Configuring Cloud Account Management

  • Release version: Yokohama
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Cloud Account Management

    Configuring Cloud Account Management in ServiceNow involves specific setup steps for AWS and Azure environments before creating and provisioning cloud service accounts. These configurations enable centralized management, security enforcement, cost optimization, and streamlined provisioning workflows tailored to each cloud provider.

    Show full answer Show less

    Key Features

    • AWS Configuration: Includes setting up a root email alias for streamlined account management, creating an AWS IAM user for ServiceNow integration, enabling account suspension via Service Control Policies, and optionally configuring Terraform or a cloud native interface for provisioning. Additional steps involve populating dependent tables for cloud discovery, setting up provisioning modes, configuring scan settings for data visualization, managing group memberships for access control, and reviewing certification and request policies.
    • Azure Configuration: Focuses on setting up account suspension permissions through OAuth credentials, establishing an Azure Service Principal credential for suspension and termination actions, and optionally configuring a cloud native interface. Similar to AWS, it involves populating dependent tables from Azure cloud discovery, configuring scans for visualization, managing group memberships, and reviewing certification policies.

    Key Outcomes

    • Centralized and Secure Cloud Account Management: By setting up shared email aliases, IAM users (AWS), and service principals (Azure), customers achieve efficient, secure management across multiple cloud accounts.
    • Flexible Provisioning: Supports multiple provisioning modes including Terraform and cloud native interfaces, allowing customers to select the approach that best fits their operational model.
    • Governance and Compliance: Default certification policies automate periodic certification of cloud accounts, and request policies enforce consistent workflows and data checks during account provisioning.
    • Access Control and Security: Assigning members to appropriate groups ensures proper permissions for account request, approval, provisioning, and certification processes, reducing unauthorized access risks.
    • Data Visualization and Monitoring: Scan configurations enable visualization of account compliance and policy violations, supporting ongoing governance and optimization.

    Configuring the Cloud Account Management application involves a set of required tasks, integrations, and setups to be completed before initiating service account creation and provisioning.

    The steps involved are different for AWS and Azure. These configurations are listed in the following tables.

    Table 1. Configuration steps for AWS
    No. Task Task Owner Impacted Feature Input Output Purpose
    1

    Set up and verify root email in AWS

    		 Email admin Create an account None Email Alias A single AD email across multiple AWS accounts streamlines management, enhances security, and boosts collaboration.
    2

    Set up an Identity Access Manager account for a ServiceNow user in AWS

    		 AWS admin All features None

    AWS Access Key

    AWS Secret Key

    		 A centralized IAM user in the management account efficiently manages multiple AWS accounts via a CloudFormation template.
    3

    Set up suspension of an AWS account using service control policy

    		 AWS admin Account suspension None SCP Policy ID Adding an account number to the AWS organization's Service Control Policy blocks the creation of new resources and helps prevent overspending, while existing resources remain unaffected.
    4

    Setting up Terraform and GitHub

    Note:
    This step isn’t required if cloud native interface is used for provisioning the account.

    Terraform admin

    DevOps admin

    		 Create an account for AWS

    AWS Access Key

    AWS Secret Key

    Terraform API Key Token

    Terraform OAuth Token ID

    Terraform Org

    VCS Identifier

    Terraform URL

    		 GitHub templates deployed to Terraform Cloud or Enterprise streamline account creation and promote consistent configurations.
    5
    Create a cloud native interface account configuration
    Note:
    This step isn’t required if Terraform is used for provisioning the account.
    		 ServiceNow AI Platform admin Create an account for Cloud Native Interface None None No additional procedure is needed for cloud native interface. You can proceed to Install Cloud Workspace.
    6

    Populate Cloud Account Management dependent tables

    		 ServiceNow AI Platform admin All features Discovery Credentials

    Cloud Organization

    AWS Org Unit

    Cloud Service Account

    		 Cloud Discovery or Service Graph Connector for AWS to import cloud organization structures and create subscription accounts.
    7

    Provisioning modes for Cloud Account Management in Cloud Workspace

    		 ServiceNow AI Platform admin Create an account

    Email Alias

    Terraform Cloud API Key Token

    Terraform Cloud OAuth Token ID

    Terraform Cloud Org

    VCS Identifier

    		 None Streamline provisioning with flexible modes like Terraform and cloud native interface, centralizes management, enhances security, optimizes costs, and improves governance.
    8

    Set up scan configuration for data visualization

    		 ServiceNow AI Platform admin Visualization None None Data visualization requires scanning all account violations based on the policy set.
    9

    Add members to the group

    		 ServiceNow AI Platform admin All features None None Confirm that members are assigned to the correct group for them to perform the account request, approval, provisioning, and certification process. Assign members to the correct groups for proper permissions, helping prevent unauthorized access and promoting security.
    10

    Creating configurations

    		 Cloud Workspace admin All features None None Configure before creating, suspending, or scanning accounts.
    11

    Review default Cloud Account Management certification policy

    		 Cloud Workspace admin All features None None Certify all cloud service accounts either created or boarded after discovery can be certified. The admin can also customize the default policy or create a policy. The default policy helps to certify all the available cloud service accounts once every 90 days.
    12

    Review request policies

    		 Cloud Workspace admin All features None None

    Request Policies are rules that govern the behavior of request workflows by applying data checks and conditions. Regularly reviewing and updating these policies confirms that your cloud account request process remains consistent with the procedure for creating cloud subscription accounts.
    Table 2. Configuration steps for Azure
    No. Name Task Owner Impacted feature Input Output Purpose
    1

    Configure account suspension in Azure

    		 Azure admin Account suspension None

    OAuth Client ID

    OAuth Client Secret

    Tenant ID

    		 Configure the permission and assign the permission to a user who suspends or reactivates the account.
    2

    Set up Azure Service Principal credential

    		 ServiceNow AI Platform admin All features

    OAuth Client ID

    OAuth Client Secret

    Tenant ID

    		 None Provide the Azure credentials obtained from your Azure administrator. These credentials are used to create a suspension profile and enables you to suspend temporarily or terminate Azure accounts as needed.
    3
    Create a cloud native interface account configuration
    Note:
    This step isn’t required if Terraform is used for provisioning the account.
    		 ServiceNow AI Platform admin Create an account for Cloud Native Interface None None No additional procedure is needed for cloud native interface. You can proceed to Install Cloud Workspace.
    4

    Populate Cloud Account Management dependent tables

    		 ServiceNow AI Platform admin All features Discovery Credentials

    Cloud Organization

    Azure Management Group

    Cloud Service Account

    		 Cloud Discovery import cloud organization structures and create subscription accounts.
    5

    Set up scan configuration for data visualization

    		 ServiceNow AI Platform admin Visualization None None Data visualization requires scanning all account violations based on the policy set.
    6

    Add members to the group

    		 ServiceNow AI Platform admin All features None None Confirm that members are assigned to the correct group for them to perform the account request, approval, provisioning, and certification process. Assign members to the correct groups for proper permissions, helping prevent unauthorized access and promoting security.
    7

    Creating configurations

    		 Cloud Workspace admin All features None None Configure before creating, suspending, or scanning accounts.
    8

    Review default Cloud Account Management certification policy

    		 Cloud Workspace admin All features None None Certify all cloud service accounts either created or boarded after discovery can be certified. The admin can also customize the default policy or create a policy. The default policy helps to certify all the available cloud service accounts once every 90 days.