Skip to main content
Loadout
Guide2 min read

ServiceNow MCP server: connect ITSM to Claude & Cursor (2026)

ServiceNow now ships native MCP support. Wire incidents, the CMDB, change records and knowledge into your AI client — and govern it. The clean setup.

A ServiceNow MCP server lets an AI agent reach into your instance over the Model Context Protocol — querying incidents, records across tables, the CMDB, change and problem records, and knowledge articles, and writing back to create or update records on the connecting user's behalf. As of mid-2026 ServiceNow supports this natively, and there are mature community servers too. Here's how to pick and set up.

Three ways to connect

There are three realistic paths in 2026. ServiceNow Native MCP (shipped in the Zurich release) is the official route — ServiceNow runs both MCP server and client functions, governed centrally by AI Control Tower, which is the right choice for production where audit and policy matter. Community servers like echelon-ai-labs/servicenow-mcp give you a local, fully-controllable server that's perfect for development and demos. And integration platforms (Composio, Merge) broker the connection through a single CLI if you'd rather not manage credentials yourself.

Quick start with a community server

For a fast local demo, the community mcp-server-servicenow runs over uvx and connects with basic auth to a developer instance (PDI):

claude mcp add servicenow -- uvx mcp-server-servicenow \
  --instance-url https://your-pdi.service-now.com \
  --auth-type basic --username admin --password your-password

Or in a Claude Desktop / Cursor config:

{
  "mcpServers": {
    "servicenow": {
      "command": "uvx",
      "args": ["mcp-server-servicenow", "--instance-url",
        "https://your-pdi.service-now.com", "--auth-type", "basic"]
    }
  }
}

Restart the client; see MCP config file location. For production, prefer OAuth over basic auth and use the native server.

Verify

Ask: "List my five most recent active incidents and their priority." Real records back means you're connected and the account's ACLs allow the read. ServiceNow enforces its own access control, so the agent can never see more than the authenticated user can.

Common problems

  • 401 / auth errors — basic auth is fine for a PDI but often disabled on managed instances; switch to OAuth and a registered application.
  • Empty results on a table — the connecting user lacks the ACL for that table, not a server bug. Adjust the role, not the server.
  • Tools missing after install — fully restart the client; a reload isn't always enough to pick up a new server.

Govern it before you scale it

ServiceNow holds some of the most sensitive operational data in the enterprise, and a write-capable agent can create or close real change records. Run it behind the native governance layer (AI Control Tower) or an MCP gateway with DLP and approval gates, connect with a least-privilege role, and keep a human in the loop for write actions — elicitation is a clean way to add that confirmation. See MCP security best practices and MCP permission scoping patterns.

Going further

ServiceNow pairs with Jira and Confluence for a full operations loop, and with an incident-response agent for on-call work. Browse the productivity category or wire it into a devops-sre loadout. Built a ServiceNow server? Submit it.

Loadout

Build your AI agent loadout

The directory of MCP servers and AI agents that actually work. Pick the right loadout for Slack, Postgres, GitHub, Figma and 20+ integrations — with install commands ready to paste into Claude Desktop, Cursor or your own stack.

Contact
© 2026 Loadout. Built on Angular 21 SSR.