This post describes OAUTH 2.0 authentication method to integrate Azure Monitor into ServiceNow ITOM Event Management. 

In <this> blog I explained the simplest method to integrated Azure Monitor. However using Oauth 2.0 is considered to be more secure as the credentials are not transmitted with each REST call, only the temporary token which gets regularly renewed. The official documentation can be found <here>.

The high level steps are:

1. Configure an "App Registration" in Azure

2. Create an Integration User in ServiceNow

3. Configure "Azure OAuth Config" in ServiceNow

4. Setup an Azure Event integration in the "Service Operations Workspace", "Integration Launch pad"

5. Configure the "Action Group" in Azure Monitor and test the integration

Oauth 2.0 can use v1 and v2  tokens so depending on which one you need to use the procedure is the same but the data entered has slight variations.

The screenshots are with v1 tokens, the changes needed for v2 tokens are pointed out in the text but are summarised below for clarity.

There are 4 places in the configuration process where there are differences 

- Manifest file "accessTokenAcceptedVersion" (null, 1 (v1) or 2 (v2))

- Application string to use  "Application ID URI" (v1)  or  "Application (client) ID" (v2)

- Remove "v2.0" from the  "OIDC Metadata URL" when using v1 tokens

- Claim name to use appid (v1) or azp (v2)

Configure an "App Registration" in Azure

Create a new App in "App registrations"

Add an "Application ID URI" 

Add and Save

This will have the following result:

For V1 tokens copy the "Application ID URI" field.

For V2 tokens copy the "Application (client) ID" field. 

From the "Endpoints" copy the "OpenID Connect metadata document" :

In the "App registration" "Manifest" file the "accessTokenAcceptedVersion": null," or 1 is correct for v1 tokens. For v2 tokens use 2. 

UDPATE: There seems to be a recent change in the Manifest file. Here is an example of the parameter "

You may need to add yourself as the owner of the App registration so it will show up in the Action Group at the end later.

Create an Integration User in ServiceNow

Go to "User Administration - Users" and

1. create a new user and

2 assign the "evt_mgmt_integration" role.

3. Add the "Source" Field to the form and copy the V1 "Application ID URI". For v2 tokens use  "Application (client) ID" 

So the result looks like

Config "Azure OAuth Config" in ServiceNow

In the ServiceNow instance goto "Azure Oauth Config"

And edit the existing "Azure OAuth OIDC Entity"

Step 1 Update the "Client ID" with  the V1 "Application ID URI" and Save.  For V2 tokens use the "Application (client) ID" in the "Client ID" field.

Step 2 Open the record with the label "OAuth OIDC Provider Configuration" and edit the record to enter the "OpenID Connect metadata document" data in the "OIDC Metadata URL" field. Note for v1 tokens remove the "v2.0" part from the URL:

And Save.

Final configuration on the same record is the "JWT Claim Validations". for V1 tokens the claim name needs to be "appid" and for v2 tokens it needs to be "azp" which is the default.

Setup an Azure Event integration in the "Service Operations Workspace", "Integration Launch pad".

Give the integration a name

Save and activate and copy the URL.

Configure the "Action Group" in Azure Monitor and test the integration

Goto Monitor, Alerts and then "Action Groups". Edit and existing action group or create a new one.

And "Edit"

In "Actions" add a line with a "Secure Webhook". Use the correct Object ID (App registration) and the URI needs to be the URL you collected from the Integration Launch Pad -  Azure Event Integration. 

Then select "Test action group"

And if all is well:

See the Event show up in the Event Management Integration. Nice!

If you think this is helpful and it is worth investing time in writing these blog posts click the "ThumbsUp" button.