Notifications on tool credential expiration

  • Release version: Xanadu
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Notifications on tool credential expiration

    This feature ensures that ServiceNow DevOps customers receive timely notifications when tool credentials expire or are about to expire, specifically addressing tools like GitHub created with basic authentication. The notifications help tool users proactively update credentials, preventing tool disconnection and data loss.

    Show full answer Show less

    Key Features

    • Targeted Notification Recipients: Notifications are sent to users with the sndevops.toolowner role within user groups specified in the "Maintained by" field, and all users with the sndevops.admin role.
    • Universal Task Creation: A universal task is automatically created and assigned to notify relevant users, appearing as a task in the workspace home page, via email, and the notification bell icon.
    • Multiple Notification Types: Notifications include universal tasks, banner messages visible on the tool record for all users with access, and for GitHub tools with basic auth, field messages on the Credentials expiration field.
    • Credential Expiration Checks: The system performs expiration checks every hour, which means notifications may take up to one hour to be sent after expiration.
    • Proactive Notifications: For GitHub tools using basic authentication, notifications are sent proactively before credential expiration to allow time for updates.
    • Configurable Notification Timing: Customers can configure how many days before expiration proactive notifications are sent by adjusting the "Number of days before tool credential expiry to assign a universal task and notify" property (default is 3 days). Setting this to 0 disables proactive notifications.
    • Disable Notifications Option: Customers can disable notifications for expired credentials by toggling the "Assign a universal task and notify to update tool credentials when expired" property.

    Practical Use and Outcomes

    When credentials expire, the tool disconnects, and users are prompted via notifications to update credentials. Only users with the sndevops.toolowner or sndevops.admin roles can update credentials. After updating, reconnecting the tool restores data flow.

    This notification system helps customers maintain uninterrupted tool integrations, avoid data loss, and streamline credential management by providing clear, role-specific alerts and actionable tasks.

    Notifications are sent to tool users on expiration of tool credentials to alert them. Notifications are also sent proactively before the expiration of tool credentials for GitHub tools created with basic authentication. This enables tool users with the sn_devops.tool_owner or sn_devops.admin roles to update the tool credentials and prevent any loss of data.

    A universal task is created and assigned to users with the sn_devops.tool_owner role who are part of any user group specified in the Maintained by field, and any user with the sn_devops.admin role. They will be notified of the universal task through notification (in the bell icon), email, and an open task in the workspace home page.

    Maintained by field in the tool record

    Notifications are also displayed in the tool record in the form of a banner message to any user with access to the tool when the tool credentials expire. But the credentials can be updated only by users with the sn_devops.tool_owner or sn_devops.admin role.

    The credentials expiration check happens in the system every one hour. If your tool credentials have expired, it might take a maximum of one hour for the system to send notifications.

    For GitHub tools created with basic auth, notifications are also sent proactively before the expiration of tool credentials. Apart from the universal task and banner notification, a field message is also displayed in the case of proactive expiration notifications. You can set the number of days before which expiration notifications must be sent in the Number of days before tool credential expiry to assign a universal task and notify (if applicable) property. By default, it is set to 3 days. To stop sending proactive notifications, select 0 as the value for this property. Properties to configure notifications on tool credential expiry

    If you want to stop sending notifications for expired credentials after expiry, disable the Assign a universal task and notify to update tool credentials when expired property. For more information, see DevOps Change Velocity properties.

    The following types of notifications are sent:

    Universal task
    A universal task is created and notifications are sent to users with the sn_devops.tool_owner role who are part of any user group specified in the Maintained by field, and any user with the sn_devops.admin role.

    Bell notifications on credentials expiration

    Email notification on credential expiration

    Open task on landing page on credential expiration

    Banner message
    A banner message is displayed on the tool record to all users with access to the tool record.

    Banner notification on credential expiration

    Field message
    A field message is displayed on the Credentials expiration field in the tool record for a GitHub tool created with basic auth.

    Proactive field notification before credential expiration

    When the credentials of your tool expire, the tool gets disconnected. You can select the Update credentials link in the notifications, and update your tool credentials. After the credentials are updated, connect to the tool again to start receiving data. For information on updating tool credentials, see Update third-party tool credentials in DevOps Change Velocity.