Hi @Rajesh Chopade1  

Thanks for quick response. Do you have any idea about the script?

Thanks,

Anji

Hi  @anjiadmin 

You can follow this detailed Implementation and do needful changes as per your requirement in script:

1. Configure Azure AD Integration in ServiceNow

1. Register an Application in Azure AD:
• Go to the Azure portal.
• Register a new application and note down the Client ID, Client Secret, and Tenant ID.
• Set the required API permissions, such as Group.ReadWrite.All and User.Read.
2. Add Azure AD Credentials in ServiceNow:
• Go to All > System OAuth > Application Registry.
• Click New and select Connect to a third-party OAuth Provider.
• Fill in the necessary details using the Client ID, Client Secret, and Tenant ID.

2. Create a ServiceNow Catalog Item

1. Define the Catalog Item:
• Go to All > Service Catalog > Catalog Definitions > Maintain Items.
• Click New to create a new catalog item.
• Add fields to capture user details and the group to be assigned.

3. Create a ServiceNow Workflow

1. Create the Workflow:
• Go to All > Workflow > Workflow Editor.
• Create a new workflow and associate it with the catalog item.
• Add necessary activities like approvals and a script activity.

4. Script to Call Azure AD API

1. Write the Script:
• Use a script to call the Azure AD API. This script can be added as a script activity in the workflow.

Here’s an example of what the script might look like:

(function executeRule(current, previous /*null when async*/) {
    var userEmail = current.variables.user_email; // Replace with your variable name
    var groupId = current.variables.group_id; // Replace with your variable name

    var clientId = gs.getProperty('azure.ad.client.id');
    var clientSecret = gs.getProperty('azure.ad.client.secret');
    var tenantId = gs.getProperty('azure.ad.tenant.id');
    var authority = 'https://login.microsoftonline.com/' + tenantId + '/oauth2/v2.0/token';
    var resource = 'https://graph.microsoft.com/';

    // Get OAuth token
    var requestBody = {
        client_id: clientId,
        scope: 'https://graph.microsoft.com/.default',
        client_secret: clientSecret,
        grant_type: 'client_credentials'
    };

    var request = new sn_ws.RESTMessageV2();
    request.setHttpMethod('POST');
    request.setEndpoint(authority);
    request.setRequestBody(JSON.stringify(requestBody));
    request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

    var response = request.execute();
    var responseBody = response.getBody();
    var responseJson = JSON.parse(responseBody);
    var token = responseJson.access_token;

    // Add user to group
    var apiEndpoint = 'https://graph.microsoft.com/v1.0/groups/' + groupId + '/members/$ref';
    var memberBody = {
        "@odata.id": "https://graph.microsoft.com/v1.0/users/" + userEmail
    };

    var addMemberRequest = new sn_ws.RESTMessageV2();
    addMemberRequest.setHttpMethod('POST');
    addMemberRequest.setEndpoint(apiEndpoint);
    addMemberRequest.setRequestBody(JSON.stringify(memberBody));
    addMemberRequest.setRequestHeader('Authorization', 'Bearer ' + token);
    addMemberRequest.setRequestHeader('Content-Type', 'application/json');

    var addMemberResponse = addMemberRequest.execute();
    if (addMemberResponse.getStatusCode() !== 204) {
        gs.error('Failed to add user to group: ' + addMemberResponse.getBody());
    } else {
        gs.info('User successfully added to group.');
    }
})(current, previous);

Test the Integration:

• Submit a request using the new catalog item.
• Monitor the workflow and check if the user is added to the specified group in Azure AD.

i hope my answer helps you to resolve your issue, if yes mark my answer helpful and correct.

THANK YOU

rajesh chopade.