Utilizing pure language in Amazon Q Enterprise: From looking and creating ServiceNow incidents and information articles to producing insights
Many enterprise clients throughout numerous industries want to undertake Generative AI to drive innovation, consumer productiveness, and improve buyer expertise. Generative AI–powered assistants similar to Amazon Q Business could be configured to reply questions, present summaries, generate content material, and securely full duties based mostly on information and data in your enterprise techniques. Amazon Q Enterprise understands pure language and permits customers to obtain rapid, permissions-aware responses from enterprise information sources with citations. This functionality helps numerous use instances similar to IT, HR, and assist desk.
With custom plugins for Amazon Q Enterprise, you’ll be able to improve the appliance setting to allow your customers to make use of pure language to carry out particular duties associated to third-party functions — similar to Jira, Salesforce, and ServiceNow — straight from inside their internet expertise chat.
Enterprises which have adopted ServiceNow can enhance their operations and enhance consumer productiveness through the use of Amazon Q Enterprise for numerous use instances, together with incident and information administration. Customers can search ServiceNow information base (KB) articles and incidents along with having the ability to create, handle, and observe incidents and KB articles, all from inside their internet expertise chat.
On this submit, we’ll reveal tips on how to configure an Amazon Q Enterprise software and add a customized plugin that provides customers the power to make use of a pure language interface offered by Amazon Q Enterprise to question real-time information and take actions in ServiceNow. By the tip of this hands-on session, it is best to be capable of:
- Create an Amazon Q Enterprise software and combine it with ServiceNow utilizing a customized plugin.
- Use pure language in your Amazon Q internet expertise chat to carry out learn and write actions in ServiceNow similar to querying and creating incidents and KB articles in a safe and ruled style.
Conditions
Earlier than continuing, just be sure you have the required AWS account permissions and companies enabled, together with entry to a ServiceNow setting with the required privileges for configuration.
AWS
ServiceNow
- Acquire a ServiceNow Personal Developer Instance or use a clear ServiceNow developer setting. You will want an account that has admin privileges to carry out the configuration steps in ServiceNow.
Resolution overview
The next structure diagram illustrates the workflow for Amazon Q Enterprise internet expertise with enhanced capabilities to combine it seamlessly with ServiceNow.
The implementation consists of the next steps:
- The answer begins with configuring Amazon Q Enterprise utilizing the AWS Administration Console. This consists of organising the appliance setting, including customers to AWS IAM Identity Center, choosing the suitable subscription tier, and configuring the online expertise for customers to work together with. The setting can optionally be configured to offer real-time information retrieval utilizing a local retriever, which pulls data from listed information sources, similar to Amazon Simple Storage Service (Amazon S3), throughout interactions.
- The following step entails adjusting the worldwide controls and response settings for the appliance setting guardrails to permit Amazon Q Enterprise to make use of its massive language mannequin (LLM) information to generate responses when it can’t discover responses out of your related information sources.
- Integration with ServiceNow is achieved by organising an OAuth Inbound application endpoint in ServiceNow, which authenticates and authorizes interactions between Amazon Q Enterprise and ServiceNow. This entails creating an OAuth API endpoint in ServiceNow and utilizing the online expertise URL from Amazon Q Enterprise because the callback URL. The setup makes positive that Amazon Q Enterprise can securely carry out actions in ServiceNow with the identical scoped permissions because the consumer signing in to ServiceNow.
- The ultimate step of the answer entails enhancing the appliance setting with a customized plugin for ServiceNow utilizing APIs outlined in an OpenAPI schema. The plugin permits Amazon Q Enterprise to securely work together with ServiceNow’s REST APIs, enabling operations similar to querying, creating, and updating information dynamically and in actual time
Configuring the Amazon Q Enterprise software
To create an Amazon Q Business application, sign up to the Amazon Q Business console.
As a prerequisite to creating an Amazon Q Enterprise software, observe the directions in Configuring an IAM Identity Center instance part. Amazon Q Enterprise integrates with IAM Identification Heart to allow managing consumer entry to your Amazon Q Enterprise software. That is the beneficial technique for managing human entry to AWS assets and the strategy used for the aim of this weblog.
Amazon Q Enterprise additionally helps identity federation by means of IAM. While you use id federation, you’ll be able to handle customers together with your enterprise id supplier (IdP) and use IAM to authenticate customers once they sign up to Amazon Q Enterprise.
Create and configure the Amazon Q Enterprise software:
- Within the Amazon Q Enterprise console, select Utility from the navigation pane after which select Create software.
