Notifications on tool credential expiration

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Notifications on tool credential expiration

    ServiceNow DevOps Change Velocity sends notifications to tool users when tool credentials expire or are about to expire, specifically for GitHub tools using basic authentication. This proactive alerting helps users with appropriate roles update credentials promptly, preventing data loss and tool disconnection.

    Show full answer Show less

    Notification Types and Roles

    • Universal task: Automatically assigned to users with the sndevops.toolowner role in user groups specified in the Maintained by field, and to users with the sndevops.admin role. Notifications for this task appear as in-app alerts (bell icon), emails, and an open task in the workspace home page.
    • Banner message: Displayed on the tool record for all users with access, indicating credential expiration.
    • Field message: For GitHub tools using basic auth, a message appears on the Credentials expiration field in the tool record during proactive expiration notifications.

    Important Details and Configuration

    • Only users with the sndevops.toolowner or sndevops.admin roles can update tool credentials.
    • The system checks credential expiration every hour; notifications may take up to one hour to be sent after expiration.
    • For GitHub tools with basic auth, notifications are sent proactively before expiration. The advance notification period is configurable via the property Number of days before tool credential expiry to assign a universal task and notify, which defaults to 3 days. Setting this property to 0 disables proactive notifications.
    • To stop notifications after credential expiration, disable the property Assign a universal task and notify to update tool credentials when expired.

    Actions for Users

    When notified, users can select the Update credentials link in the notification to renew credentials. After updating, users must reconnect the tool to resume data collection.

    Notifications are sent to tool users on expiration of tool credentials to alert them. Notifications are also sent proactively before the expiration of tool credentials for GitHub tools created with basic authentication. This enables tool users with the sn_devops.tool_owner or sn_devops.admin roles to update the tool credentials and prevent any loss of data.

    A universal task is created and assigned to users with the sn_devops.tool_owner role who are part of any user group specified in the Maintained by field, and any user with the sn_devops.admin role. They will be notified of the universal task through notification (in the bell icon), email, and an open task in the workspace home page.

    Maintained by field in the tool record

    Notifications are also displayed in the tool record in the form of a banner message to any user with access to the tool when the tool credentials expire. But the credentials can be updated only by users with the sn_devops.tool_owner or sn_devops.admin role.

    The credentials expiration check happens in the system every one hour. If your tool credentials have expired, it might take a maximum of one hour for the system to send notifications.

    For GitHub tools created with basic auth, notifications are also sent proactively before the expiration of tool credentials. Apart from the universal task and banner notification, a field message is also displayed in the case of proactive expiration notifications. You can set the number of days before which expiration notifications must be sent in the Number of days before tool credential expiry to assign a universal task and notify (if applicable) property. By default, it is set to 3 days. To stop sending proactive notifications, select 0 as the value for this property. Properties to configure notifications on tool credential expiry

    If you want to stop sending notifications for expired credentials after expiry, disable the Assign a universal task and notify to update tool credentials when expired property. For more information, see DevOps Change Velocity properties.

    The following types of notifications are sent:

    Universal task
    A universal task is created and notifications are sent to users with the sn_devops.tool_owner role who are part of any user group specified in the Maintained by field, and any user with the sn_devops.admin role.

    Bell notifications on credentials expiration

    Email notification on credential expiration

    Open task on landing page on credential expiration

    Banner message
    A banner message is displayed on the tool record to all users with access to the tool record.

    Banner notification on credential expiration

    Field message
    A field message is displayed on the Credentials expiration field in the tool record for a GitHub tool created with basic auth.

    Proactive field notification before credential expiration

    When the credentials of your tool expire, the tool gets disconnected. You can select the Update credentials link in the notifications, and update your tool credentials. After the credentials are updated, connect to the tool again to start receiving data. For information on updating tool credentials, see Update third-party tool credentials in DevOps Change Velocity.