1. We have Pre auth as Deny with no conditions  -so essentially allow everyone

2. Post auth, we hav,e

 IP criteria with SSO

Role criteria with certain roles allowed , (does not look at authentication method)

Every scenario for Adaptive works including basic auth using API. However, API accounts that are doing OAuth are getting access_Denied. As soon as I disable the system property for Adaptive. OAuth starts working. Is Adaptive not designed to work with OAuth? How do I create a policy to make sure API accounts can hit https://<instance_name>.service-now.com/oauth_token.do ?  I have even tried adding the IP from where the call is done to our IP list in the filter criteria and still no luck. 

Hi @Harish V , Post-authentication policy should not have any impact on OAuth flow.

Can you please confirm if you have enabled 

1. ACR context policy

2. REST API Access Policy

Thanks,

Randheer

Hello @Randheer Singh , 

We are currenly on Tokyo so I do not think we have access to API access policy. We do have ACR policy enabled.

However, I think I have figured out this issue. Adaptive authentication set up does not migrate well across instances with an update set. I had to delete and recreate couple filter criteria and OAuth started working with no additional work. With all this, I think we have decided to manually configure Adaptive when we move to production and  not use update sets for this activity.

I really appreciate your quick responses 🙂