- Enter the next data on your Amazon Q Enterprise software:
- Utility title: Enter a reputation for fast identification, similar to
my-demo-application. - Service entry: Choose the Create and use a brand new service-linked function (SLR). A service-linked role is a singular kind of IAM function that’s linked on to Amazon Q Enterprise. Service-linked roles are predefined by Amazon Q Enterprise and embrace the permissions that the service requires to name different AWS companies in your behalf.
- Select Create.
- Utility title: Enter a reputation for fast identification, similar to
- After creating your Amazon Q Enterprise software setting, create and choose the retriever and provision the index that may energy your generative AI internet expertise. The retriever pulls information from the index in actual time throughout a dialog. On the Choose Retriever web page:
- Retrievers: Choose Use native retriever.
- Index provisioning: Choose Starter, which is right for proof-of-concept or developer workloads. See Index types for extra data.
- Variety of items: Enter
1. This means the capability items that you just need to provision on your index. Every unit is 20,000 paperwork. Select Subsequent. - Select Subsequent.
- After you choose a retriever on your Amazon Q Enterprise software setting, you’ll be able to optionally join different information sources to it. As a result of a knowledge supply isn’t required for this session, we received’t configure one. For extra data on connecting information sources to an Amazon Q Enterprise software, see connecting data sources.
- As an account admin, you’ll be able to add customers to your IAM Identity Center occasion from the Amazon Q Enterprise console. After you add customers or teams to an software setting, you’ll be able to then select the Amazon Q Enterprise tier for every consumer or group. On the Add teams and customers web page:
- Select Add teams and customers.
- Within the Add new customers dialog field that opens, enter the main points of the consumer. The main points you need to enter for a single consumer embrace: Username, First title, Final title, electronic mail tackle, Affirm electronic mail tackle, and Show title.
- Select Subsequent after which Add. The consumer is routinely added to an IAM Identification Heart listing and an electronic mail invitation to hitch Identification Heart is distributed to the e-mail tackle offered.
- After including a consumer or group, select the Amazon Q Enterprise subscription tier for every consumer or group. From the Present subscription dropdown menu, choose Q Enterprise Professional.
- For the Net expertise service entry, choose Create and use a brand new service function.
- Select Create software.
Upon profitable completion, Amazon Q Enterprise returns an internet expertise URL which you could share with the customers you added to your software setting. The Net expertise URL (on this case: https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/) might be used when creating an OAuth application endpoint in ServiceNow. Be aware that your internet expertise URL might be totally different from the one proven right here.
Enhancing an Amazon Q Enterprise software with guardrails
By default, an Amazon Q Enterprise software is configured to reply to consumer chat queries utilizing solely enterprise information. As a result of we didn’t configure a knowledge supply for the aim of this submit, you’ll use Admin controls and guardrails to permit Amazon Q to make use of its LLM world information to generate responses when it can’t discover responses out of your related information sources.
Create a customized plugin for ServiceNow:
- From the Amazon Q Enterprise console, select Functions within the navigation pane. Choose the title of your software from the record of functions.
- From the navigation pane, select Enhancements, after which select Admin Controls and guardrails.
- In International Controls, select Edit.
- In Response settings below Utility guardrails, choose Enable Amazon Q to fall again to LLM information.
Configuring ServiceNow
To permit Amazon Q Enterprise to connect with your ServiceNow occasion, you could create an OAuth inbound software endpoint. OAuth-based authentication validates the id of the shopper that makes an attempt to determine a belief on the system through the use of an authentication protocol. For extra data, see OAuth Inbound and Outbound authentication.
Create an OAuth application endpoint for exterior shopper functions to entry the ServiceNow occasion:
- Within the ServiceNow console, navigate to All, then System OAuth, then Utility Registry after which select New. On the interceptor web page, choose Create an OAuth API endpoint for exterior purchasers after which fill within the kind with particulars for Identify and Redirect URL. The opposite fields are routinely generated by the ServiceNow OAuth server.
- The Redirect URL is the callback URL that the authorization server redirects to. Enter the online expertise URL of your Amazon Q Enterprise software setting (which is the shopper requesting entry to the useful resource), appended by
oauth/callback. - For this instance, the URL is:
https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/oauth/callback
- The Redirect URL is the callback URL that the authorization server redirects to. Enter the online expertise URL of your Amazon Q Enterprise software setting (which is the shopper requesting entry to the useful resource), appended by
- For Auth Scope, set the worth to
useraccount. The scope API response parameter defines the quantity of entry granted by the entry token, which implies that the entry token has the identical rights because the consumer account that approved the token. For instance, if Abel Tuter authorizes an software by offering login credentials, then the ensuing entry token grants the token bearer the identical entry privileges as Abel Tuter. - Select Submit.
