Everything you need to know about how OrynIQ works, how we handle your data, and what to expect when you get started.
OrynIQ is a Platform Health as a Service (PHaaS) platform built specifically for ServiceNow environments. It connects to your ServiceNow instance via OAuth, runs a deep automated health assessment across 475+ checks, and delivers findings, financial impact estimates, and a prioritized remediation roadmap — all from a single platform.
It is used by ServiceNow platform owners and IT leaders to continuously monitor platform health, reduce technical debt, and communicate risk and ROI to business stakeholders.
OrynIQ is built for enterprise organizations running ServiceNow who want a clearer, more actionable picture of their platform's health. Specifically:
ServiceNow's Instance Scan is a useful starting point, but it has several limitations OrynIQ is designed to address:
No. OrynIQ is entirely external. It connects to your ServiceNow instance over HTTPS using the standard Table API — the same API ServiceNow exposes by default. No scoped app, plugin, or update set is required in your instance.
The only setup required on the ServiceNow side is creating an OAuth application registry and a service account with appropriate read (and optionally write) permissions.
OrynIQ is not currently listed on the ServiceNow Store, as Logan Poynter LLC is not a Build partner at this time. However, becoming a fully native ServiceNow application is on the roadmap depending on successful launch and adoption.
In the meantime, OrynIQ connects externally via standard OAuth 2.0 and the Table API — the same APIs available on every ServiceNow instance — so there is no dependency on Store certification to get full value from the platform today.
OrynIQ uses OAuth 2.0 (Authorization Code flow) via ServiceNow's built-in OAuth provider. You create an OAuth application registry in your instance and provide OrynIQ with the Client ID and Client Secret. OrynIQ uses these to request an access token on your behalf, then queries the Table API for health check data.
All credentials are encrypted at rest using AES-256-GCM and are decrypted only in memory at the moment of an API call. They are never logged or exposed in plaintext.
For read-only scanning and health checks, OrynIQ needs a service account with read access to the tables it analyzes — primarily CMDB, ITSM, user/role, schema, and script tables. The exact table list is provided during onboarding.
For AI-assisted remediation write-back (an optional feature), the service account also needs write permission to specific fields. Write-back access can be scoped to only the tables your team approves, and every proposed change requires explicit human approval in the OrynIQ UI before any write is executed.
Yes. OrynIQ supports multiple ServiceNow connections per engagement. You can connect a production instance, sub-production (dev/test/staging) instances, and run multi-instance scans that compare health across environments side by side.
Each plan includes one production instance and up to three sub-production instances. If you have larger volume requirements, reach out to discuss options.
OrynIQ uses refresh tokens to maintain a live session without requiring you to re-authenticate for every scan. If a refresh token expires or credentials are rotated, the connection will show as inactive in the dashboard. You can update credentials at any time through the Connections settings page — the update takes effect immediately without requiring a re-scan setup.
OrynIQ's scan engine is manifest-driven — each of our 475+ checks is a declarative record containing a target table and an encoded query. The ServiceNow Table API and Stats API are the only interfaces that let us execute these dynamically composed queries at scale.
Three capabilities make the Table API essential to how OrynIQ works:
sys_user_has_role.role.name=admin^sys_user_has_role.user.active=false). With MCP, this would require decomposing each relationship into separate tool calls, which is slower and more complex.MCP excels when an AI agent needs to discover and invoke capabilities interactively. OrynIQ's scan path is deterministic — it sweeps through a check manifest, not an open-ended conversation. The Table API is the minimal, most direct interface for that pattern.
OrynIQ runs 475+ checks across five health dimensions:
OrynIQ includes 475+ automated scan checks plus 30 compound analyzers and 53 AI-powered investigation playbooks. Scan checks run automatically on every scan. Playbooks are triggered during AI investigation sessions to perform deeper, multi-step analysis of specific problem areas.
A full scan typically completes in 3–8 minutes depending on instance size and the volume of records in tables being queried. Scans run asynchronously — you can navigate away from the scan page and return when it's complete. Results are available immediately when the scan finishes.
There are two distinct types of runs and they have different limits:
In practice: run scans as frequently as makes sense for your environment (after a release, on a schedule, before an upgrade). Trigger AI audits when you need deep interpretation or a full narrative report.
Yes. OrynIQ supports finding suppression at the individual finding level. A suppressed finding is excluded from the health score and reporting but is retained in the audit trail with the suppression reason and the user who suppressed it. Suppressions can be reviewed and reversed at any time.
The OrynIQ Health Score is a domain-weighted composite score from 0 to 100. Each health dimension (CMDB, ITSM, Hygiene, Licensing, Automation) carries a configurable weight. Within each dimension, findings are scored by severity — Critical, High, Medium, and Low — and the dimension score is calculated based on the ratio of passed checks to total checks, weighted by severity.
The composite score is tracked over time so you can see whether platform health is improving or deteriorating between scan runs.
The Oryn AI agent is a conversational assistant that can investigate your ServiceNow platform health in depth. It has two modes:
The agent can also log investigation discoveries, propose remediation actions, and draft executive summaries.
They operate at different layers of the platform and serve different purposes:
30 Live Compound Analyzers — These run directly against your ServiceNow instance via the Table API during a Full Audit. Each analyzer executes multiple structured queries across a specific domain (CMDB relationships, license role hygiene, script complexity, upgrade risk, etc.) and returns a structured diagnostic summary. They are the primary data-gathering layer of the autonomous audit — producing the raw evidence the AI reasons over to generate findings and recommendations. They run in parallel and stream results in real time.
53 Investigation Playbooks — These are curated, step-by-step investigation guides the AI agent can follow during a chat session when it needs to go deeper on a specific issue. A playbook doesn't execute automatically — the agent selects and follows a relevant playbook when a scan finding or conversation warrants a more structured investigation. Each playbook defines a specific sequence of queries, what to look for, and how to interpret results. Think of them as the agent's diagnostic SOPs.
No — and write-back access is tightly role-gated. The AI can propose remediation actions — field-level changes, record updates, or configuration corrections — but every proposal sits in a review queue and requires an explicit approval before any write is executed.
Only users with the Customer Admin role can approve, deny, or roll back write-back proposals. Standard users and read-only viewers have no access to the remediation queue and cannot trigger writes to your instance.
The Oryn agent is powered by Anthropic's Claude API. We use the latest available Claude model to maximize reasoning quality for complex multi-step platform health analysis.
Yes — but only aggregated, structural data. When the AI agent runs a tool, the results are included in the context sent to Anthropic's API so the model can reason about them. It is important to understand what that data looks like in practice:
Anthropic does not use API inputs or outputs to train its models under their commercial API terms. Token usage (not content) is logged locally for internal cost tracking. If your security policy requires it, customer admins can switch off AI processing for the entire tenant from the OrynIQ admin console — see the next question for how.
Customer admins can disable AI processing for their entire tenant directly from the admin console — no support ticket, no waiting period. The toggle lives at Customer settings → AI Processing and applies to every user in your account.
While AI is disabled:
409 ai_disabled_for_customer response — no Anthropic call is ever made, so no data leaves OrynIQ for AI processing.Re-enabling is the same one-click flip from the same page. Disabling does not delete historical AI session content — it stops future Anthropic calls; existing rows are governed by your retention policy. Scan capabilities (the 475+ deterministic checks) are unaffected by the toggle and continue to run normally.
When the AI agent identifies a fixable issue in your ServiceNow instance, it can use an allowlisted propose_remediation tool to generate a specific field-level change proposal. For example: "Set the Managed by group field on CI record X to Y."
The proposal appears in the Remediation tab for review. Authorized users can:
Every action is permanently logged. Only check types on an approved allowlist can generate proposals — arbitrary table/field combinations are not permitted.
No — there is no training layer in OrynIQ. The platform does not fine-tune, retrain, or update any AI model based on your data, your queries, or your scan results. OrynIQ is a consumer of Anthropic's Claude API, not a model trainer.
Anthropic does not use API inputs or outputs to train its models under their commercial API terms. Your ServiceNow data is used only to generate responses within a session — it does not flow into any learning pipeline, feedback loop, or model improvement process, at OrynIQ or at Anthropic.
