Users are not importing in ServiceNow

CDJ
Tera Contributor

Hi Team,

 

We are creating AD accounts through ServiceNow. When profiles are synced to Azure AD, ServiceNow imports the user profiles and creates corresponding user records.

Currently, we're facing an issue with licensing from the AD team, so we're working on incorporating the licensing step within ServiceNow. Specifically, we are adding users to an Azure AD group using the Microsoft Entra ID (Azure AD) Spoke.

However, when testing the flow, we encountered the following error: "Error:  Insufficient Permissions. Please Check Oauth Token and scope permission. We checked the outbound HTTP request, and the response indicates: "Access token is empty."

We verified that the OAuth profile, including the client ID and client secret, is correctly configured and valid. However, the issue persists, and we're unsure of the root cause.

Any assistance or guidance would be appreciated.

1 REPLY 1

Community Alums
Not applicable

You're encountering an "Access token is empty" error when trying to add users to an Azure AD group using the Microsoft Entra ID (Azure AD) Spoke in ServiceNow, which typically points to a misconfiguration in the OAuth setup. While your client ID and secret are correctly configured, the issue likely lies in missing or incorrect scopes, or an improperly set token URL or grant type. You should verify that the OAuth profile is using the correct grant type (preferably Client Credentials), the token URL is formatted as https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token, and the scope includes https://graph.microsoft.com/.default. Additionally, in Azure, ensure that the app registration has the required API permissions like Group.ReadWrite.All and User.Read.All, granted as application permissions, not delegated, and that admin consent has been provided. If all looks correct and you're still getting an empty token, try testing the token generation manually using Postman or cURL to confirm the problem lies in the token request and not in the flow logic. Also, review the connection alias in Flow Designer and ensure it's linked to the correct OAuth profile. Often, deleting and recreating the connection alias and OAuth record can also resolve hidden issues.