Domain Separation for ITSM Mobile Agent

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Separation for ITSM Mobile Agent

    Domain separation in ITSM Mobile Agent allows ServiceNow customers to logically segregate data, processes, and administrative tasks into distinct domains. This separation controls user access and visibility at a granular level, ensuring that data resides within the appropriate service provider’s domain. The feature supports runtime domain separation across user interface, caching, reporting, and data aggregation, enabling multi-tenant functionality.

    Show full answer Show less

    Key Features

    • Data Isolation: Data is separated by domain using company or account fields, each linked to a single domain, ensuring records are created and accessed within the correct domain context.
    • Mobile UI Integration: The mobile interface clearly shows the domain association of records, reinforcing domain visibility for mobile users.
    • Access Controls: Users see and interact only with records within their domain or domains they have permissions for. ITIL users in parent domains can access child domain data, while users with multiple domain access will have record behavior driven by the domain specified in the current record.
    • Supported Tables: Incident and Incident Task tables support domain separation, controlling incident creation and visibility based on domain affiliation.
    • Configuration: Domain separation must be enabled and configured on the platform web interface before extending functionality to mobile clients. Further mobile-specific setup requires coordination with Customer Service and Support.

    Key Outcomes

    • Service providers can confidently manage multi-tenant environments, ensuring tenant data confidentiality and appropriate access controls.
    • End users, such as ESS and ITIL users, experience domain-specific data visibility and interaction, aligned with organizational hierarchy and permissions.
    • Mobile users benefit from consistent domain separation behavior, with clear domain context on records and enforced access restrictions.
    • ServiceNow instances can support complex domain separation scenarios, including parent-child domain relationships, enhancing scalability and administration.

    This is an overview of domain separation and ITSM Mobile Agent. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.

    Support level - Basic

    • Business logic: Ensure that data goes into the proper domain for the application’s service provider use cases.
    • The application supports domain separation at run time. This includes domain separation from the user interface, cache keys, reporting, rollups, and aggregations.
    • The owner of the instance must set up the application to function across multiple tenants.

    Use case: When a service provider (SP) uses chat to respond to a tenant-customer’s message, the client must be able to see the SP's response.

    ITSM Mobile Agent overview

    The mobile platform supports domain separation for all native clients. The mobile UI design clearly indicates the domain that a record is associated with.

    Before extending the domain separation functionality to mobile, the feature must be enabled on the platform web-based interface. For further information on configuration, see Domain separation setup and administration.

    How domain separation works in mobile

    You can use the company or account fields to display appropriate records by domain. These fields are available in tables when the domain separation plugin is enabled. Because each company or account is linked to a single domain, when you create a record, you can use these fields to specify the domain in which you want to create the record.

    After the feature has been set up through the platform web-based interface, a two-part process is required to further extend the domain separation functionality on mobile. For additional information about configuring domain separation on mobile devices, contact Customer Service and Support.

    Domain separated tables

    • Incident [incident]
    • Incident Task [incident_task]

    Use cases

    • An ESS user belonging to “Initech” domain, creates an incident. Only those ITIL users belonging to “Initech” domain or global domain can see this incident.
    • An ITIL user belonging to a parent domain can see incidents of all its child domains as well.
    • An ITIL user belonging to a specific domain can create incidents only on behalf of the domains that they have access to.
    • An ITIL user can associate child incidents only of those domains that they have access to.
    • If a user has access to multiple domains, the domain specified on the current record drives the functionality of that record and reference fields.