Configure OAuth in ServiceNow

David Santel
Giga Guru

‎08-05-2019 08:55 AM

Can anyone help solve the below OAuth setup question?

 

In order to use OAuth(Azure) I need to know these 2 fields (OAuth should be configured by ServiceNow’s instance admin (you), https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/security/task/t_Se... 😞

 

- client_id

- client_secret

 

In summary, I need to solve this authentication problem: create (or just grant access) to local user or configure OAuth in ServiceNow and give me values for those 2 fields

0 Helpfuls
  • 3,883 Views
9 REPLIES 9

Ankur Bawiskar
Tera Patron
Tera Patron
In response to divya14

‎11-11-2020 07:21 AM

Hi,

that property is by default active in instance.

if not then you can set the value as active to it

search it and set to true

find_real_file.png

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
Preview file
54 KB
0 Helpfuls

Madhusudan1
Tera Contributor

‎08-20-2020 08:36 AM

@Ankur Bawiskar Thanks a lot for this detailed explanation. However, we have ran into situation while testing on Postman - Only Admin accounts are able to generate accesstoken.

Non-Admin users get access_denied error within postman call. (We are testing by granting itil, API , REST related roles) - not been successful.

What would you suggest to troubleshoot further. If ACL ? Which tables would it be ?

Madhusudan

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Madhusudan1

‎08-20-2020 08:38 AM

Hi,

I was able to generate access token by user who had no role

I suspected it is the read ACL on oauth_credential table not allowing non-admin user to read the access or refresh token hence failing to make REST API call.

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Madhusudan1
Tera Contributor
In response to Ankur Bawiskar

‎08-24-2020 06:47 AM

Thanks @Ankur Bawiskar . I was able to test this successfully on PDI with a user who had no role.

Following up - What would be a good practice to allow access to oauth_credential table ? Would you suggest read only access to all users/apps or a dedicated role to be added to only select accounts generating tokens?

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Madhusudan1

‎08-24-2020 07:27 AM

Hi Madhusudan,

I was able to generate the access token using a user who didn't have any role.

So I believe you need to check and revisit the ACLs on that table.

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls