Domain separation and the Walk-up Experience application

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain separation and the Walk-up Experience application

    Domain separation in the Walk-up Experience application allows ServiceNow customers to logically separate data, processes, and administrative tasks into distinct domains for multi-tenant environments. This ensures that users can only access data and configurations relevant to their domain, supporting data security and operational segregation. The application supports domain separation at a basic level, focusing on runtime data segregation, user interface filtering, caching, reporting, and interaction management. However, domain separation is limited by the Service Portal platform, which does not support domain separation itself, though the application’s portal pages filter data based on user domain.

    Show full answer Show less

    Key Features

    • Walk-up Location Queues: These queues are domain-separated to restrict end-user access to queues within their domains. Each queue’s domain is set via the wulocationqueue table’s Domain field.
    • Interaction Records: Interaction tickets are created within the requester's domain, and agents can only see and work on interactions in their domain.
    • Management and Administration: Configuration of walk-up location queues is domain-specific, enabling domain managers and admins to manage only their domain’s configurations.
    • Service Portal Integration: Although Service Portal components cannot be domain separated, portal pages used by the Walk-up Experience filter and display data according to the user’s domain. Customers should build separate portals for each tenant to maintain separation.
    • Advanced Work Assignment: Routing conditions for work assignment must explicitly reference the queue’s domain to function correctly.
    • Domain-separated Tables: Key Walk-up Experience tables supporting domain separation include wulocationqueue, wureason, wum2mlocationqueuereason, wucontext, and interaction.

    Important Considerations

    • The appointment booking feature is not domain separated, meaning appointment data could be visible across domains in list views.
    • Walk-up administrators must configure location queues and related tables per domain to ensure proper data separation and user visibility.
    • Agents and admins can configure queues only within their domain, global domain, or within parent-child domain hierarchies.
    • Service Portal elements such as settings, portals, and widgets are shared across domains and cannot be domain separated, so separate portals per tenant are recommended.

    Practical Benefits for ServiceNow Customers

    By leveraging domain separation in the Walk-up Experience application, customers can securely manage multi-tenant service environments, ensuring that users and agents only see and interact with data pertinent to their domain. This supports compliance, data privacy, and efficient administration in shared ServiceNow instances. Additionally, configuring domain-aware queues and interactions helps streamline agent workflows and enhances tenant-specific service delivery.

    This is an overview of domain separation as it pertains to the Walk-up Experience application and how it relates to Service Portal pages, interaction queues, and configurations. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Basic

    • Business logic: Ensure that data goes into the proper domain for the application’s service provider use cases.
    • The application supports domain separation at run time. The domain separation includes separation from the user interface, cache keys, reporting, rollups, and aggregations.
    • The owner of the instance must set up the application to function across multiple tenants.

    Sample use case: When a service provider (SP) uses chat to respond to a tenant-customer’s message, the customer must be able to see the SP's response.

    For more information on support levels, see Application support for domain separation.

    Walk-up Experience overview

    Domain separation in the Walk-up Experience application is supported at the basic level. However, the application depends on the Service Portal, which is not supported for domain separation. Domain separation pertains to the Walk-up Experience application in the following ways:

    • Walk-up location queues support domain separation in order to define which end users can access each location queue.
    • The Interaction table supports standard domain separation for data security. Interaction tickets are opened for a specific domain.
    • Walk-up location queues and interactions support domain separation. Therefore, the agents also work within a domain-separated environment when addressing interaction tickets associated with a location queue.
    • Management and administration configurations reside in the walk-up location queue records. Therefore, those configurations are available to the respective domain managers and admins.
    • While the Service Portal pages are not domain separated, the Walk-up Experience application's portal pages retrieve data within the user’s specific domain. Therefore, those pages can be reused across different service portals designed and configured for separate domains. The admins must build each portal themselves.
    • The Domain field is available on the wu_location_queue table. Setting domain here ensures that the users only see queues that are a part of their domains during online check-in.
    • For Advanced Work Assignment routing to operate, each wu_location_queue must include a work item routing condition which explicitly adds a reference to the domain the queue is part of.
      Note:
      The appointment booking feature is not domain separated. Since Appointment [itil_appointment] table data is not domain separated, list views could reveal data across domains.

    How domain separation works in the Walk-up Experience application

    For this application to be most effective, walk-up administrators should configure walk-up locations accordingly. This is done by configuring the wu_location_queue record to meet the needs of requesters. Each domain configured to the location queue record has its own set of rules. The same applies to other tables within the Walk-up application as well.
    Note:
    Elements of the Service Portal platform such as settings, portals and widgets cannot be domain separated. However, the data within the widgets displays based on how the domain is configured. The recommended approach is to set up separate portals for each MSP customer.
    The elements of Service Portal that are used as part of the walk-up experience are as follows:
    • Portal (Walk-up)
    • Pages ( walkup_online_checkin, walkup_queue_on_site, walkup_home, walkup_survey, walkup_check_in )
    • Theme (Walk-up theme)
    • Widgets (Online check-in experience, walk-up queue on site, walk-up check-in, walk-up exit survey, walk-up home, walk-up schedule)

    To learn more, see Domain separation and Service Portal.

    For data separation, the Walk-up Experience application uses the domain of the walk-up requester to determine in which domain the requester data should be placed.

    • Requesters can check in only in locations for which they have visibility.
    • Requesters are able to select the reasons that belong only to their own domain.
    • Interaction records are created in the Requester’s domain.

    The application uses the domain of the walk-up agent or admin to determine which records are visible to the agent.

    • By domain separation rules, Agents can work only on interactions that are visible to them.
    • The agents are able to configure only walk-up location records that belong to their domain, are in the global domain, or have the parent-child hierarchy.
    • The same visibility rules apply for the Many to Many [wu_m2m_location_queue_reason]table that controls the mapping between a location and the reason.
    • The walk-up contexts records also have domain separation support. Thereby ensuring that the agents are able to view detailed information of the Requester only for the records that are visible by domain separation rules.

    Domain-separated tables

    As part of the Walk-up Experience, records in the following tables can be domain separated.

    • Walk-up location queues [wu_location_queue]
    • Walk-up reasons for visit [wu_reason]
    • Walk-up reasons [wu_m2m_location_queue_reason]
    • Walk-up contexts [wu_context]
    • Interactions [interaction]