We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Service Graph Connector Azure

Nisha30
Kilo Sage

3 weeks ago

Hello ,

 

We need to integrate ServiceNow discovery for Azure using Service Graph Connector.

I am looking to documents but still need some go ahead as confused

 

1) Do we need to set up oAuth ? or we simply need Azure Service Principal? for Discovery.

2) Do we need MidServer ? or without also it works?

 

Please assist

 

Thanks

0 Helpfuls
  • 672 Views
5 REPLIES 5

Vishnu-K
Tera Guru

3 weeks ago

Hi @Nisha30 ,

 

1. Do we need OAuth or just an Azure Service Principal?

 

You need both. They work together. This is not an either or decision.

 

How it works

  • First create an Azure Service Principal in Azure AD.

  • The Service Principal provides a Client ID also called Application ID.

  • It also provides a Client Secret.

  • In ServiceNow you configure an OAuth 2.0 credential using those values.

  • ServiceNow uses the OAuth 2.0 Client Credentials grant type.

  • It sends the Client ID and Client Secret to Azure.

  • Azure returns a temporary Access Token.

  • ServiceNow uses that Access Token to call Azure APIs securely.

The Service Principal provides the identity. OAuth provides the token based authentication mechanism.

 

Guided Setup

During Guided Setup you will be asked to enter:

  • Client ID

  • Client Secret

These values are used to configure the OAuth credential record inside ServiceNow.

 

2. Do we need a MID Server?

 

No, a MID Server is not required.

 

The Azure Service Graph Connector is designed to make direct REST API calls from your ServiceNow instance to:

  • Azure Management API

  • Azure Log Analytics API

It does not rely on traditional IP based discovery.

 

3. When would a MID Server be needed?

A MID Server becomes optional or necessary only in specific scenarios.

Network restrictions

  • If your organization blocks outbound connections from ServiceNow to public Azure APIs.

Deep discovery use case

  • If you plan to combine the connector with traditional Discovery.

  • If you require IP based scanning.

  • If you need OS level details such as running processes or installed software.

The Service Graph Connector collects cloud metadata through APIs but does not perform deep OS level interrogation by default.

 

If this answers your question, please mark it as helpful and accept the solution for better community visibility.

 

Thanks,

Vishnu

Nisha30
Kilo Sage
In response to Vishnu-K

3 weeks ago

Hi @Vishnu-K 

Thanks for explanation . Yeah so my confusion was 

if we simply go to credential table (for horizontal discovery) as below snap shot we can create Azure Service Principal where we need all the details.

But then do we set up OAuth profile as well to get The Token? So does it not login with this 

Azure Service Principal to pull in data ?

 

Nisha30_1-1770909331385.png

 

 

 

Nisha30_0-1770909293313.png

 

Thanks 

0 Helpfuls

Vishnu-K
Tera Guru
In response to Nisha30

3 weeks ago

Hi @Nisha30 ,

 

Those(i.e Azure Service Principle) credentials are not used for the validation in SGC , and with those credentials you can't pull the data , so you have to get the following details from azure :

VishnuK_0-1770960216797.png

After getting those 

 

Navigate to All>Service Graph Connectors>Azure>Setup.

 

In the Create connection for the hardware import section of the Service Graph Connector for Microsoft Azure page, select Continue.

 

For the Create or Edit connection task, select Configure.

 

On the Connections page of the Workflow Studio, select Configure for the SG-Azure Hardware Connection connection that is available by default for the hardware import.

 

On the form, review and modify the fields : 

1. Connection name -> any proper name 

2. Connection URL -> Which will be base url and is auto filled so need to touch it .

3. Oauth Client ID -> Application ID of your Azure Client.

4. Oauth Client Secret -> Client Secret of your azure client applicaiton.

5. Oauth Token URL -> Token URL of your Azure Client Application

 

If this answers your question, please mark it as helpful and accept the solution for better community visibility.

 

Thanks,

Vishnu

0 Helpfuls

Tanushree Maiti
Giga Sage

3 weeks ago

Please refer this links, see if it helps you:

Please refer this links, see if it helps you:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1515928

https://www.servicenow.com/docs/r/servicenow-platform/service-graph-connectors/cmdb-integration-azur...

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls