diff --git a/docs/management/connectors/action-types/servicenow-itom.asciidoc b/docs/management/connectors/action-types/servicenow-itom.asciidoc index af231c327f955..3fd3682dc1ad9 100644 --- a/docs/management/connectors/action-types/servicenow-itom.asciidoc +++ b/docs/management/connectors/action-types/servicenow-itom.asciidoc @@ -10,10 +10,114 @@ The {sn} ITOM connector uses the https://docs.servicenow.com/bundle/rome-it-oper [float] [[servicenow-itom-connector-prerequisites]] ==== Prerequisites -Create an integration user in {sn} and assign it the following roles. +* Create a {sn} integration user and assign it the appropriate roles. +If you use open authorization (OAuth), you must also: + +* Create an RSA keypair and add an X.509 Certificate. +* Create an OAuth JWT API endpoint for external clients with a JWT Verifiers Map. + +[float] +===== Create a {sn} integration user + +To ensure authenticated communication between Elastic and {sn}, create a {sn} integration user and assign it the appropriate roles. + +. In your {sn} instance, go to *System Security -> Users and Groups -> Users*. +. Click *New*. +. Complete the form, then right-click on the menu bar and click *Save*. +. Go to the *Roles* tab and click *Edit*. +. Assign the integration user the following roles:  * `personalize_choices`: Allows the user to retrieve Choice element options, such as Severity. * `evt_mgmt_integration`: Enables integration with external event sources by allowing the user to create events. +. Click *Save*. + +[float] +===== Create an RSA keypair and add an X.509 Certificate + +This step is required to use OAuth for authentication between Elastic and {sn}. + +*Create an RSA keypair:* + +. Use https://www.openssl.org/docs/man1.0.2/man1/genrsa.html[OpenSSL] to generate an RSA private key: ++ +-- +[source,sh] +---- +openssl genrsa -out example-private-key.pem 3072 +openssl genrsa -passout pass:foobar -out example-private-key-with-password.pem 3072 <1> +---- +<1> Use the `passout` option to set a password on your private key. This is optional but remember your password if you set one. +-- + +. Use https://www.openssl.org/docs/man1.0.2/man1/req.html[OpenSSL] to generate the matching public key: ++ +-- +[source,sh] +---- +openssl req -new -x509 -key example-private-key.pem -out example-sn-cert.pem -days 360 +---- +-- + +*Add an X.509 Certificate to ServiceNow:* + +. In your {sn} instance, go to *Certificates* and select *New*. +. Configure the certificate as follows: ++ +-- +* *Name*: Name the certificate. +* *PEM Certificate*: Copy the generated public key into this text field. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-certificate.png[Shows new certificate form in ServiceNow] +-- + +. Click *Submit* to create the certificate. + +[float] +===== Create an OAuth JWT API endpoint for external clients with a JWT Verifiers Map + +This step is required to use OAuth for authentication between Elastic and {sn}. + +. In your {sn} instance, go to *Application Registry* and select *New*. +. Select *Create an OAuth JWT API endpoint for external clients* from the list of options. ++ +-- +[role="screenshot"] +image::management/connectors/images/servicenow-jwt-endpoint.png[Shows application type selection] +-- + +. Configure the application as follows: ++ +-- +* *Name*: Name the application. +* *User field*: Select the field to use as the user identifier. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-application.png[Shows new application form in ServiceNow] + +IMPORTANT: Remember the selected user field. You will use this as the *User Identifier Value* when creating the connector. For example, if you selected *Email* for *User field*, you will use the user's email for the *User Identifier Value*. +-- + +. Click *Submit* to create the application. You will be redirected to the list of applications. +. Select the application you just created. +. Find the *Jwt Verifier Maps* tab and click *New*. +. Configure the new record as follows: ++ +-- +* *Name*: Name the JWT Verifier Map. +* *Sys certificate*: Click the search icon and select the name of the certificate created in the previous step. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-jwt-verifier-map.png[Shows new JWT Verifier Map form in ServiceNow] +-- + +. Click *Submit* to create the application. +. Note the *Client ID*, *Client Secret* and *JWT Key ID*. You will need these values to create your {sn} connector. ++ +-- +[role="screenshot"] +image::management/connectors/images/servicenow-oauth-values.png[Shows where to find OAuth values in ServiceNow] +-- [float] [[servicenow-itom-connector-configuration]] @@ -22,9 +126,16 @@ Create an integration user in {sn} and assign it the following roles. {sn} ITOM connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the **Stack Management** connector listing, and in the connector list when configuring an action. +Is OAuth:: The type of authentication to use. URL:: {sn} instance URL. Username:: Username for HTTP Basic authentication. Password:: Password for HTTP Basic authentication. +User Identifier:: Identifier to use for OAuth type authentication. This identifier should be the *User field* you selected during setup. For example, if the selected *User field* is *Email*, the user identifier should be the user's email address. +Client ID:: The client ID assigned to your OAuth application. +Client Secret:: The client secret assigned to your OAuth application. +JWT Key ID:: The key ID assigned to the JWT verifier map of your OAuth application. +Private Key:: The RSA private key generated during setup. +Private Key Password:: The password for the RSA private key generated during setup, if set. [float] [[servicenow-itom-connector-networking-configuration]] @@ -36,6 +147,7 @@ Use the <> to customize connecto [[Preconfigured-servicenow-itom-configuration]] ==== Preconfigured connector type +Connector using Basic Authentication [source,text] -- my-servicenow-itom: @@ -48,23 +160,51 @@ Use the <> to customize connecto password: passwordkeystorevalue -- +Connector using OAuth +[source,text] +-- + my-servicenow: + name: preconfigured-oauth-servicenow-connector-type + actionTypeId: .servicenow-itom + config: + apiUrl: https://example.service-now.com/ + usesTableApi: false + isOAuth: true + userIdentifierValue: testuser@email.com + clientId: abcdefghijklmnopqrstuvwxyzabcdef + jwtKeyId: fedcbazyxwvutsrqponmlkjihgfedcba + secrets: + clientSecret: secretsecret + privateKey: -----BEGIN RSA PRIVATE KEY-----\nprivatekeyhere\n-----END RSA PRIVATE KEY----- +-- + Config defines information for the connector type. `apiUrl`:: An address that corresponds to *URL*. +`isOAuth`:: A boolean that corresponds to *Is OAuth* and indicates if the connector uses Basic Authentication or OAuth. +`userIdentifierValue`:: A string that corresponds to *User Identifier*. Required if `isOAuth` is set to `true`. +`clientId`:: A string that corresponds to *Client ID*, used for OAuth authentication. Required if `isOAuth` is set to `true`. +`jwtKeyId`:: A string that corresponds to *JWT Key ID*, used for OAuth authentication. Required if `isOAuth` is set to `true`. Secrets defines sensitive information for the connector type. -`username`:: A string that corresponds to *Username*. -`password`:: A string that corresponds to *Password*. Should be stored in the <>. +`username`:: A string that corresponds to *Username*. Required if `isOAuth` is set to `false`. +`password`:: A string that corresponds to *Password*. Should be stored in the <>. Required if `isOAuth` is set to `false`. +`clientSecret`:: A string that corresponds to *Client Secret*. Required if `isOAuth` is set to `true`. +`privateKey`:: A string that corresponds to *Private Key*. Required if `isOAuth` is set to `true`. +`privateKeyPassword`:: A string that corresponds to *Private Key Password*. [float] [[define-servicenow-itom-ui]] ==== Define connector in Stack Management -Define {sn} ITOM connector properties. +Define {sn} ITOM connector properties. Choose whether to use OAuth for authentication. + +[role="screenshot"] +image::management/connectors/images/servicenow-itom-connector-basic.png[ServiceNow ITOM connector using basic auth] [role="screenshot"] -image::management/connectors/images/servicenow-itom-connector.png[ServiceNow ITOM connector] +image::management/connectors/images/servicenow-itom-connector-oauth.png[ServiceNow ITOM connector using OAuth] Test {sn} ITOM action parameters. diff --git