- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 09:31 PM
Hello,
I have to integrate a third-party cloud platform with ServiceNow. We have to make REST API calls to query ServiceNow data from Asset Management. Is it possible to use SSO authentication for the API instead of providing local account credentials? Release version is Tokio. Thank you in advance!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 09:55 PM
For a user action-driven integration, you can use OAuth 2.0 Authorization code flow support by the ServiceNow platform for inbound API Authentication. A client can get an authorization code after the user completes the SSO login on the ServiceNow instance. An access token can then be received in exchange of the authorization code for making API calls.
The platform also accepts identity tokens generated by a third-party OIDC provider for inbound API authentication. Here is the documentation.
For system-to-system integration without user intervention, you can use the JWT bearer grant type.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 09:34 PM
Hi @rootishidden ,
As per my knowledge, it is not yet possible from ServiceNow to do SSO authentication for the API using REST API Calls.
Please mark correct if my response has solved your query.
Cheers,
Mohammed Basheer Ahmed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 09:55 PM
For a user action-driven integration, you can use OAuth 2.0 Authorization code flow support by the ServiceNow platform for inbound API Authentication. A client can get an authorization code after the user completes the SSO login on the ServiceNow instance. An access token can then be received in exchange of the authorization code for making API calls.
The platform also accepts identity tokens generated by a third-party OIDC provider for inbound API authentication. Here is the documentation.
For system-to-system integration without user intervention, you can use the JWT bearer grant type.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2023 10:08 AM - edited 08-02-2023 10:10 AM
Respectfully, I challenge if ServiceNow's handling for OAuth with response_type=code/grant_type=authorization_code is still functional, OAuth 2.0 Authorization code flow.
ServiceNow's working OAuth approaches are:
- Implicit: response_type=token, presents "Allow" page.
- Password: grant_type=password
However, for response_type=code, ServiceNow directs not to "Authentication" page but to "Allow" page.
Yes, a "code" is returned within the redirecit_uri, but because access to instance has not be "Authorized", then the "code" is "unauthorized".
{
"error_description": "access_denied",
"error": "server_error"
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2024 02:36 PM
Hi @Randheer Singh This is helpful but if yould help me with some clarification, that'd be great.
I’m developing an integration with a third-party service where user actions will trigger the Service Catalog API to create catalog items in ServiceNow. Rather than using a dedicated integration account for authentication and API execution, we want to leverage the actual user's profile for these tasks. This will likely involve the client connecting via SSO, obtaining the necessary authorization, and then calling the Catalog API to create the RITM in ServiceNow. Does you solution address that use case?
