The CreatorCon Call for Content is officially open! Get started here.

Oauth grant type - ID Token flow (OIDC)

SS6
Tera Expert

‎02-26-2025 07:14 AM

Hi Team,

Has anyone successfully used Azure as the OAuth provider for an inbound API call into ServiceNow?

In this use case, a third-party application wants to access the ServiceNow Incident Table API but prefers to use Azure as the OAuth provider instead of ServiceNow.

I believe the only way to achieve this is by using the OIDC approach. https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/administer/security/task/...

Could someone provide insights into this? Thank you!

 

0 Helpfuls
  • 889 Views
4 REPLIES 4

Kieran Anson
Kilo Patron

‎02-26-2025 01:12 PM

Yes, OIDC is the correct solution to allow authentication using a third parties Auth token as a validation mechanism 

SS6
Tera Expert

‎02-26-2025 02:12 PM

Hi Anson,

I have a couple of questions about OIDC:

1. The flow mentions claims validation. Does this mean I need to assign a sys_user account for the third-party application, possibly as webservice only?

2. My understanding is that I only need to register Azure in my OAuth once and set the OIDC provider to Azure AD. However, all third-party applications need to register in Azure before they can authenticate with ServiceNow. For example, if there are 20 systems trying to connect to ServiceNow, I will only have one OAuth registry created in SN, and these 20 systems will need to register in Azure.

3. What will be the grant type between the third-party system and ServiceNow in this OAuth mechanism? Will it be a JWT token or an ID token?

0 Helpfuls

Kieran Anson
Kilo Patron
In response to SS6

‎03-03-2025 05:35 AM

Hello

  1. The JWT will contain the user claim. This is how the user will be identified to then authorise. 
  2. Correct
  3. The ID token is a JSON web token (JWT) which contains claims about the user identity, access needed, and certificate details to validate the external identity provider issued it

SS6
Tera Expert
In response to Kieran Anson

‎03-03-2025 10:52 AM

Understood. Thanks for the response.

Following up on #1.

So essentially, I need to create a service account for the third-party system with the correct email address or UPN name that the third-party system might use to get the token from Azure. This way, the user claims are present in the token the third-party system provides to ServiceNow. ServiceNow will then use that information to validate if the request comes from a legitimate system and provide access to the resources.

One more thing, is there any detailed documentation available that lists these steps?

0 Helpfuls