a/docs/management/connectors/action-types/servicenow-sir.asciidoc b/docs/management/connectors/action-types/servicenow-sir.asciidoc index 81db72be0fb38..a3618d626d8be 100644 --- a/docs/management/connectors/action-types/servicenow-sir.asciidoc +++ b/docs/management/connectors/action-types/servicenow-sir.asciidoc @@ -16,7 +16,13 @@ After upgrading from {stack} version 7.15.0 or earlier to version 7.16.0 or late * Create a {sn} integration user and assign it the appropriate roles. * Create a Cross-Origin Resource Sharing (CORS) rule. -*Create a {sn} integration user* +If you use open authorization (OAuth), you must also: + +* Create an RSA keypair and add an X.509 Certificate. +* Create an OAuth JWT API endpoint for external clients with a JWT Verifiers Map. + +[float] +===== Create a {sn} integration user To ensure authenticated communication between Elastic and {sn}, create a {sn} integration user and assign it the appropriate roles.  @@ -32,7 +38,8 @@ To ensure authenticated communication between Elastic and {sn}, create a {sn} in * `x_elas2_sir_int.integration_user` . Click *Save*. -*Create a CORS rule* +[float] +===== Create a CORS rule A CORS rule is required for communication between Elastic and {sn}. To create a CORS rule: @@ -45,6 +52,94 @@ A CORS rule is required for communication between Elastic and {sn}. To create a . Go to the *HTTP methods* tab and select *GET*. . Click *Submit* to create the rule. +[float] +===== Create an RSA keypair and add an X.509 Certificate + +This step is required to use OAuth for authentication between Elastic and {sn}. + +*Create an RSA keypair:* + +. Use https://www.openssl.org/docs/man1.0.2/man1/genrsa.html[OpenSSL] to generate an RSA private key: ++ +-- +[source,sh] +---- +openssl genrsa -out example-private-key.pem 3072 +openssl genrsa -passout pass:foobar -out example-private-key-with-password.pem 3072 <1> +---- +<1> Use the `passout` option to set a password on your private key. This is optional but remember your password if you set one. +-- + +. Use https://www.openssl.org/docs/man1.0.2/man1/req.html[OpenSSL] to generate the matching public key: ++ +-- +[source,sh] +---- +openssl req -new -x509 -key example-private-key.pem -out example-sn-cert.pem -days 360 +---- +-- + +*Add an X.509 Certificate to ServiceNow:* + +. In your {sn} instance, go to *Certificates* and select *New*. +. Configure the certificate as follows: ++ +-- +* *Name*: Name the certificate. +* *PEM Certificate*: Copy the generated public key into this text field. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-certificate.png[Shows new certificate form in ServiceNow] +-- + +. Click *Submit* to create the certificate. + +[float] +===== Create an OAuth JWT API endpoint for external clients with a JWT Verifiers Map + +This step is required to use OAuth for authentication between Elastic and {sn}. + +. In your {sn} instance, go to *Application Registry* and select *New*. +. Select *Create an OAuth JWT API endpoint for external clients* from the list of options. ++ +-- +[role="screenshot"] +image::management/connectors/images/servicenow-jwt-endpoint.png[Shows application type selection] +-- + +. Configure the application as follows: ++ +-- +* *Name*: Name the application. +* *User field*: Select the field to use as the user identifier. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-application.png[Shows new application form in ServiceNow] + +IMPORTANT: Remember the selected user field. You will use this as the *User Identifier Value* when creating the connector. For example, if you selected *Email* for *User field*, you will use the user's email for the *User Identifier Value*. +-- + +. Click *Submit* to create the application. You will be redirected to the list of applications. +. Select the application you just created. +. Find the *Jwt Verifier Maps* tab and click *New*. +. Configure the new record as follows: ++ +-- +* *Name*: Name the JWT Verifier Map. +* *Sys certificate*: Click the search icon and select the name of the certificate created in the previous step. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-jwt-verifier-map.png[Shows new JWT Verifier Map form in ServiceNow] +-- + +. Click *Submit* to create the verifier map. +. Note the *Client ID*, *Client Secret* and *JWT Key ID*. You will need these values to create your {sn} connector. ++ +-- +[role="screenshot"] +image::management/connectors/images/servicenow-oauth-values.png[Shows where to find OAuth values in ServiceNow] +-- + [float] [[servicenow-sir-connector-update]] ==== Update a deprecated {sn} SecOps connector @@ -74,9 +169,16 @@ To update a deprecated connector: {sn} SecOps connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action. +Is OAuth:: The type of authentication to use. URL:: {sn} instance URL. Username:: Username for HTTP Basic authentication. Password:: Password for HTTP Basic authentication. +User Identifier:: Identifier to use for OAuth type authentication. This identifier should be the *User field* you selected during setup. For example, if the selected *User field* is *Email*, the user identifier should be the user's email address. +Client ID:: The client ID assigned to your OAuth application. +Client Secret:: The client secret assigned to your OAuth application. +JWT Key ID:: The key ID assigned to the JWT verifier map of your OAuth application. +Private Key:: The RSA private key generated during setup. +Private Key Password:: The password for the RSA private key generated during setup, if set. [float] [[servicenow-sir-connector-networking-configuration]] @@ -88,6 +190,7 @@ Use the <> to customize connecto [[Preconfigured-servicenow-sir-configuration]] ==== Preconfigured connector type +Connector using Basic Authentication [source,text] -- my-servicenow-sir: @@ -101,6 +204,24 @@ Use the <> to customize connecto password: passwordkeystorevalue -- +Connector using OAuth +[source,text] +-- + my-servicenow: + name: preconfigured-oauth-servicenow-connector-type + actionTypeId: .servicenow-sir + config: + apiUrl: https://example.service-now.com/ + usesTableApi: false + isOAuth: true + userIdentifierValue: testuser@email.com + clientId: abcdefghijklmnopqrstuvwxyzabcdef + jwtKeyId: fedcbazyxwvutsrqponmlkjihgfedcba + secrets: + clientSecret: secretsecret + privateKey: -----BEGIN RSA PRIVATE KEY-----\nprivatekeyhere\n-----END RSA PRIVATE KEY----- +-- + Config defines information for the connector type. `apiUrl`:: An address that corresponds to *URL*. @@ -108,19 +229,30 @@ Config defines information for the connector type. NOTE: If `usesTableApi` is set to false, the Elastic application should be installed in {sn}. +`isOAuth`:: A boolean that corresponds to *Is OAuth* and indicates if the connector uses Basic Authentication or OAuth. +`userIdentifierValue`:: A string that corresponds to *User Identifier*. Required if `isOAuth` is set to `true`. +`clientId`:: A string that corresponds to *Client ID*, used for OAuth authentication. Required if `isOAuth` is set to `true`. +`jwtKeyId`:: A string that corresponds to *JWT Key ID*, used for OAuth authentication. Required if `isOAuth` is set to `true`. + Secrets defines sensitive information for the connector type. -`username`:: A string that corresponds to *Username*. -`password`:: A string that corresponds to *Password*. Should be stored in the <>. +`username`:: A string that corresponds to *Username*. Required if `isOAuth` is set to `false`. +`password`:: A string that corresponds to *Password*. Should be stored in the <>. Required if `isOAuth` is set to `false`. +`clientSecret`:: A string that corresponds to *Client Secret*. Required if `isOAuth` is set to `true`. +`privateKey`:: A string that corresponds to *Private Key*. Required if `isOAuth` is set to `true`. +`privateKeyPassword`:: A string that corresponds to *Private Key Password*. [float] [[define-servicenow-sir-ui]] ==== Define connector in Stack Management -Define {sn} SecOps connector properties. +Define {sn} SecOps connector properties. Choose whether to use OAuth for authentication. + +[role="screenshot"] +image::management/connectors/images/servicenow-sir-connector-basic.png[ServiceNow SecOps connector using basic auth] [role="screenshot"] -image::management/connectors/images/servicenow-sir-connector.png[ServiceNow SecOps connector] +image::management/connectors/images/servicenow-sir-connector-oauth.png[ServiceNow SecOps connector using OAuth] Test {sn} SecOps action parameters. diff --git a/docs/management/connectors/action-types/servicenow.asciidoc b/docs/management/connectors/action-types/servicenow.asciidoc index 333a26c075c49..99ed4f0bec32f 100644 --- a/docs/management/connectors/action-types/servicenow.asciidoc +++ b/docs/management/connectors/action-types/servicenow.asciidoc @@ -16,7 +16,13 @@ After upgrading from {stack} version 7.15.0 or earlier to version 7.16.0 or late * Create a {sn} integration user and assign it the appropriate roles. * Create a Cross-Origin Resource Sharing (CORS) rule. -*Create a {sn} integration user* +If you use open authorization (OAuth), you must also: + +* Create an RSA keypair and add an X.509 Certificate. +* Create an OAuth JWT API endpoint for external clients with a JWT Verifiers Map. + +[float] +===== Create a {sn} integration user To ensure authenticated communication between Elastic and {sn}, create a {sn} integration user and assign it the appropriate roles. @@ -31,7 +37,8 @@ To ensure authenticated communication between Elastic and {sn}, create a {sn} in * `x_elas2_inc_int.integration_user` . Click *Save*. -*Create a CORS rule* +[float] +===== Create a CORS rule A CORS rule is required for communication between Elastic and {sn}. To create a CORS rule: @@ -44,6 +51,94 @@ A CORS rule is required for communication between Elastic and {sn}. To create a . Go to the *HTTP methods* tab and select *GET*. . Click *Submit* to create the rule. +[float] +===== Create an RSA keypair and add an X.509 Certificate + +This step is required to use OAuth for authentication between Elastic and {sn}. + +*Create an RSA keypair:* + +. Use https://www.openssl.org/docs/man1.0.2/man1/genrsa.html[OpenSSL] to generate an RSA private key: ++ +-- +[source,sh] +---- +openssl genrsa -out example-private-key.pem 3072 +openssl genrsa -passout pass:foobar -out example-private-key-with-password.pem 3072 <1> +---- +<1> Use the `passout` option to set a password on your private key. This is optional but remember your password if you set one. +-- + +. Use https://www.openssl.org/docs/man1.0.2/man1/req.html[OpenSSL] to generate the matching public key: ++ +-- +[source,sh] +---- +openssl req -new -x509 -key example-private-key.pem -out example-sn-cert.pem -days 360 +---- +-- + +*Add an X.509 Certificate to ServiceNow:* + +. In your {sn} instance, go to *Certificates* and select *New*. +. Configure the certificate as follows: ++ +-- +* *Name*: Name the certificate. +* *PEM Certificate*: Copy the generated public key into this text field. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-certificate.png[Shows new certificate form in ServiceNow] +-- + +. Click *Submit* to create the certificate. + +[float] +===== Create an OAuth JWT API endpoint for external clients with a JWT Verifiers Map + +This step is required to use OAuth for authentication between Elastic and {sn}. + +. In your {sn} instance, go to *Application Registry* and select *New*. +. Select *Create an OAuth JWT API endpoint for external clients* from the list of options. ++ +-- +[role="screenshot"] +image::management/connectors/images/servicenow-jwt-endpoint.png[Shows application type selection] +-- + +. Configure the application as follows: ++ +-- +* *Name*: Name the application. +* *User field*: Select the field to use as the user identifier. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-application.png[Shows new application form in ServiceNow] + +IMPORTANT: Remember the selected user field. You will use this as the *User Identifier Value* when creating the connector. For example, if you selected *Email* for *User field*, you will use the user's email for the *User Identifier Value*. +-- + +. Click *Submit* to create the application. You will be redirected to the list of applications. +. Select the application you just created. +. Find the *Jwt Verifier Maps* tab and click *New*. +. Configure the new record as follows: ++ +-- +* *Name*: Name the JWT Verifier Map. +* *Sys certificate*: Click the search icon and select the name of the certificate created in the previous step. + +[role="screenshot"] +image::management/connectors/images/servicenow-new-jwt-verifier-map.png[Shows new JWT Verifier Map form in ServiceNow] +-- + +. Click *Submit* to create the verifier map. +. Note the *Client ID*, *Client Secret* and *JWT Key ID*. You will need these values to create your {sn} connector. ++ +-- +[role="screenshot"] +image::management/connectors/images/servicenow-oauth-values.png[Shows where to find OAuth values in ServiceNow] +-- + [float] [[servicenow-itsm-connector-update]] ==== Update a deprecated {sn} ITSM connector @@ -73,9 +168,16 @@ To update a deprecated connector: {sn} ITSM connectors have the following configuration properties. Name:: The name of the connector. The name is used to identify a connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action. +Is OAuth:: The type of authentication to use. URL:: {sn} instance URL. Username:: Username for HTTP Basic authentication. Password:: Password for HTTP Basic authentication. +User Identifier:: Identifier to use for OAuth type authentication. This identifier should be the *User field* you selected during setup. For example, if the selected *User field* is *Email*, the user identifier should be the user's email address. +Client ID:: The client ID assigned to your OAuth application. +Client Secret:: The client secret assigned to your OAuth application. +JWT Key ID:: The key ID assigned to the JWT Verifier Map of your OAuth application. +Private Key:: The RSA private key generated during setup. +Private Key Password:: The password for the RSA private key generated during setup, if set. [float] [[servicenow-connector-networking-configuration]] @@ -87,6 +189,7 @@ Use the <> to customize connecto [[Preconfigured-servicenow-configuration]] ==== Preconfigured connector type +Connector using Basic Authentication [source,text] -- my-servicenow: @@ -100,6 +203,24 @@ Use the <> to customize connecto password: passwordkeystorevalue -- +Connector using OAuth +[source,text] +-- + my-servicenow: + name: preconfigured-oauth-servicenow-connector-type + actionTypeId: .servicenow + config: + apiUrl: https://example.service-now.com/ + usesTableApi: false + isOAuth: true + userIdentifierValue: testuser@email.com + clientId: abcdefghijklmnopqrstuvwxyzabcdef + jwtKeyId: fedcbazyxwvutsrqponmlkjihgfedcba + secrets: + clientSecret: secretsecret + privateKey: -----BEGIN RSA PRIVATE KEY-----\nprivatekeyhere\n-----END RSA PRIVATE KEY----- +-- + Config defines information for the connector type. `apiUrl`:: An address that corresponds to *URL*. @@ -107,19 +228,30 @@ Config defines information for the connector type. NOTE: If `usesTableApi` is set to false, the Elastic application should be installed in {sn}. +`isOAuth`:: A boolean that corresponds to *Is OAuth* and indicates if the connector uses Basic Authentication or OAuth. +`userIdentifierValue`:: A string that corresponds to *User Identifier*. Required if `isOAuth` is set to `true`. +`clientId`:: A string that corresponds to *Client ID*, used for OAuth authentication. Required if `isOAuth` is set to `true`. +`jwtKeyId`:: A string that corresponds to *JWT Key ID*, used for OAuth authentication. Required if `isOAuth` is set to `true`. + Secrets defines sensitive information for the connector type. -`username`:: A string that corresponds to *Username*. -`password`:: A string that corresponds to *Password*. Should be stored in the <>. +`username`:: A string that corresponds to *Username*. Required if `isOAuth` is set to `false`. +`password`:: A string that corresponds to *Password*. Should be stored in the <>. Required if `isOAuth` is set to `false`. +`clientSecret`:: A string that corresponds to *Client Secret*. Required if `isOAuth` is set to `true`. +`privateKey`:: A string that corresponds to *Private Key*. Required if `isOAuth` is set to `true`. +`privateKeyPassword`:: A string that corresponds to *Private Key Password*. [float] [[define-servicenow-ui]] ==== Define connector in Stack Management -Define {sn} ITSM connector properties. +Define {sn} ITSM connector properties. Choose whether to use OAuth for authentication. + +[role="screenshot"] +image::management/connectors/images/servicenow-connector-basic.png[ServiceNow connector using basic auth] [role="screenshot"] -image::management/connectors/images/servicenow-connector.png[ServiceNow connector] +image::management/connectors/images/servicenow-connector-oauth.png[ServiceNow connector using OAuth] Test {sn} ITSM action parameters. diff --git a/docs/management/connectors/images/servicenow-connector-basic.png b/docs/management/connectors/images/servicenow-connector-basic.png new file mode 100644 index 0000000000000..e2bf73ad14594 Binary files /dev/null and b/docs/management/connectors/images/servicenow-connector-basic.png differ diff --git a/docs/management/connectors/images/servicenow-connector-oauth.png b/docs/management/connectors/images/servicenow-connector-oauth.png new file mode 100644 index 0000000000000..f0124d39cfde9 Binary files /dev/null and b/docs/management/connectors/images/servicenow-connector-oauth.png differ diff --git a/docs/management/connectors/images/servicenow-connector.png b/docs/management/connectors/images/servicenow-connector.png deleted file mode 100644 index cb74e8abcfba8..0000000000000 Binary files a/docs/management/connectors/images/servicenow-connector.png and /dev/null differ diff --git a/docs/management/connectors/images/servicenow-itom-connector-basic.png b/docs/management/connectors/images/servicenow-itom-connector-basic.png new file mode 100644 index 0000000000000..fb5c73bb82785 Binary files /dev/null and b/docs/management/connectors/images/servicenow-itom-connector-basic.png differ diff --git a/docs/management/connectors/images/servicenow-itom-connector-oauth.png b/docs/management/connectors/images/servicenow-itom-connector-oauth.png new file mode 100644 index 0000000000000..2e5d2c430d1ae Binary files /dev/null and b/docs/management/connectors/images/servicenow-itom-connector-oauth.png differ diff --git a/docs/management/connectors/images/servicenow-itom-connector.png b/docs/management/connectors/images/servicenow-itom-connector.png deleted file mode 100644 index 5b73336d21b47..0000000000000 Binary files a/docs/management/connectors/images/servicenow-itom-connector.png and /dev/null differ diff --git a/docs/management/connectors/images/servicenow-jwt-endpoint.png b/docs/management/connectors/images/servicenow-jwt-endpoint.png new file mode 100644 index 0000000000000..6fcd8b1fd404f Binary files /dev/null and b/docs/management/connectors/images/servicenow-jwt-endpoint.png differ diff --git a/docs/management/connectors/images/servicenow-new-application.png b/docs/management/connectors/images/servicenow-new-application.png new file mode 100644 index 0000000000000..a64b8df91509e Binary files /dev/null and b/docs/management/connectors/images/servicenow-new-application.png differ diff --git a/docs/management/connectors/images/servicenow-new-certificate.png b/docs/management/connectors/images/servicenow-new-certificate.png new file mode 100644 index 0000000000000..111ae0415103a Binary files /dev/null and b/docs/management/connectors/images/servicenow-new-certificate.png differ diff --git a/docs/management/connectors/images/servicenow-new-jwt-verifier-map.png b/docs/management/connectors/images/servicenow-new-jwt-verifier-map.png new file mode 100644 index 0000000000000..4dc089e938234 Binary files /dev/null and b/docs/management/connectors/images/servicenow-new-jwt-verifier-map.png differ diff --git a/docs/management/connectors/images/servicenow-oauth-values.png b/docs/management/connectors/images/servicenow-oauth-values.png new file mode 100644 index 0000000000000..adb6a01e9645b Binary files /dev/null and b/docs/management/connectors/images/servicenow-oauth-values.png differ diff --git a/docs/management/connectors/images/servicenow-sir-connector-basic.png b/docs/management/connectors/images/servicenow-sir-connector-basic.png new file mode 100644 index 0000000000000..95cefce154494 Binary files /dev/null and b/docs/management/connectors/images/servicenow-sir-connector-basic.png differ diff --git a/docs/management/connectors/images/servicenow-sir-connector-oauth.png b/docs/management/connectors/images/servicenow-sir-connector-oauth.png new file mode 100644 index 0000000000000..3b02087b5a49a Binary files /dev/null and b/docs/management/connectors/images/servicenow-sir-connector-oauth.png differ diff --git a/docs/management/connectors/images/servicenow-sir-connector.png b/docs/management/connectors/images/servicenow-sir-connector.png deleted file mode 100644 index 71c7ce5ed05f5..0000000000000 Binary files a/docs/management/connectors/images/servicenow-sir-connector.png and /dev/null differ