Configuring SCIM Provisioning from Microsoft Entra ID to ServiceNow
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2025 11:47 AM
Running into an issue when generating and retrieving the bearer token for the secret token in Azure for provisioning.
I'm following the article below and I'm running into an issue on step 9. I'm receiving {"error_description":"access_denied","error":"server_error"} when attempting to curl for the bearer token.
Link to article:
I tried to refresh the token and set the limits high for expiration, but still get the same error.
Step 9.
Generate the Bearer Token
- The "oauth_token.do" page allows us to generate the access / bearer token as long as we have the access code, redirect uri, grant type, client id and client secret.
- The simplest way to retrieve this is using Curl.
- From the Command Prompt, issue the following command - curl -d "grant_type=authorization_code&code=<access code>&client_id=<clientid>&client_secret=<clientsecret>&redirect_uri=https://<instance-name>.service-now.com/login.do" https://<instance-name>.service-now.com/oauth_token.do
- This should produce a response similar to the following which includes the access token
- {"access_token":"_OmjfKUv1pevKZRZCwtrDzqTSxPgah_DP7ulz8ZZY0Bt_7w-nPwvIhBuFFmJ23wcV9mnm1_37v9FEUqgFA9mkQ","refresh_token":"kCMQS101TU8o6xKB6mUu5Z7V25sFDpOSxcwnhhzhckkfDMihe1uBA255YC9v8jol83kut28zH0MiFLegbkj3Lg","scope":"useraccount","token_type":"Bearer","expires_in":1799}
- Use the "access_token" component as the Secret Token when configuring the Entra ID Enterprise Application provisioning.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2025 03:04 PM
Has anyone run into this issue before? Trying to configure SCIM provisioning.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2025 06:57 AM
I recently followed the steps in the community article and ran into issues when trying to run the curl command as well. I eventually found something that mentioned that my anti-virus could be causing an issue when trying to run the curl command and mentioned bypassing the certificate.
I found that adding in --ssl-no-revoke to the curl command allowed me to generate the bearer token. Try running your curl command like the one below.
curl -d "grant_type=authorization_code&code=<AUTH_CODE>&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&redirect_uri=https://<INSTANCE_NAME>.service-now.com/login.do" --ssl-no-revoke https://<INSTANCE_NAME>.service-now.com/oauth_token.do
If this was helpful, please let me know.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
It works, thank you!. After receiving the access token have you tried test connection from entra id provisioning?
Did you get successful result.
Could you please assist me further?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2025 06:43 AM
Hey @rickspix, any chance you got this to work?
I've followed the steps exactly but I'm getting the exact same error message, also tried the suggestion from JSweeney1 but no luck. Going to continue digging into it but figured I'd respond to see if you'd managed to fix it.
Cheers!