This creates an OAuth shopper software document and generates a shopper ID and shopper secret, which Amazon Q Enterprise must entry the restricted assets on the occasion. You will want this authentication data (shopper ID and shopper secret) within the following customized plugin configuration course of.
Enhancing the Amazon Q Enterprise software setting with customized plugins for ServiceNow
To combine with exterior functions, Amazon Q Enterprise makes use of APIs, that are configured as a part of the customized plugins.
Earlier than making a customized plugin, you could create or edit an OpenAPI schema, outlining the totally different API operations that you just need to allow on your customized plugin. Amazon Q Enterprise makes use of the configured third-party OpenAPI specifications to dynamically decide which API operations to carry out to satisfy a consumer request. Subsequently, the OpenAPI schema definition has a huge impact on API choice accuracy and may require design optimizations. In an effort to maximize accuracy and enhance effectivity with an Amazon Q Enterprise customized plugin, observe the best practices for configuring OpenAPI schema definitions.
To configure a customized plugin, you need to outline a minimum of one and a most of eight API operations that may be invoked. To outline the API operations, create an OpenAPI schema in JSON or YAML format. You’ll be able to create OpenAPI schema recordsdata and add them to Amazon S3. Alternatively, you should use the OpenAPI textual content editor within the console, which can validate your schema.
For this submit, a working pattern of an OpenAPI Schema for ServiceNow is offered in JSON format. Earlier than utilizing it, edit the template file and change <YOUR_SERVICENOW_INSTANCE_URL> within the following sections with the URL of your ServiceNow occasion.
You should utilize the REST API Explorer to browse obtainable APIs, API variations, and strategies for every API. The explorer lets you take a look at REST API requests straight from the consumer interface. The Table API offers endpoints that will let you carry out create, learn, replace, and delete (CRUD) operations on current tables. The calling consumer will need to have ample roles to entry the info within the desk specified within the request. For extra data on assigning roles, see Managing roles.
{
"openapi": "3.0.1",
"data": {
"title": "Desk API",
"description": "Permits you to carry out create, learn, replace and delete (CRUD) operations on current tables",
"model": "newest"
},
"externalDocs": {
"url": "https://docs.servicenow.com/?context=CSHelp:REST-Desk-API"
},
"servers": [
{
"url": "YOUR_SERVICENOW_INSTANCE_URL"
}
],
"paths": {
"/api/now/desk/{tableName}": {
"get": {
"description": "Retrieve information from a desk",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_query",
"in": "query",
"description": "An encoded query string used to filter the results like Incidents Numbers or Knowledge Base IDs etc",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_fields",
"in": "query",
"description": "A comma-separated list of fields to return in the response",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_limit",
"in": "query",
"description": "The maximum number of results returned per page",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {
"schema": {
"$ref": "#/elements/schemas/incident"
}
}
}
}
}
},
"submit": {
"description": "Create a document",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content material": {
"software/json": {
"schema": {
"kind": "object",
"properties": {
"short_description": {
"kind": "string",
"description": "Brief Description"
},
"description": {
"kind": "string",
"description": "Full Description for Incidents solely"
},
"caller_id": {
"kind": "string",
"description": "Caller E-mail"
},
"state": {
"kind": "string",
"description": "State of the incident",
"enum": [
"new",
"in_progress",
"resolved",
"closed"
]
},
"textual content": {
"kind": "string",
"description": "Article Physique Textual content for Information Bases Solely (KB)"
}
},
"required": [
"short_description",
"caller_id"
]
}
}
},
"required": true
},
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {}
}
}
}
}
},
"/api/now/desk/{tableName}/{sys_id}": {
"get": {
"description": "Retrieve a document",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sysparm_fields",
"in": "query",
"description": "A comma-separated list of fields to return in the response",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
},
"delete": {
"description": "Delete a document",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
},
"patch": {
"description": "Replace or modify a document",
"parameters": [
{
"name": "tableName",
"in": "path",
"description": "Table Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "sys_id",
"in": "path",
"description": "Sys ID",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content material": {
"software/json": {
"schema": {
"kind": "object",
"properties": {
