Many enterprise prospects throughout varied industries want to undertake Generative AI to drive innovation, consumer productiveness, and improve buyer expertise. Generative AI–powered assistants equivalent to Amazon Q Enterprise could be configured to reply questions, present summaries, generate content material, and securely full duties based mostly on information and data in your enterprise techniques. Amazon Q Enterprise understands pure language and permits customers to obtain rapid, permissions-aware responses from enterprise information sources with citations. This functionality helps varied use circumstances equivalent to IT, HR, and assist desk.
With customized plugins for Amazon Q Enterprise, you possibly can improve the applying setting to allow your customers to make use of pure language to carry out particular duties associated to third-party functions — equivalent to Jira, Salesforce, and ServiceNow — immediately from inside their net expertise chat.
Enterprises which have adopted ServiceNow can enhance their operations and enhance consumer productiveness through the use of Amazon Q Enterprise for varied use circumstances, together with incident and data administration. Customers can search ServiceNow data base (KB) articles and incidents along with having the ability to create, handle, and observe incidents and KB articles, all from inside their net expertise chat.
On this publish, we’ll display the right way to configure an Amazon Q Enterprise software and add a customized plugin that offers customers the power to make use of a pure language interface supplied by Amazon Q Enterprise to question real-time information and take actions in ServiceNow. By the tip of this hands-on session, you must be capable of:
- Create an Amazon Q Enterprise software and combine it with ServiceNow utilizing a customized plugin.
- Use pure language in your Amazon Q net expertise chat to carry out learn and write actions in ServiceNow equivalent to querying and creating incidents and KB articles in a safe and ruled vogue.
Conditions
Earlier than continuing, just be sure you have the required AWS account permissions and providers enabled, together with entry to a ServiceNow setting with the required privileges for configuration.
AWS
ServiceNow
- Receive a ServiceNow Private Developer Occasion or use a clear ServiceNow developer setting. You have to an account that has admin privileges to carry out the configuration steps in ServiceNow.
Answer overview
The next structure diagram illustrates the workflow for Amazon Q Enterprise net expertise with enhanced capabilities to combine it seamlessly with ServiceNow.
The implementation contains the next steps:
- The answer begins with configuring Amazon Q Enterprise utilizing the AWS Administration Console. This contains establishing the applying setting, including customers to AWS IAM Id Middle, deciding on the suitable subscription tier, and configuring the net expertise for customers to work together with. The setting can optionally be configured to offer real-time information retrieval utilizing a local retriever, which pulls info from listed information sources, equivalent to Amazon Easy Storage Service (Amazon S3), throughout interactions.
- The subsequent step entails adjusting the worldwide controls and response settings for the applying setting guardrails to permit Amazon Q Enterprise to make use of its massive language mannequin (LLM) data to generate responses when it can’t discover responses out of your linked information sources.
- Integration with ServiceNow is achieved by establishing an OAuth Inbound software endpoint in ServiceNow, which authenticates and authorizes interactions between Amazon Q Enterprise and ServiceNow. This entails creating an OAuth API endpoint in ServiceNow and utilizing the net expertise URL from Amazon Q Enterprise because the callback URL. The setup makes positive that Amazon Q Enterprise can securely carry out actions in ServiceNow with the identical scoped permissions because the consumer signing in to ServiceNow.
- The ultimate step of the answer entails enhancing the applying setting with a customized plugin for ServiceNow utilizing APIs outlined in an OpenAPI schema. The plugin permits Amazon Q Enterprise to securely work together with ServiceNow’s REST APIs, enabling operations equivalent to querying, creating, and updating information dynamically and in actual time
Configuring the Amazon Q Enterprise software
To create an Amazon Q Enterprise software, check in to the Amazon Q Enterprise console.
As a prerequisite to creating an Amazon Q Enterprise software, observe the directions in Configuring an IAM Id Middle occasion part. Amazon Q Enterprise integrates with IAM Id Middle to allow managing consumer entry to your Amazon Q Enterprise software. That is the beneficial methodology for managing human entry to AWS sources and the tactic used for the aim of this weblog.
Amazon Q Enterprise additionally helps identification federation via IAM. Once you use identification federation, you possibly can handle customers along with your enterprise identification supplier (IdP) and use IAM to authenticate customers after they check in to Amazon Q Enterprise.
Create and configure the Amazon Q Enterprise software:
- Within the Amazon Q Enterprise console, select Software from the navigation pane after which select Create software.
