First, Create a service account in Thycotic tool which will be used to communicate between Thycotic and Service now. It should be Application Account and follow below steps:

1. When logged in as an administrator go to the secret you are using for this integration. 
2. Click on the sharing tab.
3. Click the Edit Button. 
4. Uncheck the Inherit Permissions from the folder (if necessary) 
5. Click on the Role and make sure View or higher permission is selected.
6. Click save. 

In Servicenow Tool:

Plugin: Install  and activate the plugin “Password Safe External Credential Storage for Discovery” from the ServiceNow App Store.

Validate: 

1. MID Server is in Up state
2. MID Server is Validated
3. MID Server has HTTP or HTTPS Access to Secret Server

Download the JAR file from the below link:

https://docs.delinea.com/ssi/current/servicenow/mid-server-credential-resolvers/pas/setup.md

File will be downloaded with the Zip file.  Extract the file.

• In ServiceNow Navigate to MID Server JAR file
• Click on New
• Provide the Name as “ThycoticCredentialResolver”
• Update the Version as 3.0
• Attach the JAR file which was download and Save

Verify Agent Download:

Once you have submitted the JAR file through ServiceNow, your MID Servers will pull the file. To verify that the file has been downloaded, check the extlib directory within your agent’s root path.

If you are not able to see, then restart the MID Server Services.

Edit Agent Config:

The config.xml file will be modified to add additional elements for the credential resolver’s parameters. These are added at the end of the file just before the closing tag </parameters>. To update the config file, follow the steps below:

• Login to the MID Server
• Navigate to the Config.xml file and open it for Editing
• Add the below parameters at the end of the file.

<parameter name="basic_auth_str" value="username:password"/>
<parameter name="host" value="myapp.centrify.com"/>
<parameter name="application_id" value="oauth_2_client"/>
<parameter name="grant_type" value="client_credentials"/>
<parameter name="scope" value="passwordCheckout"/>
<parameter name="proxy_host" value=""/>
<parameter name="proxy_port" value=""/>
<parameter name="credential_lookup_type" value="narrow"/>
<parameter name="is_logging" value="true"/>
<parameter name="log_level" value="3"/>
<parameter name="is_logging" value="true"/>
<parameter name="password_checkin_interval" value="60000"/>
<parameter name="use_reverse_dns_lookup" value="false"/>
<parameter name="use_fqdn_lookup" value="false"/>
<parameter name="look_up_order" value=""/>
<parameter name="allow_fqdn_based_on_localhost" value="true"/>
<parameter name="retry_attempts" value="0"/>
<parameter name="retry_interval" value="3000"/>
<parameter name="ss_url" value="https://earth.solar.local/SecretServer"/>
<parameter name="oauth2_username" value="TestAPI"/>
<parameter name="oauth2_password" value="Bacon3lurch="/>
<parameter name="allow_self_signed_certificate" value="true"/>
<parameter name="vault_type" value="SS"/>

I have highlighted few steps with Bold, make changes in that values as per your environment.

After adding the above Parameters save the file and restart the MID Server Services.

The following are instructions that are not included by ServiceNow.

1. Download your SSL certificate for Secret Server to the MID Server.

2. Open a PowerShell prompt and set the location to the Java bin directory: <fullAgentPath\>\jre\bin

3. Run the following command and replace with your environment specifics:

   .\\keytool.exe -import -alias \<cert alias\> -file \<full path to \*.cer file\>\-keystore '\<fullAgentPath\>\\jre\\bin\\security\\cacerts'