Live
GuardEntry × ServiceNow
Integrate GuardEntry with ServiceNow Flow Designer so every AI agent action is evaluated against your compliance policy before it executes. Setup takes about 10 minutes.
Prerequisites
- •ServiceNow instance (Tokyo or later) with Integration Hub licensed
- •A GuardEntry API key — get one free at guardentry.ai/connect
- •Admin role or
flow_designer+import_set_adminroles
1
Import the GuardEntry Spoke
- 1. In ServiceNow, go to System Update Sets → Retrieved Update Sets → Import Update Set from XML
- 2. Upload
GuardEntry_Spoke.xmland click Upload - 3. Open the imported update set → click Preview Update Set → resolve any conflicts → click Commit Update Set
The spoke adds two Flow Designer actions to your instance:
- • GuardEntry: Evaluate Agent Action — call before any agent action
- • GuardEntry: Log Policy Event — log custom events to the audit trail
2
Configure the Connection Alias
The Connection Alias stores your GuardEntry API key and base URL.
- 1. Go to Connections & Credentials → Connection & Credential Aliases
- 2. Find GuardEntry Connection (installed by the spoke) → click to open
- 3. Under Connections, click New:
| Field | Value |
|---|---|
| Name | GuardEntry Production |
| Credential | create new — see below |
| Connection URL | https://app.guardentry.ai/api/v1 |
4. To create the Credential: click New Credential:
| Field | Value |
|---|---|
| Type | API Key Credentials |
| Name | GuardEntry API Key |
| Request Location | Header |
| Request Parameter Name | Authorization |
| Request Parameter Value | Bearer fgrc_k1_your_key_here |
5. Click Save on both the credential and connection.
3
Add to your Flow Designer flow
- 1. Open Flow Designer → open the flow where your AI agent runs
- 2. Click Add Action → search for
GuardEntry - 3. Select GuardEntry: Evaluate Agent Action and drag it before your first agent action step
- 4. Configure inputs:
| Input | Value | Notes |
|---|---|---|
content | Description of the action being taken | e.g. "Update user record: " + trigger.fields.description |
agent_id | Your agent/flow identifier | Optional — helps with per-agent audit |
direction | ingress | Always ingress for pre-action evaluation |
5. Add a Condition after the GuardEntry action:
- • If
decisionequalsblock→ add Error step, set message to thereasoningoutput - • If
decisionequalsrequire_approval→ add a Request Approval step - • Otherwise → continue to the agent action
6. Click Save → Activate
Available outputs
The Evaluate Agent Action step returns:
| Output | Type | Description |
|---|---|---|
decision | String | allow | block | require_approval | uncertain |
confidence | Number | 0–1 confidence score |
reasoning | String | Human-readable explanation of the decision |
matchedRule | String | Which policy rule triggered (if any) |
sessionId | String | Session ID — include on egress call to link records |
Troubleshooting
⚠️"Connection refused" or 401 errors — Check that the credential
Authorization header value is Bearer fgrc_k1_... (with the Bearer prefix) and the Connection URL is exactly https://app.guardentry.ai/api/v1.⚠️Update Set conflicts — The spoke only adds new records. Accept all incoming changes unless you have an existing
GuardEntry Connection alias from a previous install — in that case, skip the alias conflict.⚠️All decisions are allow — Your policy may be in Observability Mode. The
👁 observe badge in your GuardEntry dashboard means violations are logged but not blocked. Switch to enforcement from the policy settings page when ready.