How to configure more than one Azure AD Multi-Tenant OIDC applications in Servicenow?

Ambuj Tripathi
ServiceNow Employee
ServiceNow Employee

on ‎12-01-2023 04:55 AM

Since Servicenow doesn't support multiple OIDC Multi-Tenant Applications, only one OIDC application can be configured using automatic import method (by providing ClientID, secret and well-known url) and second application configuration throughs error that the provided well-known configuration is already used.

 

Another OIDC application from the same azure tenant can be configured using the below provided manual steps. The idea here is to reuse the OIDC Provider configuration which was created while configuring the first application (OIDC-App1).

 

First App that is already registered - OIDC-App1
Second App from the same Azure tenant ID to be registered - OIDC-App2 
 
1: Open Oauth OIDC Entity table (oauth_oidc_entity) and create a new record into it.
  • Use the same Oauth Provider Configuration which got created while creating the first application.
  • Provide the below fields carefully - ClientID, Client Secret, Redirect URL (same as in first app), End Session Endopoint URL (same as in first app).
  •  
  • Screenshot 2023-12-01 at 4.46.05 PM.png
  • Upon saving, it will automatically create a new entity and an new default entity profile for this Provider.
  • Open OAuth Entity Profiles tab and change the Grant Type to Authorization Code.
  • Screenshot 2023-12-01 at 4.47.12 PM.png

 

2: Open Oauth Entity Scope (oauth_entity_scope) table and filter the scopes for first application based on OAuth provider Name. This will list all the required scopes for this IDP.

 

  • Note down the above scopes and create the exact same new scopes into this table for the new Oauth Entity created in step 3.
  • AmbujTripathi_1-1701433201116.png

 

  • AmbujTripathi_2-1701433211295.png

     

 

  • AmbujTripathi_3-1701433264487.png

     

  • Save the scopes and refresh the above created Oauth OIDC Entity page. This should list all the above created scopes in this step under OAuth Entity Scopes tab.
  • AmbujTripathi_4-1701433318994.png

 

3: Open Oauth OIDC Entity table (oauth_oidc_entity) and open entity profile from OAuth Entity Profiles tab. Similarly open the entity proflie of first app.

 

  • AmbujTripathi_5-1701433544106.png

     

  • In "OAuth Entity Scope" column, search for the entity scope added in step 4 for the second application and select the scope. Enter the corresponding "OAuth scope" correctly.
  •  AmbujTripathi_7-1701433634131.png

     

     

  • Map all the scopes which are mapped in the first application in the second application as well within the newly created profile and save the profile.
  •  AmbujTripathi_9-1701433889098.png

     

4: Go to Identity Providers list, create a new IDP of OIDC Type.

 

  • Close the popup and enter the details manually. Enter Name, Profile (new profile created above), show as login option etc and save it.

 

  • AmbujTripathi_10-1701434109339.png
  • Verify these tabs for correct reference of the above created objects - OIDC Entity (Should be the new app one), OIDC Provider Config (should refer to config created in first app).

 

  • AmbujTripathi_11-1701434489560.png

 

  • AmbujTripathi_12-1701434499115.png

     

 

 

Hope this helps!

Thank you.

  • 2,510 Views
Version history
Last update:
‎12-01-2023 04:55 AM
Updated by:
ServiceNow Employee
Contributors