Skip to main content
The ServiceNow integration creates ITSM incidents when Verilock detects compliance events that require manual review. Incidents are assigned to the correct team with appropriate priority levels.

Prerequisites

  • A ServiceNow instance (Paris release or later)
  • A ServiceNow user account with the itil role
  • Verilock Enterprise plan

Setup

1

Create a ServiceNow Developer Instance

If you do not have a production instance, create a free developer instance at developer.servicenow.com. Activate the ITSM application.
2

Create an Integration User

In ServiceNow, navigate to User Administration > Users and create a new user with the itil and rest_service roles. This user will be used for API authentication.
3

Configure Credentials in Verilock

Go to Dashboard > Settings > Integrations > ServiceNow and enter:
  • Instance URL: https://your-instance.service-now.com
  • Username: The integration user’s username
  • Password: The integration user’s password
4

Configure Assignment Groups

Map Verilock event categories to ServiceNow assignment groups:
  • Compliance events: e.g., Compliance Review Team
  • Security events: e.g., Security Operations
  • Transaction events: e.g., Fraud Investigation
5

Test Connection

Click Test Connection to verify API access. Verilock will create a test incident and immediately resolve it.

Event-to-Incident Mapping

Each Verilock event maps to a ServiceNow incident with a specific priority and category:
Verilock EventPriorityCategoryAssignment Group
aml.match_foundP1 - CriticalComplianceCompliance Review
aml.monitoring.matchP1 - CriticalComplianceCompliance Review
transaction.blockedP1 - CriticalFraudFraud Investigation
session.declinedP2 - HighSecuritySecurity Operations
session.completedP2 - HighSecuritySecurity Operations
transaction.flaggedP2 - HighFraudFraud Investigation
face.duplicate_foundP2 - HighSecuritySecurity Operations
session.expiredP3 - ModerateOperationsIdentity Verification
Priority and assignment group mappings are fully configurable from the Verilock dashboard. The defaults shown above can be overridden per event type.

Incident Fields

Each incident created by Verilock includes the following fields:
ServiceNow FieldVerilock Source
short_descriptionEvent type and session/screening ID
descriptionFull event payload with applicant details
categoryMapped from event type
priorityMapped from event type
assignment_groupConfigured assignment group
caller_idIntegration user
u_verilock_session_idSession or screening ID
u_verilock_risk_scoreRisk score (0-100)
Custom fields (u_verilock_session_id and u_verilock_risk_score) require a ServiceNow Update Set. Download it from Dashboard > Settings > Integrations > ServiceNow > Download Update Set.

Example Incident Payload

{
  "short_description": "AML Match Found - aml_x7k9m2p4",
  "description": "Verilock AML screening detected a potential match.\n\nScreening ID: aml_x7k9m2p4\nApplicant: Jean Dupont\nMatch Type: PEP\nMatch Score: 92%\n\nReview: https://verilock.io/dashboard/aml/aml_x7k9m2p4",
  "category": "Compliance",
  "priority": 1,
  "assignment_group": "Compliance Review",
  "u_verilock_session_id": "aml_x7k9m2p4",
  "u_verilock_risk_score": 92
}

Troubleshooting

Ensure the integration user has itil and rest_service roles. Verify the instance URL does not include a trailing slash.
Import the Verilock Update Set into your ServiceNow instance. Navigate to System Update Sets > Retrieved Update Sets and preview/commit the update set.
Verilock uses the webhook_id as a correlation ID. If duplicate incidents appear, check that your ServiceNow instance is responding with 2xx status codes within 10 seconds.