Building a ServiceNow MCP Connection — Setup, Benchmark, and What It Unlocks

What We Did

We built a production-grade MCP (Model Context Protocol) server connecting a personal AI system directly to ServiceNow. After establishing the connection, we ran a full instance benchmark — querying every major object type in parallel — and used the results to build persistent PAI intelligence about the environment.

The result: an AI that doesn't just know how to work with ServiceNow, but knows your specific instance — its backlog, its automation health, its users, its custom apps, and where things are broken.

How We Did It

Phase 1: MCP Server Architecture

The MCP server is a Python FastMCP process exposing 27 tools across five capability domains:

• Incident management — list, get, search, update, close
• Record operations — generic query, create, update, delete on any table
• Aggregation — count, sum, avg, group-by against any table via `/api/now/stats`
• UI Builder & module helpers — typed access to UX artifacts and solution areas
• Attachments & flows — list attachments on any record, trigger Flow Designer flows

Each tool communicates over ServiceNow's Table REST API using a dedicated integration user. The server handles SSL fallback to curl for environments with certificate validation issues.

Phase 2: Authentication Pattern

A critical distinction: SSO browser sessions do not carry to REST API calls. A dedicated non-SSO integration account is required — one that lives only in ServiceNow, not in your organization's identity provider.

The integration user needs the itil role at minimum for incident operations, and admin for broader platform access. Credentials live in a local .env file; the server reads them at startup.

Phase 3: Instance Benchmark

Once connected, we ran parallel queries across 14 major tables to establish a baseline. Key findings from a standard Yokohama instance:

| Domain | What We Found |

|--------|---------------|

| Users | 633 active across 51 groups |

| Incidents | 67 total — 33 open, 27 closed |

| Change Requests | 100 total — 61 stuck in Authorize |

| Business Rules | 5,444 active |

| Script Includes | 4,670 active |

| UI Policies | 2,844 active |

| ACLs | 45,000+ — record, REST, UX, GenAI types |

| Flow Contexts | 1,412 complete, 189 stuck in Waiting |

| CMDB CIs | ~3,000 — led by Software (1,767) and Computers (814) |

| Catalog Items | 147 active, 50 inactive |

| Custom Apps | 1 in-house application identified |

Two immediate red flags surfaced: 61 change requests bottlenecked in the Authorize state, and 189 Flow Designer executions stuck in Waiting — both invisible to anyone not actively querying the platform.

Phase 4: Persistent Intelligence Layer

The benchmark results were written to PAI memory, meaning every future conversation starts with this context loaded. PAI now knows the instance's baseline and can detect drift — if the incident backlog grows, if flows start piling up, if update set hygiene degrades.

Why It Matters

Most ServiceNow integrations are one-directional: a form triggers a flow, a flow creates a record, a webhook fires an alert. This is different.

This connection makes the AI a participant in the platform — able to read, reason, and act across the entire system in a single conversation. No switching between tabs, no writing queries manually, no digging through lists. You describe what you want, and the AI handles the platform interaction.

Practical examples that now work out of the box:

• "Assign all unassigned P1 incidents to me" → done in one message, all in parallel
• "How many flows are stuck right now?" → instant answer with context
• "Which change requests have been sitting in Authorize the longest?" → query + sort + summarize
• "Create a catalog item for onboarding requests" → scaffolded from the API
• "List all attachments on INC0012345 and summarize them" → combined read + reasoning

The intelligence layer also catches things that fall through the cracks — like 189 flows quietly waiting for approvals that may never come, or all development changes getting swallowed into unnamed Default update sets with no traceability.

For any team managing ServiceNow at scale, this pattern closes the gap between the platform's data and actionable intelligence. The instance stops being a system you log into and becomes one you talk to.