- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2023 07:17 AM
Hello,
I'm trying to set up Azure provisioning users into ServiceNow, which recently changed from user/password auth to Oauth. Following these 2 sets of directions
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/servicenow-provisioning-tutorial
However, some portions are still unclear to me:
-In the azure section "
- Authorization Endpoint: https://InsertInstanceName.service-now.com/oauth_auth.do?response_type=code&client_id=InsertClientID&state=1&scope=useraccount&redirect_uri=https%3A%2F%2Fportal.azure.com%2FTokenAuthorize"
What is the Client id? Is this the sys-id of the oauth entry in SN? Because as of now this is the error I receive when trying to test the connection from Azure
unauthorized_client: The client credentials provided (those of the service you are using) are either not valid or not trusted
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2023 03:38 PM
Microsoft have reallowed Basic Authentication for Azure AD User Provisioning.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2023 10:20 AM - edited 03-16-2023 10:31 AM
Hi Ben;
I'll be following your thread as I am in the same boat and haven't been able to determine the correct config now that Azure AD requires OAuth (via SCIM) for user provisioning. I was assuming the value above is the same as the client identifier from the app registry oauth record in SN, but that generates the same error.
I'll post if I figure anything out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2023 02:24 PM
I'm still working with ServiceNow on this one because there's a ton of issues with the new SCIM requirements.
- You need to ensure the SCIM plugin is installed.
- Ensure the Azure AD admin is actually set up in the user table with ServiceNow admin permissions
- Create an entry in the Application Registry table in ServiceNow, this will give you the client ID and client secret. Make sure the redirect URL is: https://portal.azure.com/TokenAuthorize
- Take the client id and client secret and complete the Azure AD form as described. The only gotcha I see there is the Token Endpoint. The docs say it should be https://InsertInstanceName.service-now.com/api/now/scim but it should rather be https://InsertInstanceName.service-now.com/oauth_token.do
I'm still getting permissions errors unfortunately. I've tested SCIM API using Postman with Basic Auth and it works fine, but oAuth is throwing a permissions error. I've tested the same oAuth creds using the Table APIs via Postman and it works fine. So somehow there's a missing step in the puzzle to grant oAuth access to the SCIM API. Not sure what it is yet, will comment if I track it down.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2023 03:38 PM
Microsoft have reallowed Basic Authentication for Azure AD User Provisioning.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2024 09:10 PM
does it mean Oauth is no longer supported
