.key.
      2. Create a self-signed certificate that uses the private key by entering: openssl req -new -x509 -key private.key -out publickey.cer -days 3650
        You’re prompted to enter information that is included in your certificate request. The certificate, named publickey.cer, contains the public key derived from the private key and metadata, such as subject and issuer. The certificate is digitally signed using the private key.
      3. Create a PKCS#12 keystore file (a .p12 file) by using the command openssl pkcs12 -export -in publickey.cer -inkey private.key -out keystore.p12 -name "<cert_name>".
        This keystore file bundles the signed certificate and private key together and sets the alias for the key+cert entry in the keystore. The file is encrypted using a password (also called the export password). This password is required to import and export the certificate.
      4. Convert the .p12 (PKCS#12) keystore file to .jks (Java KeyStore) format by using the command keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore keystore.jks.
        • You’re prompted for the export password from step 2c to read the private key and certificate from the .p12 file.
        • You’re prompted to enter a new key store password to protect the JKS keystore file. Record and retain this password for later, since it’s required to set up the ServiceNow instance.
    3. In the ServiceNow instance, login in as admin and do the following:
      1. Set CPQ Integration as the current scope by using the scope selection menu icon in the Unified Navigation menu.
      2. In the navigation filter, enter sys_properties.list and open the glide.security.file.mime_type.validation system property.
        Set the Value to false, then select Submit.
      3. Navigate to https://<service_instance_url>/sys_certificate.do?sys_id=90b3439e2beeea1001bff246f291bf4b and do the following:
        • Attach the keystore.jks file created in Step 2d to the Certificate record. Enter the key store password from step 2d in the Key store password field.
        • Select Active.
        • Save the certificate.
        • (Optional). Validate the certificate using the Related Link for the K509 Certificate.
      4. Navigate to https://<service_instance_url>/jwt_keystore_aliases.do?sys_id=3ab40bde2beeea1001bff246f291bfc8.
        Enter the Key Store Password from Step 2d as the Signing Key and save the record.
      5. In the navigation filter, enter sys_properties.list and open the glide.security.file.mime_type.validation system property.
        Set the Value to true, then select Submit.
        Note:
        Step 3 must be repeated whenever CPQ integration is reinstalled.
    4. Set up API authentication by creating the integration user roles included with the Sales Customer Relationship Management applications:
      1. Create an integration user.
        • Navigate to All > System Security > Users and Groups > Users.
        • Create a new user by selecting New.
        • Enter the UserID, First name, and Last name.
        • Select Submit
        • Open the user record, and in the Role tab, select Edit.
        • Add the following roles:
          • snc_internal
          • sn_sales_common.sales_agent
          • sn_csm_pricing.pricing_integrator
          • sn_prd_pm_adv.catalog_integrator
          • sn_quote_mgmt_core.quote_integrator
          • sn_ind_tmt_orm.order_integrator
          • sn_opty_mgmt_core.opportunity_integrator
          • sn_sales_cart.cart_integrator
        Note:
        If roles are missing, an app may have failed to properly install. Navigate to the app manager, select the app associated with the missing role, and click Repair.
      2. Navigate to: https://<service_instance_url>/oauth_entity_list.do?sysparm_query=sys_id=99a63a9e2baeea1001bff246f291bf57
    5. Personalize the list view to add the OAuth Application User column.
      Use the Update Personalized List icon.
      1. In the list view, double-click the OAuth Application User field to edit it.
      2. Set the user created in Step 4a as the OAuth Application User in the Logik.ai API record.
        If you can't modify this field, verify that you're in the correct scope (CPQ Integration).
      3. Open this Logik.ai API record.
      4. Select Active and save the record.
      5. Switch to the global scope.
      6. Create a new system property.
        • In the navigation filter, enter sys_properties.list.
        • Select New.
        • Enter the property name glide.oauth.inbound.client.credential.grant_type.enabled.
        • Select the edit icons for Read Roles and Write Roles and select admin for each.
        • Set the Value to true.
        • Select Update.