"short_description": {
"kind": "string",
"description": "Brief Description"
},
"description": {
"kind": "string",
"description": "Full Description for Incidents solely"
},
"caller_id": {
"kind": "string",
"description": "Caller E-mail"
},
"state": {
"kind": "string",
"description": "State of the incident",
"enum": [
"new",
"in_progress",
"resolved",
"closed"
]
},
"textual content": {
"kind": "string",
"description": "Article Physique Textual content for Information Bases Solely (KB)"
}
},
"required": [
"short_description",
"caller_id"
]
}
}
},
"required": true
},
"responses": {
"200": {
"description": "okay",
"content material": {
"software/json": {},
"software/xml": {},
"textual content/xml": {}
}
}
}
}
}
},
"elements": {
"schemas": {
"incident": {
"kind": "object",
"properties": {
"sys_id": {
"kind": "string",
"description": "Distinctive identifier for the incident"
},
"quantity": {
"kind": "string",
"description": "Incident quantity"
},
"short_description": {
"kind": "string",
"description": "Temporary description of the incident"
}
}
}
},
"securitySchemes": {
"oauth2": {
"kind": "oauth2",
"flows": {
"authorizationCode": {
"authorizationUrl": "YOUR_SERVICENOW_INSTANCE_URL/oauth_auth.do",
"tokenUrl": "YOUR_SERVICENOW_INSTANCE_URL/oauth_token.do",
"scopes": {
"useraccount": "Entry equal to the consumer's account"
}
}
}
}
}
},
"safety": [
{
"oauth2": [
"useraccount"
]
}
]
}The URL for the ServiceNow occasion used on this submit is: https://devxxxxxx.service-now.com/. After updating the sections of the template with the URL for this particular occasion, the JSON ought to appear to be the next:
"servers": [
{
"url": "https://devxxxxxx.service-now.com/"
} "securitySchemes": {
"oauth2": {
"type": "oauth2",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://devxxxxxx.service-now.com/oauth_auth.do",
"tokenUrl": "https://devxxxxxx.service-now.com/oauth_token.do",
"scopes": {
"useraccount": "Access equivalent to the user's account"
}
}
}
}
}To create a custom plugin for ServiceNow:
-
- Sign in to the Amazon Q Business console.
- Choose Applications in the navigation pane, and then select your application from the list of applications.
- In the navigation pane, choose Enhancements, and then choose Plugins.
- In Plugins, choose Add plugin.
- In Add plugins, choose Custom plugin.
- In Custom plugin, enter the following information:
- In Name and description, for Plugin name: Enter a name for your Amazon Q plugin.
- In API schema, for API schema source, select Define with in-line OpenAPI schema editor.
- Select JSON as the format for the schema.
- Remove any sample schema that appears in the inline OpenAPI schema editor and replace it with the text from the provided sample JSON template, updated with your ServiceNow instance URL.
- In Authentication: Select Authentication required.
- For AWS Secrets Manager secret, choose Create and add a new secret. You need to store the ServiceNow OAuth authentication credentials in a Secrets Manager secret to connect your third-party application to Amazon Q. In the window that opens, enter the details in the form:
- Secret name: A name for your Secrets Manager secret.
- Client ID: The Client ID from ServiceNow OAuth configuration in the previous section.
- Client secret: The Client Secret from ServiceNow OAuth configuration in the previous section.
- OAuth callback URL: The URL the user needs to be redirected to after authentication. This will be your web experience URL. For this example, it’s: https://xxxxxxxx.chat.qbusiness.us-east-1.on.aws/oauth/callback. Amazon Q Business will handle OAuth tokens in this URL.
- In Choose a method to authorize Amazon Q Business: Select Create and add a new service role. The console will generate a service role name. To connect Amazon Q Business to third-party applications that require authentication, you need to give the Amazon Q role permissions to access your Secrets Manager secret. This will enable an Amazon Q Business custom plugin to access the credentials needed to sign in to the third-party service.
- Choose Add plugin to add your plugin.
Upon successful completion, the plugin will appear under Plugins with Build status of Ready and Plugin status Active.
Using Amazon Q Business web experience chat to take actions in ServiceNow
Users can launch your Amazon Q Business web experience in two ways:
- AWS access portal URL provided in an invitation email sent to the user to join AWS IAM Identity Center.
- Web experience URL shared by the admin.
Navigate to the deployed web experience URL and sign with your AWS IAM Identity Center credentials.
After signing in, choose the New conversation icon in the left-hand menu to start a conversation.
Example: Search Knowledge Base Articles in ServiceNow for user issue and create an incident
The following chat conversation example illustrates a typical use case of Amazon Q Business integrated with custom plugins for ServiceNow. These features allow you to perform a wide range of tasks tailored to your organization’s needs.
In this example, we initiate a conversation in the web experience chat to search for KB articles related to ”log in issues” in ServiceNow by invoking a plugin action. After the user submits a prompt, Amazon Q Business queries ServiceNow through the appropriate API to retrieve the results and provides a response with related KB articles. We then proceed by asking Amazon Q Business for more details to see if any of the KB articles directly addresses the user’s issue. When no relevant KB articles pertaining to the user’s issue are found, we ask Amazon Q Business to summarize the conversation and create a new incident in ServiceNow, making sure the issue is logged for resolution.
User prompt 1 – I am having issues logging in to the intranet and want to know if there are any ServiceNow KB articles on log-in issues. Perform the search on both Short Description and Text field using LIKE operator
Before submitting the preceding prompt for an action to create an incident in ServiceNow, choose the vertical ellipsis to open Conversation settings, then choose Use a Plugin to select the corresponding custom plugin for ServiceNow.
If this is the first time a user is accessing the custom plugin or if their past sign-in has expired, the user will need to authenticate. After authenticating successfully, Amazon Q Business will perform the requested task.
Choose Authorize.
If the user isn’t already signed in to ServiceNow, they will be prompted to enter their credentials. For this example, the user signing in to ServiceNow is the admin user and API actions performed in ServiceNow by Amazon Q Business on behalf of the user will have the same level of access as the user within ServiceNow.
Choose Allow for Amazon Q Business to connect to ServiceNow and perform the requested task on your behalf.
Upon executing the user’s request after verifying that they are authorized, Amazon Q Business responds with the information that it retrieved. We then proceed to retrieve additional details with the following prompt.
User prompt 2 – Can you list the KB number and short description in a tabular form?
Because there no KB articles related the user’s issue were found, we will ask Amazon Q to summarize the conversation context to create an incident with the following prompt.
User prompt 3 – The error I get is "Unable to Login After System Upgrade". Summarize my issue and create an incident with detailed description and add a note that this needs to be resolved asap.
In response to your prompt for an action, Amazon Q displays a review form where you can modify or fill in the necessary information.
To successfully complete the action, choose submit.
Note: The caller_id value entered in the following example is a valid ServiceNow user.
Your web experience will display a success message if the action succeeds, or an error message if the action fails. In this case, the action succeeded and Amazon Q Business responded accordingly.
The following screenshot shows that the incident was created successfully in ServiceNow.
Troubleshooting common errors
To have a seamless experience with third-party application integrations, it’s essential to thoroughly test, identify, and troubleshoot unexpected behavior.
A common error encountered in Amazon Q Business is API Response too large, which occurs when an API response size exceeds the current limit of 100 KB. While prompting techniques are essential for obtaining accurate and relevant answers, optimizing API responses to include only the necessary and relevant data is crucial for better response times and enhanced user experience.
The REST API Explorer (shown in the following figure) in ServiceNow is a tool that allows developers and administrators to interact with and test the ServiceNow REST APIs directly from within the ServiceNow environment. It provides a user-friendly interface for making API requests, viewing responses, and understanding the available endpoints and data structures. Using this tool simplifies the process of testing and integrating with ServiceNow.
Clean up
To clean up AWS configurations, sign in to the Amazon Q Business console.
- From the Amazon Q Business console, in Applications, select the application that you want to delete.
- Choose Actions and select Delete.
- To confirm deletion, enter
Delete.
This will take a few minutes to finish. When completed, the application and the configured custom plugin will be deleted.
When you delete the Amazon Q Business application, the users created as part of the configuration are not automatically deleted from IAM Identity Center. Use the instructions in Delete users in IAM Identity Center to delete the users created for this post.
To clean up in ServiceNow, release the Personal Developer Instance provisioned for this post by following the instructions in the ServiceNow Documentation.
Conclusion
The integration of generative AI-powered assistants such as Amazon Q Business with enterprise systems such as ServiceNow offers significant benefits for organizations. By using natural language processing capabilities, enterprises can streamline operations, enhance user productivity, and deliver better customer experiences. The ability to query real-time data and create incidents and knowledge articles through a secure and governed chat interface transforms how users interact with enterprise data and applications. As demonstrated in this post, enhancing Amazon Q Business to integrate with ServiceNow using custom plugins empowers users to perform complex tasks effortlessly, driving efficiency across various business functions. Adopting this technology not only modernizes workflows, but also positions enterprises at the forefront of innovation.
Learn more
About the Author
Siddhartha Angara is a Senior Solutions Architect at Amazon Web Services. He helps enterprise customers design and build well-architected solutions in the cloud, accelerate cloud adoption, and build Machine Learning and Generative AI applications. He enjoys playing the guitar, reading and family time!
