Unable to Get OAuth Token after setting up Microsoft Intune Spoke

KennC
Tera Expert

We would like to have Microsoft Intune spoke in our Dev instance so we can use the OOTB actions available. This is the article we have been following: https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-stor...
We have checked that the Client Secret is valid and not expired & have confirmed with Client ID that we are wanting to have access to.
It was working initially roughly 4 weeks ago on initial set up - but now it does not work. It will keep asking for us to log into out personal account when it should not need these credentials.
We also found a support article https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1001824 which we have tried but it still does not give us access.

 

Has anyone else come across this before? We've even reinstalled the spoke and set up the credentials again but its not working.

 

Thanks

1 ACCEPTED SOLUTION

KennC
Tera Expert

Hello,

 

We on our side raised a HI Ticket in regards to this and have now got it resolved.

 

The solution for us was to remove all the Entity Profile Scopes on the Profile.

Once we did this and clicked Get Oauth Token - it retrieved fine. 

 

KennC_0-1737382064262.png

 

 Hope this helps. Only leave Default in the list. 

View solution in original post

4 REPLIES 4

muktha1
Tera Guru

Has anybody found a resolution for this issue? I am also facing the same issue. There are a list of scopes given in the Microsoft document for this . 

muktha1_0-1737113600559.png

 

But it throws the following error. 

OAuth flow failed. Verify the configurations and try again. Error detail:invalid_scope, AADSTS1002012: The provided value for scope openid offline_access DeviceManagementManagedDevices.PrivilegedOperations.All User.ReadWrite.All profile DeviceManagementApps.ReadWrite.All DeviceManagementManagedDevices.ReadWrite.All is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI). 

What should we be doing to resolve this? Why do not we have proper SNOW documentation for Oauth Entity scopes for Intune Set up. Can anyone please help?

Tyson3
Tera Contributor

We have the same exact problem... We are going to submit a servicenow support ticket.  This sort of stuff is really annoying

KennC
Tera Expert

Hello,

 

We on our side raised a HI Ticket in regards to this and have now got it resolved.

 

The solution for us was to remove all the Entity Profile Scopes on the Profile.

Once we did this and clicked Get Oauth Token - it retrieved fine. 

 

KennC_0-1737382064262.png

 

 Hope this helps. Only leave Default in the list. 

gulatia
Tera Contributor

We followed the steps on Set up the Microsoft Intune spoke and clicking on Get OAuth shows page showing approval required on the microsoft side. Any suggestions on how to resolve?

 

Aman