- Enter the next info in your Amazon Q Enterprise software:
- Software title: Enter a reputation for fast identification, equivalent to
my-demo-application. - Service entry: Choose the Create and use a brand new service-linked function (SLR). A service-linked function is a novel kind of IAM function that’s linked on to Amazon Q Enterprise. Service-linked roles are predefined by Amazon Q Enterprise and embrace the permissions that the service requires to name different AWS providers in your behalf.
- Select Create.
- Software title: Enter a reputation for fast identification, equivalent to
- After creating your Amazon Q Enterprise software setting, create and choose the retriever and provision the index that can energy your generative AI net expertise. The retriever pulls information from the index in actual time throughout a dialog. On the Choose Retriever web page:
- Retrievers: Choose Use native retriever.
- Index provisioning: Choose Starter, which is good for proof-of-concept or developer workloads. See Index sorts for extra info.
- Variety of items: Enter
1. This means the capability items that you simply wish to provision in your index. Every unit is 20,000 paperwork. Select Subsequent. - Select Subsequent.
- After you choose a retriever in your Amazon Q Enterprise software setting, you possibly can optionally join different information sources to it. As a result of an information supply isn’t required for this session, we received’t configure one. For extra info on connecting information sources to an Amazon Q Enterprise software, see connecting information sources.
- As an account admin, you possibly can add customers to your IAM Id Middle occasion from the Amazon Q Enterprise console. After you add customers or teams to an software setting, you possibly can then select the Amazon Q Enterprise tier for every consumer or group. On the Add teams and customers web page:
- Select Add teams and customers.
- Within the Add new customers dialog field that opens, enter the main points of the consumer. The main points you need to enter for a single consumer embrace: Username, First title, Final title, e mail handle, Verify e mail handle, and Show title.
- Select Subsequent after which Add. The consumer is robotically added to an IAM Id Middle listing and an e mail invitation to affix Id Middle is shipped to the e-mail handle supplied.
- After including a consumer or group, select the Amazon Q Enterprise subscription tier for every consumer or group. From the Present subscription dropdown menu, choose Q Enterprise Professional.
- For the Internet expertise service entry, choose Create and use a brand new service function.
- Select Create software.
Upon profitable completion, Amazon Q Enterprise returns an online expertise URL that you may share with the customers you added to your software setting. The Internet expertise URL (on this case: https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/) shall be used when creating an OAuth software endpoint in ServiceNow. Notice that your net expertise URL shall be completely different from the one proven right here.
Enhancing an Amazon Q Enterprise software with guardrails
By default, an Amazon Q Enterprise software is configured to answer consumer chat queries utilizing solely enterprise information. As a result of we didn’t configure an information supply for the aim of this publish, you’ll use Admin controls and guardrails to permit Amazon Q to make use of its LLM world data to generate responses when it can’t discover responses out of your linked information sources.
Create a customized plugin for ServiceNow:
- From the Amazon Q Enterprise console, select Purposes within the navigation pane. Choose the title of your software from the checklist of functions.
- From the navigation pane, select Enhancements, after which select Admin Controls and guardrails.
- In World Controls, select Edit.
- In Response settings below Software guardrails, choose Permit Amazon Q to fall again to LLM data.
Configuring ServiceNow
To permit Amazon Q Enterprise to hook up with your ServiceNow occasion, it is advisable to create an OAuth inbound software endpoint. OAuth-based authentication validates the identification of the consumer that makes an attempt to ascertain a belief on the system through the use of an authentication protocol. For extra info, see OAuth Inbound and Outbound authentication.
Create an OAuth software endpoint for exterior consumer functions to entry the ServiceNow occasion:
- Within the ServiceNow console, navigate to All, then System OAuth, then Software Registry after which select New. On the interceptor web page, choose Create an OAuth API endpoint for exterior shoppers after which fill within the type with particulars for Identify and Redirect URL. The opposite fields are robotically generated by the ServiceNow OAuth server.
- The Redirect URL is the callback URL that the authorization server redirects to. Enter the net expertise URL of your Amazon Q Enterprise software setting (which is the consumer requesting entry to the useful resource), appended by
oauth/callback. - For this instance, the URL is:
https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/oauth/callback
- The Redirect URL is the callback URL that the authorization server redirects to. Enter the net expertise URL of your Amazon Q Enterprise software setting (which is the consumer requesting entry to the useful resource), appended by
- For Auth Scope, set the worth to
useraccount. The scope API response parameter defines the quantity of entry granted by the entry token, which signifies that the entry token has the identical rights because the consumer account that approved the token. For instance, if Abel Tuter authorizes an software by offering login credentials, then the ensuing entry token grants the token bearer the identical entry privileges as Abel Tuter. - Select Submit.
