How to bypass SSO for new integration using oAuth?

AndresGT1
Tera Expert

3 weeks ago - last edited 3 weeks ago

The current instance has Okta SSO enabled. We are trying to enable a new integration using oAuth, but when the connection is happening SSO is getting triggered everytime.

This is a third-party with no access to the SSO directory, is there a way to bypass this to get the token authentication?

The third-party application is using the following URL. There is documentation about this HERE 

https://myinstance.service-now.com/oauth_auth.do?response_type=code&redirect_uri={the_redirect_url}&client_id={the_client_identifier}
 
Below is the configuration we have from ServiceNow
AndresGT1_0-1764880354652.png

 

0 Helpfuls
  • 813 Views
5 REPLIES 5

Jennifer Metz
Giga Guru

3 weeks ago

Hello @AndresGT1,

 

If your organization hasn't disabled local login, you could try creating a local integration user instead. Create an OAuth API endpoint, then have the 3rd-party call https://<instance>.service-now.com/oauth_token.do using either grant_type=client_credentials (if enabled) or grant_type=password with that local user. Those token calls bypass Okta because they don’t go through the UI login page. If your SSO config is still forcing /oauth_token.do through Okta, your SSO admin needs to re-enable restricted local login for APIs.

 

Here is a link to the documentation that should help with any additional setup.

 

Hope this helps!

 

Jennifer Metz
Sr. ServiceNow Developer | Infosys
0 Helpfuls

lauri457
Giga Sage

3 weeks ago

Can you share more of your setup? Are you sure you are not using authorization code flow for your oauth which does require user interaction as the tokens are issued with delegated permissions, this would take you to okta to authenticate? Assuming okta is your auth app as well. What you might want is to use the client credentials flow.

0 Helpfuls

AndresGT1
Tera Expert
In response to lauri457

3 weeks ago

I've added the configurations used from our end and the URL used by the third-party

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

3 weeks ago

@AndresGT1 

if you create a local account and ensure it's marked as "Internal Integration User" as True so that it skips SSO

AnkurBawiskar_0-1764843990388.png

 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader