Domain separation and Safe Workplace suite

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Separation and Safe Workplace Suite

    The Safe Workplace suite supports domain separation at a Basic level, allowing you to organize data, processes, and administrative tasks into distinct domains. This enables control over user access and visibility of data within each domain. Domain separation ensures proper data routing, caching, and aggregations while allowing instance owners to implement domain-specific business logic.

    Show full answer Show less

    Key Features

    • Core Applications: Safe Workplace applications include Contact Tracing, Health and Safety Testing, Emergency Outreach, and Emergency Exposure Management.
    • Domain Separation Plugin: Required for working with Safe Workplace application tables, enabling partitioning of data by domain.
    • Property Management: The snimtcoreproperty table allows for domain-specific property overrides, enhancing customization for each domain.
    • Scheduled Jobs: Jobs run independently for each domain, facilitated by the Domain Iterator feature, ensuring efficient data processing.
    • Parent-Child Domains: These applications do not support domains with sub-domains, preventing duplicate data processing.

    Key Outcomes

    By utilizing domain separation in the Safe Workplace suite, ServiceNow customers can effectively manage data privacy, streamline operations across multiple domains, and customize application settings to meet the specific needs of different user groups. This functionality is crucial for organizations aiming to enhance security and efficiency in their workplace management processes.

    The Safe Workplace suite applications support domain separation at the Basic level with the exception of Safe Workplace Dashboard.

    With domain separation, you can separate data, processes, and administrative tasks into logical groupings called domains. You can then control aspects in each domain, including what users can see or whether they can access the data.

    Domain separation support

    ServiceNow applications that support domain separation might support the separation of data and data routing only, have advanced business logic separation, or support customer-level administration of the application. ServiceNow applications are defined with incremental support levels from the perspective of actual use cases and the people who use them.
    • Basic
      • Data is domain-separated.
      • Logic exists to ensure proper data routing, caching, rollups, and aggregations.
      • Global configuration is operational for multiple tenants
    • Standard
      • Application properties are domain-aware as needed.
      • Business logic can be domain-separated by the instance owner per tenant.
    • Enhanced: Data-driven process enables failsafe configuration by tenants through the UI to drive business logic.

    For more detail on the support levels, see Application support for domain separation.

    How domain separation works in Safe Workplace applications

    The following applications use the Safe Workplace domain table:
    • Contact Tracing
    • Health and Safety Testing
    • Emergency Outreach (Daily Contact Logs, Privacy Consent, and Privacy Consent (common))
    • Emergency Exposure Management

    Admins must install the Domain separation pluginbefore working with these application tables. Most of those tables contain a sys_domain field so they are able to be domain-separated if they have data that needs to be partitioned by domain.

    • Core domain table: Included in the Safe Workplace plugin is an sn_imt_core_domain table. Domains in this table are iterated when scheduled jobs run.
    • Property table: The sn_imt_core_property table extends the sys_properties table and adds a sys_domain field. Adding that field allows sys_properties values to be overridden for a domain.
    Note:
    Values are handled differently for password2​ fields than for other property types. Therefore, the value displays as blank in the domain-separated properties list view.

    The following tables do not have the sys_domain field:

    • app-imt-checkin
      • sn_imt_checkin_outreach_sysauto_script (extends sysauto_script)
      • sn_imt_checkin_response_criteria
      • sn_imt_checkin_response_option_for_health
      • sn_imt_checkin_response_option_survey
      • sn_imt_checkin_response_script
    • app-imt-diagnosis: task_compliance_result
    • app-imt-tracing
      • sn_imt_tracing_wifi_access_register_job
      • sn_imt_tracing_wifi_access_register_stage
    • app-imt-core: sn_imt_core_sysauto_script (extends sysauto_script)

    Scheduled jobs in applications with this level of domain separation run separately for each domain in the table. Scheduled jobs use the core table as the domain source table, and the Domain Iterator check box is automatically enabled by default when domain separation is installed. When the Domain Iterator option is enabled, the job can run in multiple domains.

    The Domain Source Table value is also set to Safe Workplace Domains by default. If you don't see the tables, verify that the Domain Iterator and Safe Workplace Domains settings are selected, and refresh the instance.
    Figure 1. Domain iterator option selected in the Employee Readiness Core Scheduled Script Execution form
    Domain iterator option selected in the Employee Readiness Core Scheduled Script Execution form.

    Parent-child domains

    Domains that also contain a sub-domain or “child” domain are not supported in these applications. Running a job in a parent domain that has a child would mean running the job twice and thus processing the data more than once. You could add a parent domain or add just the child domain but not both.

    Working with domain-separated properties in the Safe Workplace Suite

    When the Domain separation plugin is installed and you navigate to the Properties page in any of the four Safe Workplace domain-separated applications, their properties do not display by default. You must override properties for a domain before they appear in the list.
    Figure 2. Domain-separated properties list with no properties displaying
    Domain-separated properties list with no properties displaying.
    To display the properties, click New on the Properties page. In the form that creates a new domain-separated property, search in the reference field for the property you would like to override. Enter a specific prefix to narrow your search:
    • sn_imt_core for Employee Readiness Core
    • sn_imt_diagnosis for Emergency Exposure Management
    • sn_imt_health_testing for Health and Safety Testing
    • sn_imt_tracing for Contact Tracing
    Figure 3. Entering a prefix in the Property field to narrow the search
    Entering a prefix in the Property field to narrow the search.
    The properties display with a full description of the overrides.
    Figure 4. System Properties list showing the property overrides
    System Properties list showing the property overrides.
    After you create your domain-separated property override, the form displays the domain-separated properties.
    Figure 5. List showing the domain-separated properties
    List showing the domain-separated properties.

    You can navigate back to the record form by selecting a property name in the list.

    Property functions

    Learn more about how these properties function in the following topics: