Many enterprise clients throughout numerous industries need to undertake Generative AI to drive innovation, consumer productiveness, and improve buyer expertise. Generative AI–powered assistants akin to Amazon Q Enterprise will be configured to reply questions, present summaries, generate content material, and securely full duties based mostly on information and data in your enterprise programs. Amazon Q Enterprise understands pure language and permits customers to obtain instant, permissions-aware responses from enterprise information sources with citations. This functionality helps numerous use instances akin to IT, HR, and assist desk.
With customized plugins for Amazon Q Enterprise, you may improve the applying atmosphere to allow your customers to make use of pure language to carry out particular duties associated to third-party purposes — akin to Jira, Salesforce, and ServiceNow — immediately from inside their net expertise chat.
Enterprises which have adopted ServiceNow can enhance their operations and enhance consumer productiveness by utilizing Amazon Q Enterprise for numerous use instances, together with incident and information administration. Customers can search ServiceNow information base (KB) articles and incidents along with with the ability to create, handle, and monitor incidents and KB articles, all from inside their net expertise chat.
On this publish, we’ll exhibit how one can configure an Amazon Q Enterprise software and add a customized plugin that offers customers the flexibility to make use of a pure language interface supplied by Amazon Q Enterprise to question real-time information and take actions in ServiceNow. By the tip of this hands-on session, you need to have the ability to:
- Create an Amazon Q Enterprise software and combine it with ServiceNow utilizing a customized plugin.
- Use pure language in your Amazon Q net expertise chat to carry out learn and write actions in ServiceNow akin to querying and creating incidents and KB articles in a safe and ruled style.
Conditions
Earlier than continuing, just remember to have the mandatory AWS account permissions and companies enabled, together with entry to a ServiceNow atmosphere with the required privileges for configuration.
AWS
ServiceNow
- Acquire a ServiceNow Private Developer Occasion or use a clear ServiceNow developer atmosphere. You will want an account that has admin privileges to carry out the configuration steps in ServiceNow.
Answer overview
The next structure diagram illustrates the workflow for Amazon Q Enterprise net expertise with enhanced capabilities to combine it seamlessly with ServiceNow.
The implementation contains the next steps:
- The answer begins with configuring Amazon Q Enterprise utilizing the AWS Administration Console. This contains organising the applying atmosphere, including customers to AWS IAM Identification Middle, deciding on the suitable subscription tier, and configuring the net expertise for customers to work together with. The atmosphere can optionally be configured to offer real-time information retrieval utilizing a local retriever, which pulls info from listed information sources, akin to Amazon Easy Storage Service (Amazon S3), throughout interactions.
- The following step entails adjusting the worldwide controls and response settings for the applying atmosphere guardrails to permit Amazon Q Enterprise to make use of its giant language mannequin (LLM) information to generate responses when it can’t discover responses out of your linked information sources.
- Integration with ServiceNow is achieved by organising an OAuth Inbound software endpoint in ServiceNow, which authenticates and authorizes interactions between Amazon Q Enterprise and ServiceNow. This entails creating an OAuth API endpoint in ServiceNow and utilizing the net expertise URL from Amazon Q Enterprise because the callback URL. The setup makes certain that Amazon Q Enterprise can securely carry out actions in ServiceNow with the identical scoped permissions because the consumer signing in to ServiceNow.
- The ultimate step of the answer entails enhancing the applying atmosphere with a customized plugin for ServiceNow utilizing APIs outlined in an OpenAPI schema. The plugin permits Amazon Q Enterprise to securely work together with ServiceNow’s REST APIs, enabling operations akin to querying, creating, and updating information dynamically and in actual time
Configuring the Amazon Q Enterprise software
To create an Amazon Q Enterprise software, register to the Amazon Q Enterprise console.
As a prerequisite to creating an Amazon Q Enterprise software, comply with the directions in Configuring an IAM Identification Middle occasion part. Amazon Q Enterprise integrates with IAM Identification Middle to allow managing consumer entry to your Amazon Q Enterprise software. That is the beneficial methodology for managing human entry to AWS sources and the strategy used for the aim of this weblog.
Amazon Q Enterprise additionally helps id federation by IAM. While you use id federation, you may handle customers along with your enterprise id supplier (IdP) and use IAM to authenticate customers once they register to Amazon Q Enterprise.
Create and configure the Amazon Q Enterprise software:
- Within the Amazon Q Enterprise console, select Utility from the navigation pane after which select Create software.
- Enter the next info on your Amazon Q Enterprise software:
- Utility identify: Enter a reputation for fast identification, akin to
my-demo-application. - Service entry: Choose the Create and use a brand new service-linked position (SLR). A service-linked position is a singular kind of IAM position that’s linked on to Amazon Q Enterprise. Service-linked roles are predefined by Amazon Q Enterprise and embrace the permissions that the service requires to name different AWS companies in your behalf.
- Select Create.
- Utility identify: Enter a reputation for fast identification, akin to
- After creating your Amazon Q Enterprise software atmosphere, create and choose the retriever and provision the index that may energy your generative AI net expertise. The retriever pulls information from the index in actual time throughout a dialog. On the Choose Retriever web page:
- Retrievers: Choose Use native retriever.
- Index provisioning: Choose Starter, which is good for proof-of-concept or developer workloads. See Index varieties for extra info.
- Variety of items: Enter
1. This means the capability items that you just wish to provision on your index. Every unit is 20,000 paperwork. Select Subsequent. - Select Subsequent.
- After you choose a retriever on your Amazon Q Enterprise software atmosphere, you may optionally join different information sources to it. As a result of an information supply isn’t required for this session, we received’t configure one. For extra info on connecting information sources to an Amazon Q Enterprise software, see connecting information sources.
- As an account admin, you may add customers to your IAM Identification Middle occasion from the Amazon Q Enterprise console. After you add customers or teams to an software atmosphere, you may then select the Amazon Q Enterprise tier for every consumer or group. On the Add teams and customers web page:
- Select Add teams and customers.
- Within the Add new customers dialog field that opens, enter the small print of the consumer. The small print you will need to enter for a single consumer embrace: Username, First identify, Final identify, electronic mail deal with, Verify electronic mail deal with, and Show identify.
- Select Subsequent after which Add. The consumer is routinely added to an IAM Identification Middle listing and an electronic mail invitation to affix Identification Middle is distributed to the e-mail deal with supplied.
- After including a consumer or group, select the Amazon Q Enterprise subscription tier for every consumer or group. From the Present subscription dropdown menu, choose Q Enterprise Professional.
- For the Net expertise service entry, choose Create and use a brand new service position.
- Select Create software.
Upon profitable completion, Amazon Q Enterprise returns an internet expertise URL that you would be able to share with the customers you added to your software atmosphere. The Net expertise URL (on this case: https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/) will probably be used when creating an OAuth software endpoint in ServiceNow. Notice that your net expertise URL will probably be completely different from the one proven right here.
Enhancing an Amazon Q Enterprise software with guardrails
By default, an Amazon Q Enterprise software is configured to reply to consumer chat queries utilizing solely enterprise information. As a result of we didn’t configure an information supply for the aim of this publish, you’ll use Admin controls and guardrails to permit Amazon Q to make use of its LLM world information to generate responses when it can’t discover responses out of your linked information sources.
Create a customized plugin for ServiceNow:
- From the Amazon Q Enterprise console, select Purposes within the navigation pane. Choose the identify of your software from the listing of purposes.
- From the navigation pane, select Enhancements, after which select Admin Controls and guardrails.
- In World Controls, select Edit.
- In Response settings underneath Utility guardrails, choose Enable Amazon Q to fall again to LLM information.
Configuring ServiceNow
To permit Amazon Q Enterprise to connect with your ServiceNow occasion, you’ll want to create an OAuth inbound software endpoint. OAuth-based authentication validates the id of the shopper that makes an attempt to determine a belief on the system by utilizing an authentication protocol. For extra info, see OAuth Inbound and Outbound authentication.
Create an OAuth software endpoint for exterior shopper purposes to entry the ServiceNow occasion:
- Within the ServiceNow console, navigate to All, then System OAuth, then Utility Registry after which select New. On the interceptor web page, choose Create an OAuth API endpoint for exterior shoppers after which fill within the type with particulars for Title and Redirect URL. The opposite fields are routinely generated by the ServiceNow OAuth server.
- The Redirect URL is the callback URL that the authorization server redirects to. Enter the net expertise URL of your Amazon Q Enterprise software atmosphere (which is the shopper requesting entry to the useful resource), appended by
oauth/callback. - For this instance, the URL is:
https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/oauth/callback
- The Redirect URL is the callback URL that the authorization server redirects to. Enter the net expertise URL of your Amazon Q Enterprise software atmosphere (which is the shopper requesting entry to the useful resource), appended by
- For Auth Scope, set the worth to
useraccount. The scope API response parameter defines the quantity of entry granted by the entry token, which implies that the entry token has the identical rights because the consumer account that approved the token. For instance, if Abel Tuter authorizes an software by offering login credentials, then the ensuing entry token grants the token bearer the identical entry privileges as Abel Tuter. - Select Submit.
This creates an OAuth shopper software document and generates a shopper ID and shopper secret, which Amazon Q Enterprise must entry the restricted sources on the occasion. You will want this authentication info (shopper ID and shopper secret) within the following customized plugin configuration course of.
Enhancing the Amazon Q Enterprise software atmosphere with customized plugins for ServiceNow
To combine with exterior purposes, Amazon Q Enterprise makes use of APIs, that are configured as a part of the customized plugins.
Earlier than making a customized plugin, you’ll want to create or edit an OpenAPI schema, outlining the completely different API operations that you just wish to allow on your customized plugin. Amazon Q Enterprise makes use of the configured third-party OpenAPI specs to dynamically decide which API operations to carry out to satisfy a consumer request. Due to this fact, the OpenAPI schema definition has a big effect on API choice accuracy and may require design optimizations. As a way to maximize accuracy and enhance effectivity with an Amazon Q Enterprise customized plugin, comply with the finest practices for configuring OpenAPI schema definitions.
To configure a customized plugin, you will need to outline no less than one and a most of eight API operations that may be invoked. To outline the API operations, create an OpenAPI schema in JSON or YAML format. You’ll be able to create OpenAPI schema information and add them to Amazon S3. Alternatively, you should utilize the OpenAPI textual content editor within the console, which can validate your schema.
For this publish, a working pattern of an OpenAPI Schema for ServiceNow is supplied in JSON format. Earlier than utilizing it, edit the template file and substitute
You should utilize the REST API Explorer to browse accessible APIs, API variations, and strategies for every API. The explorer lets you check REST API requests straight from the consumer interface. The Desk API offers endpoints that help you carry out create, learn, replace, and delete (CRUD) operations on current tables. The calling consumer will need to have adequate roles to entry the information within the desk specified within the request. For extra info on assigning roles, see Managing roles.
{
"openapi": "3.0.1",
"data": {
"title": "Desk API",
"description": "Lets you carry out create, learn, replace and delete (CRUD) operations on current tables",
"model": "newest"
},
"externalDocs": {
"url": "https://docs.servicenow.com/?context=CSHelp:REST-Desk-API"
},
"servers": [
{
"url": "YOUR_SERVICENOW_INSTANCE_URL"
}
],
"paths": {
"/api/now/desk/{tableName}": {
"get": {
"description": "Retrieve information from a desk",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_query",
"in": "query",
"description": "An encoded query string used to filter the results like Incidents Numbers or Knowledge Base IDs etc",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_fields",
"in": "query",
"description": "A comma-separated list of fields to return in the response",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_limit",
"in": "query",
"description": "The maximum number of results returned per page",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {
"schema": {
"$ref": "#/elements/schemas/incident"
}
}
}
}
}
},
"publish": {
"description": "Create a document",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content material": {
"software/json": {
"schema": {
"kind": "object",
"properties": {
"short_description": {
"kind": "string",
"description": "Quick Description"
},
"description": {
"kind": "string",
"description": "Full Description for Incidents solely"
},
"caller_id": {
"kind": "string",
"description": "Caller E-mail"
},
"state": {
"kind": "string",
"description": "State of the incident",
"enum": [
"new",
"in_progress",
"resolved",
"closed"
]
},
"textual content": {
"kind": "string",
"description": "Article Physique Textual content for Data Bases Solely (KB)"
}
},
"required": [
"short_description",
"caller_id"
]
}
}
},
"required": true
},
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {}
}
}
}
}
},
"/api/now/desk/{tableName}/{sys_id}": {
"get": {
"description": "Retrieve a document",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_fields",
"in": "query",
"description": "A comma-separated list of fields to return in the response",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
},
"delete": {
"description": "Delete a document",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
},
"patch": {
"description": "Replace or modify a document",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content material": {
"software/json": {
"schema": {
"kind": "object",
"properties": {
"short_description": {
"kind": "string",
"description": "Quick Description"
},
"description": {
"kind": "string",
"description": "Full Description for Incidents solely"
},
"caller_id": {
"kind": "string",
"description": "Caller E-mail"
},
"state": {
"kind": "string",
"description": "State of the incident",
"enum": [
"new",
"in_progress",
"resolved",
"closed"
]
},
"textual content": {
"kind": "string",
"description": "Article Physique Textual content for Data Bases Solely (KB)"
}
},
"required": [
"short_description",
"caller_id"
]
}
}
},
"required": true
},
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
}
}
},
"elements": {
"schemas": {
"incident": {
"kind": "object",
"properties": {
"sys_id": {
"kind": "string",
"description": "Distinctive identifier for the incident"
},
"quantity": {
"kind": "string",
"description": "Incident quantity"
},
"short_description": {
"kind": "string",
"description": "Transient description of the incident"
}
}
}
},
"securitySchemes": {
"oauth2": {
"kind": "oauth2",
"flows": {
"authorizationCode": {
"authorizationUrl": "YOUR_SERVICENOW_INSTANCE_URL/oauth_auth.do",
"tokenUrl": "YOUR_SERVICENOW_INSTANCE_URL/oauth_token.do",
"scopes": {
"useraccount": "Entry equal to the consumer's account"
}
}
}
}
}
},
"safety": [
{
"oauth2": [
"useraccount"
]
}
]
}The URL for the ServiceNow occasion used on this publish is: https://devxxxxxx.service-now.com/. After updating the sections of the template with the URL for this particular occasion, the JSON ought to appear like the next:
"servers": [
{
"url": "https://devxxxxxx.service-now.com/"
} "securitySchemes": {
"oauth2": {
"type": "oauth2",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://devxxxxxx.service-now.com/oauth_auth.do",
"tokenUrl": "https://devxxxxxx.service-now.com/oauth_token.do",
"scopes": {
"useraccount": "Access equivalent to the user's account"
}
}
}
}
}To create a custom plugin for ServiceNow:
-
- Sign in to the Amazon Q Business console.
- Choose Applications in the navigation pane, and then select your application from the list of applications.
- In the navigation pane, choose Enhancements, and then choose Plugins.
- In Plugins, choose Add plugin.
- In Add plugins, choose Custom plugin.
- In Custom plugin, enter the following information:
- In Name and description, for Plugin name: Enter a name for your Amazon Q plugin.
- In API schema, for API schema source, select Define with in-line OpenAPI schema editor.
- Select JSON as the format for the schema.
- Remove any sample schema that appears in the inline OpenAPI schema editor and replace it with the text from the provided sample JSON template, updated with your ServiceNow instance URL.
- In Authentication: Select Authentication required.
- For AWS Secrets Manager secret, choose Create and add a new secret. You need to store the ServiceNow OAuth authentication credentials in a Secrets Manager secret to connect your third-party application to Amazon Q. In the window that opens, enter the details in the form:
- Secret name: A name for your Secrets Manager secret.
- Client ID: The Client ID from ServiceNow OAuth configuration in the previous section.
- Client secret: The Client Secret from ServiceNow OAuth configuration in the previous section.
- OAuth callback URL: The URL the user needs to be redirected to after authentication. This will be your web experience URL. For this example, it’s: https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/oauth/callback. Amazon Q Business will handle OAuth tokens in this URL.
- In Choose a method to authorize Amazon Q Business: Select Create and add a new service role. The console will generate a service role name. To connect Amazon Q Business to third-party applications that require authentication, you need to give the Amazon Q role permissions to access your Secrets Manager secret. This will enable an Amazon Q Business custom plugin to access the credentials needed to sign in to the third-party service.
- Choose Add plugin to add your plugin.
Upon successful completion, the plugin will appear under Plugins with Build status of Ready and Plugin status Active.
Using Amazon Q Business web experience chat to take actions in ServiceNow
Users can launch your Amazon Q Business web experience in two ways:
- AWS access portal URL provided in an invitation email sent to the user to join AWS IAM Identity Center.
- Web experience URL shared by the admin.
Navigate to the deployed web experience URL and sign with your AWS IAM Identity Center credentials.
After signing in, choose the New conversation icon in the left-hand menu to start a conversation.
Example: Search Knowledge Base Articles in ServiceNow for user issue and create an incident
The following chat conversation example illustrates a typical use case of Amazon Q Business integrated with custom plugins for ServiceNow. These features allow you to perform a wide range of tasks tailored to your organization’s needs.
In this example, we initiate a conversation in the web experience chat to search for KB articles related to ”log in issues” in ServiceNow by invoking a plugin action. After the user submits a prompt, Amazon Q Business queries ServiceNow through the appropriate API to retrieve the results and provides a response with related KB articles. We then proceed by asking Amazon Q Business for more details to see if any of the KB articles directly addresses the user’s issue. When no relevant KB articles pertaining to the user’s issue are found, we ask Amazon Q Business to summarize the conversation and create a new incident in ServiceNow, making sure the issue is logged for resolution.
User prompt 1 – I am having issues logging in to the intranet and want to know if there are any ServiceNow KB articles on log-in issues. Perform the search on both Short Description and Text field using LIKE operator
Before submitting the preceding prompt for an action to create an incident in ServiceNow, choose the vertical ellipsis to open Conversation settings, then choose Use a Plugin to select the corresponding custom plugin for ServiceNow.
If this is the first time a user is accessing the custom plugin or if their past sign-in has expired, the user will need to authenticate. After authenticating successfully, Amazon Q Business will perform the requested task.
Choose Authorize.
If the user isn’t already signed in to ServiceNow, they will be prompted to enter their credentials. For this example, the user signing in to ServiceNow is the admin user and API actions performed in ServiceNow by Amazon Q Business on behalf of the user will have the same level of access as the user within ServiceNow.
Choose Allow for Amazon Q Business to connect to ServiceNow and perform the requested task on your behalf.
Upon executing the user’s request after verifying that they are authorized, Amazon Q Business responds with the information that it retrieved. We then proceed to retrieve additional details with the following prompt.
User prompt 2 – Can you list the KB number and short description in a tabular form?
Because there no KB articles related the user’s issue were found, we will ask Amazon Q to summarize the conversation context to create an incident with the following prompt.
User prompt 3 – The error I get is "Unable to Login After System Upgrade". Summarize my issue and create an incident with detailed description and add a note that this needs to be resolved asap.
In response to your prompt for an action, Amazon Q displays a review form where you can modify or fill in the necessary information.
To successfully complete the action, choose submit.
Note: The caller_id value entered in the following example is a valid ServiceNow user.
Your web experience will display a success message if the action succeeds, or an error message if the action fails. In this case, the action succeeded and Amazon Q Business responded accordingly.
The following screenshot shows that the incident was created successfully in ServiceNow.
Troubleshooting common errors
To have a seamless experience with third-party application integrations, it’s essential to thoroughly test, identify, and troubleshoot unexpected behavior.
A common error encountered in Amazon Q Business is API Response too large, which occurs when an API response size exceeds the current limit of 100 KB. While prompting techniques are essential for obtaining accurate and relevant answers, optimizing API responses to include only the necessary and relevant data is crucial for better response times and enhanced user experience.
The REST API Explorer (shown in the following figure) in ServiceNow is a tool that allows developers and administrators to interact with and test the ServiceNow REST APIs directly from within the ServiceNow environment. It provides a user-friendly interface for making API requests, viewing responses, and understanding the available endpoints and data structures. Using this tool simplifies the process of testing and integrating with ServiceNow.
Clean up
To clean up AWS configurations, sign in to the Amazon Q Business console.
- From the Amazon Q Business console, in Applications, select the application that you want to delete.
- Choose Actions and select Delete.
- To confirm deletion, enter
Delete.
This will take a few minutes to finish. When completed, the application and the configured custom plugin will be deleted.
When you delete the Amazon Q Business application, the users created as part of the configuration are not automatically deleted from IAM Identity Center. Use the instructions in Delete users in IAM Identity Center to delete the users created for this post.
To clean up in ServiceNow, release the Personal Developer Instance provisioned for this post by following the instructions in the ServiceNow Documentation.
Conclusion
The integration of generative AI-powered assistants such as Amazon Q Business with enterprise systems such as ServiceNow offers significant benefits for organizations. By using natural language processing capabilities, enterprises can streamline operations, enhance user productivity, and deliver better customer experiences. The ability to query real-time data and create incidents and knowledge articles through a secure and governed chat interface transforms how users interact with enterprise data and applications. As demonstrated in this post, enhancing Amazon Q Business to integrate with ServiceNow using custom plugins empowers users to perform complex tasks effortlessly, driving efficiency across various business functions. Adopting this technology not only modernizes workflows, but also positions enterprises at the forefront of innovation.
Learn more
About the Author
Siddhartha Angara is a Senior Solutions Architect at Amazon Web Services. He helps enterprise customers design and build well-architected solutions in the cloud, accelerate cloud adoption, and build Machine Learning and Generative AI applications. He enjoys playing the guitar, reading and family time!
