AI Service Graph Connector for Snowflake

  • Release version: Australia
  • Updated May 1, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Service Graph Connector for Snowflake

    The AI Service Graph Connector for Snowflake enables ServiceNow customers to discover and import AI assets from their Snowflake environment directly into the ServiceNow AI Control Tower. This integration catalogs AI systems, agents, models, and prompts from Snowflake, while automatically collecting usage data to populate the AI Control Tower’s value dashboard for enhanced visibility and governance over AI operations.

    Show full answer Show less

    Key Features

    • Automated discovery of Cortex agents and AI models deployed in Snowflake.
    • Monitoring of fine-tuning jobs and capturing relevant metadata.
    • Tracking AI asset lineage and dependencies for comprehensive management.
    • Usage analytics and session monitoring integrated with AI Control Tower.
    • Integration with the ServiceNow Configuration Management Database (CMDB) to manage AI assets alongside other enterprise IT assets.
    • Support for managing multiple Snowflake accounts within a single ServiceNow instance.

    Prerequisites and Setup

    ServiceNow Requirements

    • Roles required: snaidisc.discoveryadmin and sncmdbintutil.sgcadmin.
    • One-time configuration steps include updating data source access permissions to allow creation and modification, and clearing cache for data source and table information using a provided background script.

    Snowflake Environment Configuration

    • Network policies must allow outbound connections from ServiceNow instance IP addresses to Snowflake.
    • Snowflake account identifiers in the connector URL must use lowercase-digit-hyphen (LDF) format or the account locator to ensure compatibility.
    • Create a dedicated Snowflake service account with least-privilege access and assign a custom role with specific privileges needed for AI asset discovery and observability:
      • Grant usage on target database and schema.
      • Grant Cortex-related privileges including MANAGE ACCOUNTS and database role SNOWFLAKE.CORTEXUSER.
    • Configure JWT key-pair authentication for secure connection between ServiceNow and Snowflake.

    Data Mapping and Asset Management

    The connector imports Snowflake AI asset data into ServiceNow by mapping data sources to staging and target CMDB tables for unified asset management:

    • Snowflake Agents: Data is staged in snaidiscsgcsnosgcsnowflakeagents and mapped to CMDB CI classes such as cmdbcifunctionai, almaisystemdigitalasset, almaimodeldigitalasset, and others related to AI models and prompts.
    • Snowflake Usage: Usage data is staged in snaidiscsgcsnosgcsnowflakeusage and mapped to snaidiscaiusage for analytics and monitoring.

    Expected Outcomes

    By deploying this connector, ServiceNow customers gain:

    • End-to-end visibility of AI assets running in Snowflake within their ServiceNow AI Control Tower environment.
    • Comprehensive governance and lifecycle management of AI models, agents, and related components.
    • Automated collection and analysis of AI usage data for better operational insights.
    • Streamlined AI asset management through integration with existing CMDB infrastructure.

    The AI Service Graph Connector for Snowflake enables you to discover and import AI assets from your Snowflake environment into ServiceNow AI Control Tower.

    The connector integrates with your Snowflake account to catalog AI systems, agents, models, and prompts. Usage data is automatically collected and populated into the AI Control Tower value dashboard, providing comprehensive visibility and governance of your AI operations.

    Key Capabilities:
    • Automated discovery of Cortex agents and models
    • Fine-tuning job monitoring and metadata capture
    • AI asset lineage and dependency tracking
    • Usage analytics and session monitoring
    • Integration with ServiceNow CMDB for comprehensive asset management
    • Support for multi-account Snowflake deployments

    Download apps from the Store

    Visit the ServiceNow store website to download the AI Service Graph Connector for Snowflake application.

    Supported ServiceNow versions

    Release Status
    Australia Supported
    Zurich Supported

    User Roles

    You must have one of the following roles assigned.

    Required Roles
    sn_ai_disc.discovery_admin
    sn_cmdb_int_util.sgc_admin

    ServiceNow Prerequisites

    Complete the following setup steps once when configuring the connector for the first time.

    Note:
    Updating data source access and clear cache is a prerequisite that needs to be completed only once, when setting up a new instance for the first time.
    Update Data Source Access

    The connector requires write permissions to the Data Source table to create data sources.

    To enable data source creation:
    1. Select Global from the application picker.
    2. Navigate to Application Access.
    3. Select the Can create, Can update, and Can delete checkboxes.
    4. Select Update.
    5. Switch to the connector application scope.
    Clear cache

    Clear the cached data for the Data Source and Tables.

    To clear the cache:
    1. Navigate to System Definition > Background Scripts
    2. Paste the following script into the Run Script text box:
      GlideTableManager.invalidateTable('sys_data_source');
GlideCacheManager.flushTable('sys_data_source');
GlideTableManager.invalidateTable('sys_db_object');
GlideCacheManager.flushTable('sys_db_object');
    3. Select Run Script.
      Note:
      The script may take several minutes to complete.
    4. After completion, switch to the connector application scope.

    Snowflake Prerequisites

    Complete the following configuration steps in your Snowflake environment before creating a connection.

    Network Configuration
    Note:
    The outbound integration IP addresses for your ServiceNow instance must be allowed in your Snowflake network policies. See the How to find IP address and datacenter information for your instance [KB0538621] article in the Now Support Knowledge Base.
    Account Identifier Format
    Note:
    The Snowflake Statements API requires account identifiers in LDF (Lowercase-Digit-Hyphen) format in the connection URL. Account identifiers with uppercase letters or special characters must be converted to lowercase or replaced with the account locator.

    Use the following format for your connection URL: https://<account_locator>.snowflakecomputing.com and don't use this format: https://<account_identifier>.snowflakecomputing.com.

    If your account identifier contains uppercase letters or special characters, use your account locator (for example, xy12345) instead. Your account locator is always LDF-safe.

    Service Account and Role Configuration

    Create a dedicated service account in Snowflake with least-privilege access. The connector requires specific permissions to query Cortex agents, models, and observability data.

    Create a Role with Required Privileges

    Create a new role for the connector and grant the following privileges:

    Core Discovery Access:

    • GRANT USAGE ON DATABASE <database_name>
    • GRANT USAGE ON SCHEMA <schema_name>
    Cortex access
    • GRANT MANAGE ACCOUNTS
    • GRANT DATABASE ROLE SNOWFLAKE.CORTEX_USER
    Create a Service Account

    Create a service account user and assign the connector role:

    • CREATE USER <service_account_name> TYPE=SERVICE
    • GRANT ROLE <connector_role> TO USER <service_account_name>
    • ALTER USER <service_account_name> SET DEFAULT_WAREHOUSE = <warehouse_name>
    Configure JWT Key-Pair Authentication

    The connector uses JWT key-pair authentication to securely connect to Snowflake.

    For detailed steps on generating RSA key pairs and configuring key-pair authentication in Snowflake, see the Configuring Keystore for Snowflake Keypair authentication [KB2834688] article in the Now Support Knowledge Base.

    Data Mapping

    The connector maps Snowflake AI assets to ServiceNow CMDB tables and custom tables for comprehensive asset management.

    .

    Data Source Staging Table Target CMDB Tables
    Snowflake Agents sn_ai_disc_sgc_sno_sgc_snowflake_agents

    cmdb_ci_function_ai, alm_ai_system_digital_asset, alm_ai_model_digital_asset, sn_ai_disc_ai_usage
    Snowflake Usage sn_ai_disc_sgc_sno_sgc_snowflake_usage sn_ai_disc_ai_usage

    Snowflake Service Account Role with Least Privileges

    Create a role and set the privileges.

    Set Privileges:
    • Core discovery access
      • Grant usage on database
      • Grant usage on schema
    • Cortex access
    • Grant manage accounts
    • Grant database role (SNOWFLAKE.CORTEX_USER)
    Create a service account user and assign the role to the user.
    • Applies to the user
    • Grant role to the user
    • Set a default warehouse for the user
    • Alter user is to SET DEFAULT_WAREHOUSE

    Data Mapping

    The following table lists the data sources, the staging tables, and the target tables CMDB CI classes and non-CMDB classes where data is stored for Snowflake connector.

    Data Source Import Set Table Target Table(s)
    SG-Snowflake Agents sn_ai_disc_sgc_sno_sgc_snowflake_agents

    cmdb_ci_function_ai

    cmdb_ci_ai_model_deployment

    cmdb_ai_model_product_model

    cmdb_ai_dataset_product_model

    cmdb_ai_prompt_product_model

    cmdb_ai_system_component_product_model

    alm_ai_model_digital_asset

    alm_ai_dataset_digital_asset

    alm_ai_system_digital_asset

    cmdb_ci_ai_model_deployment

    cmdb_rel_ci

    sn_ai_disc_ai_lineage

    sn_ai_disc_ai_tool

    sn_ai_disc_ai_prompt

    sn_ai_disc_ai_usage

    sn_ent_ai_system_subcomponent_m2m
    SG-Snowflake Usage sn_ai_disc_sgc_sno_sgc_snowflake_usage sn_ai_disc_ai_usage