自社のAzure OpenAIから、ServiceNowのMCPサーバー経由でNow Assistに接続する方法(Entra IDでのユーザー引き当て対応) 自社のAzure OpenAIから、ServiceNowのMCPサーバー経由でNow Assistに接続する方法(Entra IDでのユーザー引き当て対応)
- 社内向けのAIチャットに「最新のインシデントを5件出して」と打つと、もっともらしい一般論が返ってきます。
- データを見に行く手段を渡されていないからです。
- この記事は、自社のAzure OpenAIにServiceNowを操作する手段を持たせ、M
社内向けのAIチャットに「最新のインシデントを5件出して」と尋ねても、実際のデータを参照する手段がなければ、もっともらしい一般論しか返ってこない。この記事は、自社で運用するAzure OpenAIにServiceNowを操作する手段を持たせ、ServiceNowのMCPサーバー経由でNow Assistへ接続する構成を、Entra IDによるユーザー引き当てを含めて解説したものだ。
MCP(Model Context Protocol)は、AIモデルが外部のデータやツールへ標準化された方法でアクセスするためのプロトコルで、Anthropicが公開して以降、各社が対応を進めている。従来はAPIごとに個別の連携を作り込む必要があったが、MCPサーバーを介することで、AI側は共通の手順で外部システムの機能を呼び出せるようになる。今回のケースでは、ServiceNowが提供するMCPサーバーが、インシデント検索などの操作をAIから利用可能な「ツール」として公開する役割を担うと見られる。
ポイントは、Azure OpenAIが生成する応答にとどまらず、ServiceNow側のNow Assistと連携し、実データに基づく回答を返せる点にある。Now AssistはServiceNowの生成AI機能群で、インシデント要約や対応支援などを担う。これを自社のAzure OpenAIから呼び出す形にすることで、モデルの選択や運用を自社の管理下に置きつつ、ServiceNowの業務データを活用できる構成が狙いと考えられる。
社内向けのAIチャットに「最新のインシデントを5件出して」と打つと、もっともらしい一般論が返ってきます。
セキュリティ面で重要なのが、Entra ID(旧Azure AD)によるユーザー引き当てだ。AIが誰の権限でデータへアクセスするかを曖昧にすると、本来見えてはいけない情報が露出する恐れがある。利用者のEntra ID上の本人性をServiceNowのアカウントへ対応づけることで、各ユーザーの権限範囲に沿ったデータのみを返す制御が期待できる。
こうした「AIに社内システムの操作手段を与える」取り組みは、MicrosoftのCopilotやGoogleのエージェント関連機能など、各社が競って強化している領域でもある。MCPは特定ベンダーに依存しない接続方式として注目されており、自社の生成AI基盤と既存の業務システムをつなぐ選択肢として、今後さらに採用が広がる可能性がある。
When an employee types "show me the latest five incidents" into an internal AI chatbot, the answer is often a confident but generic explanation rather than an actual list drawn from the ticketing system. The gap is structural: a large language model, on its own, has no channel to query live business data. This article walks through a pattern for closing that gap, connecting an organization's own Azure OpenAI deployment to ServiceNow through a Model Context Protocol (MCP) server, while resolving user identity through Microsoft Entra ID so that each request carries the permissions of the person who made it.
The Model Context Protocol is an open standard, introduced by Anthropic in late 2024, that defines a uniform way for AI applications to reach external tools and data. Instead of building a bespoke integration for every back-end system, a developer exposes capabilities through an MCP server, and any MCP-capable client can discover and invoke them. The approach has spread quickly, with major vendors shipping both servers that expose their platforms and clients that can consume them. ServiceNow's MCP server fits the server side of that picture, offering a standardized entry point into incident, request, and other table data managed in the Now Platform.
Now Assist is ServiceNow's generative AI layer, embedding summarization, search, and assisted authoring across workflows such as IT service management. Connecting through it, rather than calling raw REST APIs directly, means the model can lean on ServiceNow's own context and guardrails. In the configuration described here, Azure OpenAI is the reasoning engine on the client side, using its tool- or function-calling capability to decide when a question requires real data and to issue the corresponding MCP call.
The identity piece is what makes the setup viable for enterprise use. Microsoft Entra ID, formerly Azure Active Directory, authenticates the user and maps them to a corresponding ServiceNow identity, so the assistant does not run with a single shared service account that could over-expose data. With user mapping in place, a request for "my open incidents" returns only the records that user is entitled to see, and audit trails remain meaningful. This on-behalf-of pattern is central to deploying AI assistants that touch regulated or access-controlled systems.
Several prerequisites sit behind the scenes. An Azure OpenAI resource must be provisioned in the organization's own tenant, which gives teams more control over data residency and network boundaries than consumer AI services typically allow. The ServiceNow instance needs the MCP server enabled and the relevant Now Assist capabilities licensed. The Entra ID configuration involves registering the application, defining the scopes it can request, and establishing trust between the Microsoft identity platform and ServiceNow, usually through OAuth.
The broader context is a shift from chatbots that merely generate text to agents that take grounded actions against systems of record. Retrieval-augmented generation addressed part of the problem by injecting documents into prompts, but it does not let a model perform live, permission-aware queries or write changes back. MCP, alongside vendor function-calling features, is one of the mechanisms now competing to become the connective tissue between models and enterprise software. Comparable efforts include direct ServiceNow integrations from other AI platforms and a growing catalog of MCP servers for tools such as GitHub, databases, and collaboration suites.
Organizations weighing this approach should treat it as an architecture pattern rather than a turnkey product. Details such as token handling, rate limits, and how tool results are formatted back into the model's context can materially affect reliability, and the specifics are likely to change as both the MCP specification and ServiceNow's implementation evolve. The combination illustrated here nonetheless points to a practical template: keep the model in your own Azure tenant, expose enterprise systems through standardized MCP servers, and let Entra ID ensure that the assistant never sees more than the user behind it is permitted to. For teams already invested in Microsoft and ServiceNow, it is an incremental path toward AI that answers from real data rather than plausible guesses.
本ページの本文・要約は AI による自動生成です。正確性は元記事 (qiita.com) をご確認ください。