This creates an OAuth consumer software report and generates a consumer ID and consumer secret, which Amazon Q Enterprise must entry the restricted sources on the occasion. You have to this authentication info (consumer ID and consumer secret) within the following customized plugin configuration course of.
Enhancing the Amazon Q Enterprise software setting with customized plugins for ServiceNow
To combine with exterior functions, Amazon Q Enterprise makes use of APIs, that are configured as a part of the customized plugins.
Earlier than making a customized plugin, it is advisable to create or edit an OpenAPI schema, outlining the completely different API operations that you simply wish to allow in your customized plugin. Amazon Q Enterprise makes use of the configured third-party OpenAPI specs to dynamically decide which API operations to carry out to satisfy a consumer request. Due to this fact, the OpenAPI schema definition has a big effect on API choice accuracy and would possibly require design optimizations. With a purpose to maximize accuracy and enhance effectivity with an Amazon Q Enterprise customized plugin, observe the greatest practices for configuring OpenAPI schema definitions.
To configure a customized plugin, you need to outline at the very least one and a most of eight API operations that may be invoked. To outline the API operations, create an OpenAPI schema in JSON or YAML format. You may create OpenAPI schema recordsdata and add them to Amazon S3. Alternatively, you should utilize the OpenAPI textual content editor within the console, which is able to validate your schema.
For this publish, a working pattern of an OpenAPI Schema for ServiceNow is supplied in JSON format. Earlier than utilizing it, edit the template file and exchange <YOUR_SERVICENOW_INSTANCE_URL> within the following sections with the URL of your ServiceNow occasion.
You should utilize the REST API Explorer to browse out there APIs, API variations, and strategies for every API. The explorer lets you check REST API requests straight from the consumer interface. The Desk API supplies endpoints that assist you to carry out create, learn, replace, and delete (CRUD) operations on current tables. The calling consumer should have adequate roles to entry the info within the desk specified within the request. For extra info on assigning roles, see Managing roles.
{
"openapi": "3.0.1",
"data": {
"title": "Desk API",
"description": "Lets you carry out create, learn, replace and delete (CRUD) operations on current tables",
"model": "newest"
},
"externalDocs": {
"url": "https://docs.servicenow.com/?context=CSHelp:REST-Desk-API"
},
"servers": [
{
"url": "YOUR_SERVICENOW_INSTANCE_URL"
}
],
"paths": {
"/api/now/desk/{tableName}": {
"get": {
"description": "Retrieve information from a desk",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_query",
"in": "query",
"description": "An encoded query string used to filter the results like Incidents Numbers or Knowledge Base IDs etc",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_fields",
"in": "query",
"description": "A comma-separated list of fields to return in the response",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_limit",
"in": "query",
"description": "The maximum number of results returned per page",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {
"schema": {
"$ref": "#/parts/schemas/incident"
}
}
}
}
}
},
"publish": {
"description": "Create a report",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content material": {
"software/json": {
"schema": {
"kind": "object",
"properties": {
"short_description": {
"kind": "string",
"description": "Quick Description"
},
"description": {
"kind": "string",
"description": "Full Description for Incidents solely"
},
"caller_id": {
"kind": "string",
"description": "Caller Electronic mail"
},
"state": {
"kind": "string",
"description": "State of the incident",
"enum": [
"new",
"in_progress",
"resolved",
"closed"
]
},
"textual content": {
"kind": "string",
"description": "Article Physique Textual content for Data Bases Solely (KB)"
}
},
"required": [
"short_description",
"caller_id"
]
}
}
},
"required": true
},
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {}
}
}
}
}
},
"/api/now/desk/{tableName}/{sys_id}": {
"get": {
"description": "Retrieve a report",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_fields",
"in": "query",
"description": "A comma-separated list of fields to return in the response",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
},
"delete": {
"description": "Delete a report",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
},
"patch": {
"description": "Replace or modify a report",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content material": {
"software/json": {
"schema": {
"kind": "object",
"properties": {
"short_description": {
"kind": "string",
