Skip to main content
Question

ServiceNow Integration Test Connectivity Failing - User Not Authorized

  • June 16, 2026
  • 1 reply
  • 8 views
vanitharaj1208
Forum|alt.badge.img+16

Hi All,

I am configuring the ServiceNow integration in Google SecOps / Chronicle SOAR, and the Test Connectivity action is failing with the following error:

Exception: User Not Authorized
----------------- Main - Finished -----------------
status: 2
result_value: False
output_message: Connection Failed. Error is User Not Authorized

From the logs, the integration appears to be trying to access the incident table using:

GET https://<masked-instance>.service-now.com/api/now/v1/table/incident?sysparm_limit=1

The response is:

403 Client Error: Forbidden

My current configuration is:

API Root: https://<masked-instance>.service-now.com/api/now/v1/
Incident Table: incident
Authentication: <Basic/OAuth>
Integration Version: ServiceNow V58.0

The credentials seem to be accepted, but the user appears to be blocked by permissions, roles, or ACLs when trying to read the incident table.

Has anyone faced this issue before? Which ServiceNow roles or ACLs are required for the integration user to successfully pass Test Connectivity?

Any guidance would be appreciated.

Thanks!

 

chica

    1 reply

    GromeroSec
    Forum|alt.badge.img+5
    • GromeroSecBronze 2
    • Bronze 2
    • June 16, 2026

    Hi Vanitharaj, as the problems seems clearly to be derived from permissoms from the service now side, you can find what you are looking for at: https://docs.cloud.google.com/chronicle/docs/soar/marketplace-integrations/servicenow

     

     

    https://medium.com/@gromerosec
      Terms & ConditionsAccessibility statement
      Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

      © 2025 Google. All rights reserved.