- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-07-2021 01:29 PM
I am using the Microsoft Azure AD spoke within Flow Designer. I set up OAuth credentials using the information at the following URL: https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/integrationhub-store-spokes/task/set-up-azure.html#configure-azure-ad-account) I set this up in our Lower env. I used "Application Registry" entry "Azure AD OAuth DEV" on the oauth_entity table. I used credential "Azure AD Credentials DEV" on the discovery_credentials table I used "Connection and Credential" alias "AzureAD" on the sys_alias table I am able to get a token using the "Get OAuth Token" link on the credential page. This token is good for 1-hour. My problem is, when this token expires, I have to manually go back to the credential page and click the link again. I need a way to automatically refresh this token, or to be able to do it with scripting. I would love to have an activity in Flow Designer That I could call to get a new token before making my call out to Azure AD. Or maybe renew it on a 1/2 hour schedule. Not sure what the best way would be, but I know I cannot manually refresh it. It seems as though there has to be a way to do this but I have not figured it out yet. How can this be used where I do not have to manually refresh a TOKEN to get connected to Azure AD? Can someone with OAuth knowledge please assist me, or point me to some information I can use to set this up? I need to get this working.
Solved! Go to Solution.
- 7,071 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-11-2021 06:02 AM
I found the solution to the problem I was having.
The problem is that the ServiceNow Product documentation at the following URL that I used to set up the OAuth configuration in ServiceNow for Azure AD was missing a piece of information:
If you look at section "Register Azure AD as OAuth provider" and then look at step 8, it originally said the following:
"Verify that the openid entity scope record created in previous steps appears in the OAuth Entity Profile Scopes related list. If it does not appear, add the record."
What it should say is:
"Verify that the openid entity scope AND offline_access entity scope records created in previous steps appears in the OAuth Entity Profile Scopes related list. If they do not appear, add the records."
It is the offline_access entity scope that requests that a refresh token is sent back from Azure AD and this refresh token will then appear in the oauth_credential table.
Once I had this set correctly and was getting the refresh token, everything worked as I expected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-11-2021 06:02 AM
I found the solution to the problem I was having.
The problem is that the ServiceNow Product documentation at the following URL that I used to set up the OAuth configuration in ServiceNow for Azure AD was missing a piece of information:
If you look at section "Register Azure AD as OAuth provider" and then look at step 8, it originally said the following:
"Verify that the openid entity scope record created in previous steps appears in the OAuth Entity Profile Scopes related list. If it does not appear, add the record."
What it should say is:
"Verify that the openid entity scope AND offline_access entity scope records created in previous steps appears in the OAuth Entity Profile Scopes related list. If they do not appear, add the records."
It is the offline_access entity scope that requests that a refresh token is sent back from Azure AD and this refresh token will then appear in the oauth_credential table.
Once I had this set correctly and was getting the refresh token, everything worked as I expected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-22-2021 02:51 PM
Thanks for this article. We had the exact same issue and adding the entity scope for offline access gets us a refresh token now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-17-2021 01:37 PM
Hi John,
I have also created a workflow and at the end of the workflow I want to connect with Azure AD via the AzureAD spoke to remove an user form an AD group. But I am now struggling to set up the connection between Azure AD and ServiceNow.
In the Azure portal I have registered an application and after that the instructions are assigning a role to this application (https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) via Subscriptions. In my case I don't have a subscription in this step and I am wondering if this is necesarry for the connection. What did you do?
And I'm also wondering how you accomplish step 2.d. 'Add the persmissions to access the API's, from the ServiceNow documentation (https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/integrationhub-store-spokes/task/set-up-azure.html#configure-azure-ad-account)?
Hope to hear from you.
Regards,
Kenneth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2024 08:21 AM
This was super helpful to me! Thank you so much. Also make sure on your Application Registry that the Auth URL, Token URL, Token Revoke URL and Refresh URL use the actual tenant id number in the URL not "common." The common keyword is for multitenant. My company uses a single tenant for Azure
login.microsoftonline.com/[insert_tennant_id]/oauth2/v2.0/token for single tenant applications. For multi-tenant, you need to use login.microsoftonline.com/common/oauth2/v2.0/token for generating a token