"description": "Quick Description"
},
"description": {
"kind": "string",
"description": "Full Description for Incidents solely"
},
"caller_id": {
"kind": "string",
"description": "Caller Electronic mail"
},
"state": {
"kind": "string",
"description": "State of the incident",
"enum": [
"new",
"in_progress",
"resolved",
"closed"
]
},
"textual content": {
"kind": "string",
"description": "Article Physique Textual content for Data Bases Solely (KB)"
}
},
"required": [
"short_description",
"caller_id"
]
}
}
},
"required": true
},
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
}
}
},
"parts": {
"schemas": {
"incident": {
"kind": "object",
"properties": {
"sys_id": {
"kind": "string",
"description": "Distinctive identifier for the incident"
},
"quantity": {
"kind": "string",
"description": "Incident quantity"
},
"short_description": {
"kind": "string",
"description": "Transient description of the incident"
}
}
}
},
"securitySchemes": {
"oauth2": {
"kind": "oauth2",
"flows": {
"authorizationCode": {
"authorizationUrl": "YOUR_SERVICENOW_INSTANCE_URL/oauth_auth.do",
"tokenUrl": "YOUR_SERVICENOW_INSTANCE_URL/oauth_token.do",
"scopes": {
"useraccount": "Entry equal to the consumer's account"
}
}
}
}
}
},
"safety": [
{
"oauth2": [
"useraccount"
]
}
]
}The URL for the ServiceNow occasion used on this publish is: https://devxxxxxx.service-now.com/. After updating the sections of the template with the URL for this particular occasion, the JSON ought to appear to be the next:
"servers": [
{
"url": "https://devxxxxxx.service-now.com/"
} "securitySchemes": {
"oauth2": {
"type": "oauth2",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://devxxxxxx.service-now.com/oauth_auth.do",
"tokenUrl": "https://devxxxxxx.service-now.com/oauth_token.do",
"scopes": {
"useraccount": "Access equivalent to the user's account"
}
}
}
}
}To create a custom plugin for ServiceNow:
-
- Sign in to the Amazon Q Business console.
- Choose Applications in the navigation pane, and then select your application from the list of applications.
- In the navigation pane, choose Enhancements, and then choose Plugins.
- In Plugins, choose Add plugin.
- In Add plugins, choose Custom plugin.
- In Custom plugin, enter the following information:
- In Name and description, for Plugin name: Enter a name for your Amazon Q plugin.
- In API schema, for API schema source, select Define with in-line OpenAPI schema editor.
- Select JSON as the format for the schema.
- Remove any sample schema that appears in the inline OpenAPI schema editor and replace it with the text from the provided sample JSON template, updated with your ServiceNow instance URL.
- In Authentication: Select Authentication required.
- For AWS Secrets Manager secret, choose Create and add a new secret. You need to store the ServiceNow OAuth authentication credentials in a Secrets Manager secret to connect your third-party application to Amazon Q. In the window that opens, enter the details in the form:
- Secret name: A name for your Secrets Manager secret.
- Client ID: The Client ID from ServiceNow OAuth configuration in the previous section.
- Client secret: The Client Secret from ServiceNow OAuth configuration in the previous section.
- OAuth callback URL: The URL the user needs to be redirected to after authentication. This will be your web experience URL. For this example, it’s: https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/oauth/callback. Amazon Q Business will handle OAuth tokens in this URL.
- In Choose a method to authorize Amazon Q Business: Select Create and add a new service role. The console will generate a service role name. To connect Amazon Q Business to third-party applications that require authentication, you need to give the Amazon Q role permissions to access your Secrets Manager secret. This will enable an Amazon Q Business custom plugin to access the credentials needed to sign in to the third-party service.
- Choose Add plugin to add your plugin.
Upon successful completion, the plugin will appear under Plugins with Build status of Ready and Plugin status Active.
Using Amazon Q Business web experience chat to take actions in ServiceNow
Users can launch your Amazon Q Business web experience in two ways:
- AWS access portal URL provided in an invitation email sent to the user to join AWS IAM Identity Center.
- Web experience URL shared by the admin.
Navigate to the deployed web experience URL and sign with your AWS IAM Identity Center credentials.
After signing in, choose the New conversation icon in the left-hand menu to start a conversation.
Example: Search Knowledge Base Articles in ServiceNow for user issue and create an incident
The following chat conversation example illustrates a typical use case of Amazon Q Business integrated with custom plugins for ServiceNow. These features allow you to perform a wide range of tasks tailored to your organization’s needs.