Yes — for Full Audit sessions, OrynIQ persists a structured memory of stable facts established during each audit. At the start of every new audit, the agent loads that context automatically before any analysis begins. This means observations like known platform constraints, previously confirmed findings, or important context about your environment carry forward without you having to re-explain them.
Chat sessions (the conversational interface) are session-scoped — they don't carry a running conversation transcript forward, but they do have access to all stored engagement data: scan results, historical findings, health score trends, action plans, and discoveries from past sessions.
The distinction: the agent doesn't remember what you said conversationally last week, but it does carry forward structured facts it has established about the platform, and it can always look up what your scans showed in prior runs. Customer Admins can clear agent memory per engagement at any time if a clean slate is needed.
The agent operates under a fixed system prompt that defines its role, scope, and behavior. This prompt is set by OrynIQ at the platform level — it instructs the agent to focus on ServiceNow platform health, use only its defined tools, and never take actions outside its permitted scope.
End users cannot modify the system prompt. The agent will decline to act outside its defined boundaries regardless of how a question is phrased — it cannot be instructed to ignore its scope, access systems it hasn't been given tools for, or behave as a general-purpose assistant.
The agent operates through a defined, constrained set of tools. It cannot make arbitrary API calls or access anything not explicitly built into those tools. The boundaries are:
Not currently, and never without explicit opt-in. Today, AI session data is used only to generate your responses within that session. It is not reviewed, retained for training, or used to improve any model.
A future opt-in program is planned that would allow customers who choose to participate to contribute anonymized session data — agent findings, remediation signals, and Q&A patterns — toward improving OrynIQ's AI capabilities for ServiceNow environments specifically. The goal is an intelligence layer that gets better at identifying platform health patterns the more engagements it sees.
If and when that program launches, participation will be:
Customers in regulated industries who require a hard guarantee that their data is never used for any purpose beyond their own engagement can request a contractual assurance to that effect. Reach out to discuss.
OrynIQ generates several report types:
OrynIQ maps platform health findings to financial impact categories — upgrade risk cost, productivity loss from poor CMDB accuracy, license waste, and technical debt remediation cost. These estimates are based on configurable inputs including your instance's license spend, headcount, and average hourly cost rates.
The financial model produces a projected 3-year ROI of addressing the identified findings, giving stakeholders a quantified business case for remediation investment. Values can be adjusted to match your organization's specific context before presenting to stakeholders.
Five inputs drive every dollar figure OrynIQ publishes. They are set at the customer level and copied into each new engagement as starting values, where they can be adjusted per-engagement if a specific environment warrants it. Each is used in a specific formula — there is no magic, just arithmetic over your scan output.
Platform Team Size — the number of engineers actively supporting the ServiceNow platform (admins, developers, architects). This drives the Operational Waste model: a larger team losing the same percentage of their time to platform debt represents more dollars. Under the hood: wasted_hours/year = team_size × 1,800 × inefficiency_%, where 1,800 is productive hours per engineer per year. Count only people whose work is genuinely tied to the platform — not every IT headcount who occasionally touches a ticket. Typical mid-size platform team: 3–8.
Blended Hourly Rate ($) — the fully-loaded cost per hour of a platform engineer, including salary, benefits, taxes, and overhead allocation. This is the single conversion factor that turns every hour-based output — waste, remediation cost, cost avoided — into dollars. Default is $120/hr, which approximates a mid-market US blended rate. If you use offshore or nearshore delivery partners, set this lower; if you're running a high-cost domestic team, set it higher. It should match how your finance team already costs engineering time for capitalization or chargeback.
Hrs / Story Point — how many hours of real engineering work one story point represents for your team. Default is 8 (roughly a day of focused delivery). OrynIQ assigns a severity-based story-point estimate to each finding — Low = 2 SP, Medium = 5 SP, High = 8 SP, Critical = 13 SP — representing the complexity of designing, building, testing, and deploying the fix pattern. Note: this is flat per finding type regardless of affected record count, because SN fixes are typically script-level (one script cleans 6M rows, not 6M manual edits). If your team's velocity is faster (e.g., 5 hr/SP), lower it; slower teams can raise it.
