Domain Separation in ServiceNow

  • By Aelum Consulting
  • January 27, 2022

This blog will explain to you the basic concept of domain separation. What is the purpose of domain separation? How it can be configured in the ServiceNow platform based on the business needs? What all modules are present and how domain hierarchy works?

What is ServiceNow Domain separation?

Domain separation is a way to separate data into (and optionally to separate administration by) logically-defined domains. Domain separation is extremely well-suited for Managed Service Providers (MSPs) and global enterprises with unique business requirements in various areas of the world.

ServiceNow Domain Separation

ServiceNow Domain Separation

Global Companies with unique business requirements for different parts of the world can segment and customize their instances.

Why ServiceNow Domain separation?

ServiceNow Domain separation is best for those customers who:

  • Need to enforce absolute data segregation between business entities (data separation).
  • Customize business process definitions and user interfaces for each domain (delegated administration).
  • Maintain some global processes and global reporting in a single instance.
  • Separate data between service providers, customers, partners, or sub-organizations.
  • Have minor or moderate process differences among customers.

ServiceNow Domain Separation

ServiceNow Domain separation compared to separate instances

While ServiceNow domain separation provides multi-tenancy support, multi-tenancy is still contained within a single instance. Some global properties, data, and processes are shared across all domains. For example, having the system Remember me on the login page of the system is global and cannot be specified per domain.

If you need complete and total separation of all system properties and do not require global reporting or global processes, then separate instances are the best option.

What can be separated?

In general, the instance has some global properties, data, and processes that are shared across all domains. But since domain separation is a concept of organizing different processes for different departments of an organization, below are a few points that explain what can be separated using domain separation:

  • Each domain can have its own set of data that other domains cannot see. Tenants can be granted access to other tenant data but can’t query tenant data that they don’t have access to. Users, including the customer accounts that are used for integrations, see only the data in the domains they have permission to access. Customers, agents, and fulfillers see data that pertains to the customers and organizations that they support.
  • Each domain in a ServiceNow Instance can have unique functions and processes. Creates tenant-specific system policies such as email notifications, business rules, client scripts, UI policy, and UI actions.
  • Each domain in the instance can have a different user interface. Supports a tenant-specific experience for UI elements such as views, lists, labels, and so on.

Service providers can alter the displayed branding and UI elements to meet individual customer needs.

 Domain Hierarchy

Domain hierarchies help to organize multiple domains and define the relationships between them. It also established parent/child relationships between domains.

Domain Hierarchy

Below shows a brief about domain hierarchy.

Data Separation Vs Process Separation

Data separation is enforced at the database level through the use of the sys_domain column in tables. To make a customer table domain-separated, add the sys_domain field to the table. When a customer logs n under a domain and pulls up a domain-separated table, the system uses built-in queries to pull data only from that domain.

Process separation is enabled through the use of sys_overrides column. Any table that contains both the sys_domain and sys_overrides field can be configured to have different processes from the parent domain. We can choose to not separate data just processes.

System policies functions can be domain-specific:

  • Assignment rules
  • Approval rules
  • SLA management
  • Inactivity monitors
  • Email Notifications
  • Business Rules
  • Client Scripts
  • UI Policies
  • UI Actions

Forms, lists, Related Lists, and Choice lists can also be domain-specific. Service providers can even customize the branding and user interface elements for a domain.

Controlling Visibility

The domain_contains table allows users of a domain (the ‘containing’ domain) to see data from another domain (the ‘contained’ domain). This applies to data only not processes.

The sys_user_visibilty and sys_user_group_visibilty tables allow specific users or groups to view data for a domain that they couldn’t otherwise access in the hierarchy.

Configure ServiceNow Domain Separation

End-users can raise a support ticket in their instances to get domain separation configured as per their need.

Configure Domain Separation

Configure ServiceNow Domain Separation

As a developer to set up the Domain Separation, Admin needs to activate the plugin “Domain Support-Domain Extensions Installer” through the developer instance by using the URL – https://developer.servicenow.com/dev.do

Wait for some time to get the plugin activated to your instance.

Once activated, one can see the ‘Domain Admin’ application menu in the Application Navigator.

Make use of the ServiceNow Domain Admin application

Domains Module: –

  1. Through this, the admin can create a new domain as per requirement.
  2. Also, the admin can make changes in the existing domain.
  3. While creating a domain admin should keep in mind that: –
    • There can be only one primary domain
    • There can be only one default domain

Domain Admin application

Domain Map Module

Domain Map Module

  • Domain Map shows the graphical representation of the domains.
  • This map shows the Primary, Parent, and Default domains in the hierarchy.
  • OOTB ServiceNow has provided Top as a primary domain and Default as a default domain.
  • Let’s have a look at some demo domains under domain hierarchy as below:

How to select a domain?

Enabling the Domain picker through system settings enables the Domain selector by default. Through Domain selector one can select a domain from the list of available Domains.

ServiceNow Domain Separation

Important note

Some tables and applications should never be domain-separated. When the domain Separation plugin s activated, the system adds the following tables as non_domain_separatable:

  • Security Black/White list entities
  •   ACLs
  • Dictionary
  • System Properties
  • Script Includes


ServiceNow Domain Separation

In this blog, we stated a brief idea on what is domain separation, some use cases, and how it can be configured in any instance. Let’s have a summary of what we have seen so far:

  • A Domain hierarchy is a structure of domains within an instance.
  • System policy functions can be defined globally or specifically for a particular domain.
  • Global processes apply to all children.
  • A caution everyone should consider is to challenge yourself on why you can’t live on a single instance without  domain separation prior to making the  decision to move forward.  If you are close to the baseline and do not have complex needs for your company, domain separation may be the answer for you.

Thanks For Reading
Read More on Aelum Blogs

Author: Mokara Harish
Designation: ServiceNow Developer



1 thought on “Domain Separation in ServiceNow”

Leave a Reply

Your email address will not be published. Required fields are marked *

Supportscreen tag