In this example, we initiate a conversation in the web experience chat to search for KB articles related to ”log in issues” in ServiceNow by invoking a plugin action. After the user submits a prompt, Amazon Q Business queries ServiceNow through the appropriate API to retrieve the results and provides a response with related KB articles. We then proceed by asking Amazon Q Business for more details to see if any of the KB articles directly addresses the user’s issue. When no relevant KB articles pertaining to the user’s issue are found, we ask Amazon Q Business to summarize the conversation and create a new incident in ServiceNow, making sure the issue is logged for resolution.
User prompt 1 – I am having issues logging in to the intranet and want to know if there are any ServiceNow KB articles on log-in issues. Perform the search on both Short Description and Text field using LIKE operator
Before submitting the preceding prompt for an action to create an incident in ServiceNow, choose the vertical ellipsis to open Conversation settings, then choose Use a Plugin to select the corresponding custom plugin for ServiceNow.
If this is the first time a user is accessing the custom plugin or if their past sign-in has expired, the user will need to authenticate. After authenticating successfully, Amazon Q Business will perform the requested task.
Choose Authorize.
If the user isn’t already signed in to ServiceNow, they will be prompted to enter their credentials. For this example, the user signing in to ServiceNow is the admin user and API actions performed in ServiceNow by Amazon Q Business on behalf of the user will have the same level of access as the user within ServiceNow.
Choose Allow for Amazon Q Business to connect to ServiceNow and perform the requested task on your behalf.
Upon executing the user’s request after verifying that they are authorized, Amazon Q Business responds with the information that it retrieved. We then proceed to retrieve additional details with the following prompt.
User prompt 2 – Can you list the KB number and short description in a tabular form?
Because there no KB articles related the user’s issue were found, we will ask Amazon Q to summarize the conversation context to create an incident with the following prompt.
User prompt 3 – The error I get is "Unable to Login After System Upgrade". Summarize my issue and create an incident with detailed description and add a note that this needs to be resolved asap.
In response to your prompt for an action, Amazon Q displays a review form where you can modify or fill in the necessary information.
To successfully complete the action, choose submit.
Note: The caller_id value entered in the following example is a valid ServiceNow user.
Your web experience will display a success message if the action succeeds, or an error message if the action fails. In this case, the action succeeded and Amazon Q Business responded accordingly.
The following screenshot shows that the incident was created successfully in ServiceNow.
Troubleshooting common errors
To have a seamless experience with third-party application integrations, it’s essential to thoroughly test, identify, and troubleshoot unexpected behavior.
A common error encountered in Amazon Q Business is API Response too large, which occurs when an API response size exceeds the current limit of 100 KB. While prompting techniques are essential for obtaining accurate and relevant answers, optimizing API responses to include only the necessary and relevant data is crucial for better response times and enhanced user experience.
The REST API Explorer (shown in the following figure) in ServiceNow is a tool that allows developers and administrators to interact with and test the ServiceNow REST APIs directly from within the ServiceNow environment. It provides a user-friendly interface for making API requests, viewing responses, and understanding the available endpoints and data structures. Using this tool simplifies the process of testing and integrating with ServiceNow.
Clean up
To clean up AWS configurations, sign in to the Amazon Q Business console.
- From the Amazon Q Business console, in Applications, select the application that you want to delete.
- Choose Actions and select Delete.
- To confirm deletion, enter
Delete.
This will take a few minutes to finish. When completed, the application and the configured custom plugin will be deleted.
When you delete the Amazon Q Business application, the users created as part of the configuration are not automatically deleted from IAM Identity Center. Use the instructions in Delete users in IAM Identity Center to delete the users created for this post.
To clean up in ServiceNow, release the Personal Developer Instance provisioned for this post by following the instructions in the ServiceNow Documentation.
Conclusion
The integration of generative AI-powered assistants such as Amazon Q Business with enterprise systems such as ServiceNow offers significant benefits for organizations. By using natural language processing capabilities, enterprises can streamline operations, enhance user productivity, and deliver better customer experiences. The ability to query real-time data and create incidents and knowledge articles through a secure and governed chat interface transforms how users interact with enterprise data and applications. As demonstrated in this post, enhancing Amazon Q Business to integrate with ServiceNow using custom plugins empowers users to perform complex tasks effortlessly, driving efficiency across various business functions. Adopting this technology not only modernizes workflows, but also positions enterprises at the forefront of innovation.
Learn more
About the Author
Siddhartha Angara is a Senior Solutions Architect at Amazon Web Services. He helps enterprise customers design and build well-architected solutions in the cloud, accelerate cloud adoption, and build Machine Learning and Generative AI applications. He enjoys playing the guitar, reading and family time!