Overhead Multiplier — the coordination, testing, release, and ceremony overhead layered on top of raw engineering hours. Default is 1.4 (i.e., every 10 hours of coding requires 4 additional hours of planning, code review, QA, release management, and communication). This is the difference between "time a developer spends at a keyboard" and "time the program actually takes from identification to production." Set lower (1.1–1.2) for lean teams with minimal process; set higher (1.5–1.8) for heavily governed environments with formal change control, regulated release windows, or multi-region rollouts.
Recovery Factor (%) — the fraction of modeled annual waste that is actually recoverable after remediation is delivered. Enter this as a whole-number percentage in the form (e.g., 30 means 30%). Not 100%, because no remediation fully eliminates platform friction; some residual inefficiency always remains (process gaps, knowledge silos, adjacent issues). This factor shapes the ROI projection: recovered/year = annual_waste × recovery_factor, which drives payback years and 3-year net value. 30% is a conservative, defensible assumption for an executive audience; 50–60% is realistic only when prior initiatives actually delivered that recovery rate. Set higher than 70% only when you are prepared to defend the number with evidence.
If your organization already has standard assumptions for these numbers — from a capacity model, chargeback rate card, or finance-approved cost methodology — use those. The goal is for the financial output to withstand scrutiny from your own finance team, not match OrynIQ's defaults.
Yes. Reports can be exported as PDF for stakeholder delivery. Raw finding data is exportable as CSV or Excel for technical teams. All exports include a timestamp and the scan run they reference.
OrynIQ reports are built for two audiences simultaneously. The executive-facing report and AI narrative are written for CIOs, IT Directors, and business stakeholders who need a clear picture of platform risk and ROI without technical detail. The technical findings report is designed for ServiceNow architects and developers who need specifics to remediate issues.
This dual-layer approach means a single scan produces both a boardroom-ready deliverable for leadership and a hands-on remediation backlog for your technical team.
OrynIQ is hosted on Microsoft Azure in the United States. The application runs on Azure infrastructure with a PostgreSQL database that is not exposed to the public internet. All traffic passes through Cloudflare for SSL termination, DDoS protection, and WAF filtering.
Azure is a natural fit for enterprise ServiceNow customers — the same infrastructure many organizations already rely on for their own workloads.
OAuth Client ID, Client Secret, Access Token, and Refresh Token are all encrypted at rest using AES-256-GCM. The encryption key is stored separately from the database. Credentials are decrypted only in memory at the moment of an outbound API call to your ServiceNow instance and are never written to logs in any form.
SOC 2 Type II is targeted for 2026 and we have a formal Letter of Engagement with Vanta. In the meantime, OrynIQ is designed with the SOC 2 Trust Services Criteria in mind — immutable audit logs, role-based access control, encrypted credentials, and a principle-of-least-privilege service account model.
A Data Processing Agreement (DPA) or the Vanta Letter of Engagement are available on request for customers who require it for procurement via email to security@oryniq.com.
Yes. OrynIQ supports GDPR and CCPA requirements:
See the full Privacy & Data Handling page for complete detail.
OrynIQ is operated by Logan Poynter LLC. There are no employees, contractors, or third parties with access to customer data.
Access to customer data only occurs when required to resolve a support issue that has been explicitly requested by the customer, and only for the duration necessary to resolve it. Any such access uses the global admin role and is recorded in the same immutable audit log visible to customers — there is no privileged backdoor outside the platform's own access controls.
All customer data is isolated at the application and database query level by customer_id — no customer can access another customer's data through the platform.
Yes. OrynIQ supports Microsoft Entra ID (Azure AD) SSO out of the box on all plans, with no extra fee and no separate enterprise tier required. After your tenant is connected, anyone in your Microsoft tenant can sign in with their work account — no manual user creation in OrynIQ.
Tenant-admin consent is required to enable SSO for your team. Microsoft Entra requires a one-click consent grant from someone with tenant-admin (or Application Administrator) rights in your Microsoft tenant. This is a Microsoft-side requirement, not an OrynIQ choice — every multi-tenant Microsoft Entra application works this way. The grant is read-only on basic profile claims (email, name, tenant id) and can be revoked at any time from the Microsoft Entra admin center.
