Oauth credentials based on user SSO for integration

Khanna Ji · yesterday

Hi Team,

We are setting up an integration with third party tool which uses SSO and also ServiceNow has SSO capabilities. That third party tool wants to integrate with ServiceNow to search for knowledge artciles and so on.

But only authorized knowledge articles should be visible to the users in that third party. So I cannot use a single common API credentials. API credentials must be for individual users so that only the KBAs they are authorized to view are accessible.

How can I setup the authentication mechanism here? I cannot end up giving each user rest or web service role or I cannot grant single user all rights and use that user for API connection. How to handle this situation?

pavani_paluri · yesterday

Hi @Khanna Ji ,

Use OAuth 2.0 with SSO Integration

ServiceNow supports OAuth 2.0 for REST API authentication.
If your instance already uses SSO (SAML or OIDC), you can configure OAuth profiles tied to the same identity provider.
This way, the third-party tool can redirect users to your IdP for login. Obtain an access token for each user. Call ServiceNow APIs using that token.

API calls run under the user’s identity, so KB article ACLs apply automatically

Steps to Configure

Enable OAuth in ServiceNow

Go to System OAuth > Application Registry.
Create a new OAuth API Endpoint for External Clients.
Note the Client ID and Client Secret.

Configure Redirect URI. Set the third-party tool’s callback URL.

Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for

Kind Regards,

Pavani P

Khanna Ji · yesterday

Very hard for me to understand. Is there any document or video or knowledge articke explaining this?