ServiceNow Azure AD and ServiceAccount for Scripted API

somdev · ‎09-06-2024

Hello All,

Our client has Azure SSO and is using User Provisioning via SSO. They now want to develop a Scripted REST API in ServiceNow which external vendors will use. But for authentication, they want to use a Service Account created in the Azure AD. They don't want to store the values in ServiceNow, so they will just send the username and password in the API call when they call the scripted API. But since the user is SSO synced, the username password is not saved in ServiceNow. How do I authenticate the request in this scenario ? Please guide.

Thank You,
Somdev Nath

Abbas_5 · ‎09-06-2024

Hello @somdev ,

Please refer to the below link:
https://www.servicenow.com/community/servicenow-impact-forum/integrate-azure-ad-with-servicenow/td-p...

If it is helpful, please mark it as helpful and accept the correct solution.

Thanks & Regards,

Abbas Shaik

somdev · ‎09-08-2024

Hello Abbas,

Your link discussed about How to Setup Azure AD. My question is different.

As I have mentioned, I already have Azure AD setup.

My question is how to do Scripted API authentication using a ServiceAccount created in Azure AD. I already have generated Oauth Token from Azure, but using Client Secret and Client ID. How to generate the token for a particular ServiceAccount.

Cadmila21 · ‎09-09-2024

To authenticate the API request without storing credentials in ServiceNow, you can use OAuth 2.0 with Azure AD. External vendors can obtain an access token from Azure AD using the service account credentials, and include this token in the API call. ServiceNow will validate the token against Azure AD for authentication. This approach avoids storing the username and password directly and ensures secure API access.
#1win

somdev · ‎09-10-2024

Hello @Cadmila21

Thanks for your response. For TableAPI I know it works OOB. But for scripted API, how do we authenticate ? Does the system automatically does that ?