If the person setting up OrynIQ doesn't have tenant-admin access, no problem: sign up with email + password instead, and have your IT admin grant Microsoft consent later from Customer settings → SSO. The rest of your team will then be able to sign in with Microsoft once that's done.
OrynIQ is available in two distinct ways, and both are offered upfront — not as add-ons:
Managed PHaaS is not an upgrade from self-serve — it's a different kind of engagement for a different situation. If you're unsure which fits, reach out and we'll talk through it honestly.
Two plans are available for self-serve platform access. These plans apply to customers running OrynIQ independently — they are not tiers of the managed PHaaS engagement.
Scans (the automated diagnostic runs) are unlimited on both plans — audit quotas apply only to the AI-powered full audit sessions. If you have volume requirements beyond these limits, reach out to discuss options.
Platform (self-serve) is plan-based — a fixed monthly or annual fee that includes a defined seat count, audit quota, and instance limit. Costs are predictable regardless of how heavily the platform is used within plan limits. Monthly and annual billing are both available; annual billing includes 2 months free (you pay for 10 months, you get 12).
Managed PHaaS is priced as an annual professional services engagement. The platform is included, but the pricing reflects the advisor's time — not additional platform features. There is no "unlimited audits" or feature advantage over self-serve; the value is active expert involvement. Because the engagement requires upfront scoping, roadmap work, and ongoing delivery commitment, a 12-month minimum is required.
Specific pricing for both tracks is shared during the demo conversation. Request a demo to get the details.
We offer a guided demo using your own ServiceNow instance (or a PDI) so you can see real findings from your actual environment before committing. This isn't a self-serve trial — it's a live walkthrough of what OrynIQ surfaces on your platform, with time to ask questions.
For managed PHaaS prospects, the demo also covers what the ongoing delivery cadence looks like so you know exactly what to expect before signing anything.
Request a demo to get started.
Yes. Some customers start on the platform to get familiar with the tooling and then bring in managed delivery once they understand what they want to prioritize. Others come in for managed from day one because they don't have the internal bandwidth.
Either path works — the platform is the same either way, and there is no penalty for switching tracks. If you're unsure which fits best, the demo conversation is the right place to talk through it.
It depends on the billing track:
Most customers complete setup and run their first scan within one business day of account provisioning. The ServiceNow side requires creating an OAuth application registry and a service account — this typically takes 20–30 minutes for a ServiceNow administrator. OrynIQ provides step-by-step instructions for this setup.
The ServiceNow setup involves two steps:
No scoped app installation, update sets, or ServiceNow admin involvement beyond these two items is required.
A typical onboarding follows five steps:
Setting up SSO for the whole tenant takes one click — but it has to be the right click, by the right person.
If you're not the tenant admin: it's best to coordinate with whoever is before you start signup. If you've already started, sign up with email + password and have your IT admin click the consent grant from Customer settings → SSO when they're ready — your team can sign in with Microsoft as soon as that's done.
If you click Sign in with Microsoft from the OrynIQ login page and your tenant isn't on file yet, we don't error you out — we forward you to a short bridge page that gives you two choices:
Either path lands you in the same place: a working OrynIQ tenant with the option to add team members on Microsoft SSO whenever you're ready.
Partially — and intentionally so. OrynIQ is a desktop-first product because the work it supports (reading scan findings, comparing environments, building remediation plans, reviewing financial models) is data-dense and benefits from a real screen. We made deliberate choices about which views to optimize for phones and which to gate to desktop, rather than half-render everything everywhere.
Works well on phones:
Desktop-only — phone shows a "open on a larger screen" placeholder:
You won't get an error on these — you'll see a friendly note pointing you to a tablet or laptop, plus a link back to a page that does work on phones.
If a workflow you rely on for mobile triage isn't in the "works well" list, email us at support@oryniq.com. We'll prioritize phone-friendly versions based on what customers actually use.
All plans include direct email support with a target response time of one business day for standard inquiries and two business days for security-related matters. Customers also get direct access to the OrynIQ team for product questions, onboarding help, and feedback sessions.
Reach us at support@oryniq.com for any support or product questions.
You can cancel self-serve access at any time. When you cancel:
You can request immediate data deletion at any time by emailing support@oryniq.com.
We're happy to walk through any of this on a call — no pressure, no pitch deck required.