Configuring authentication settings for ServiceNow services and components in AEM

Release version: Australia

Updated March 12, 2026

4 minutes to read

Enable logging in to both the Adobe Experience Manager (AEM) instance of your website and the ServiceNow instance using a third-party OpenID Connect (OIDC) provider that supports both OIDC and single sign-on (SSO) protocols.

You can select Okta or Microsoft Azure as the third-party OIDC provider that supports both OIDC and single sign-on (SSO) protocols.

Note:

Your AEM instance must use the selected third-party OIDC provider as the SSO provider.

Register ServiceNow with a third-party OIDC provider

Register ServiceNow as a web application with a third-party OIDC provider to validate the identity of a user using a JSON Web Token (JWT).

Before you begin

ServiceNow identifies an end user by sending the JWT token containing the end user information to the OIDC provider. The process to register ServiceNow with the OIDC provider varies depending on the provider.

Note:

This topic uses Okta as an example, but you can substitute the details of your own OIDC provider.

Role required: Okta account (Third-party OIDC provider account)

Procedure

Log in to your Okta account.
Select the Applications menu.
On the Applications page, click Add Application.
On the Create New Application page, select Web.

Fill in the fields.

Table 1. OIDC settings
Field	Value
Application label	Unique application name for your ServiceNow instance.
Authorization Code	Selected
Refresh Token	Selected
Login redirect URIs	Callback URL of your AEM instance. The URL structure is: https://<AEM-instance>:<AEM_port>/bin/now/auth/callback
Login initiated	App Only

Click Done.

What to do next

In the Client Credentials section, record the Client ID and Client secret values for when you set up Okta as an OAuth provider in your ServiceNow and AEM instances.

Add an OIDC provider to the ServiceNow instance

Add a third-party OIDC provider service to your ServiceNow instance to verify the identity of end users.

Before you begin

You must have configured the third-party OIDC provider service as an OAuth provider and recorded your Client ID and Client secret values. For more information, see Register ServiceNow with a third-party OIDC provider.

Role required: oauth_admin

Procedure

Navigate to All > System OAuth > Application Registry.

Set up OAuth for your ServiceNow instance.

Click New, select Configure an OIDC provider to verify ID tokens, and then fill in the Application Registries form.
Select an existing template for your OIDC provider (Okta or Microsoft Azure), and then either accept the default values in the Application Registries form or modify them.
Note:
OIDC provider templates are available after loading demo data with the OAuth 2.0 plugin. For more information, see Configure an OAuth OIDC provider.

Table 2. Application Registries form
Field	Description
Name	Unique name for the OAuth provider.
Client ID	Client ID you recorded earlier for your ServiceNow instance registered in the third-party OIDC server. The ServiceNow instance uses the client ID when requesting an access token.
Client Secret	Client secret you recorded earlier for your ServiceNow instance registered in the third-party OIDC server.
OAuth OIDC Provider Configuration	OIDC provider with which you registered your ServiceNow instance. Note: Select the record of your OIDC provider configuration or create another configuration, if not available, to ensure that the OIDC Metadata URL field value is correct and the User Claim and User Field fields are mapped correctly.

Save your changes.
- For an existing template, click Update.
- For a new template, click Submit.

Configure OIDC provider details in Adobe Experience Manager

Configure the third-party OIDC provider details in your Adobe Experience Manager (AEM) instance to access the ServiceNow components as an authenticated user.

Before you begin

You must have configured the third-party OIDC provider service as an OAuth provider and recorded your Client ID and Client secret values (see Register ServiceNow with a third-party OIDC provider).

Role required: AEM administrator

About this task

Configure the OIDC provider details in AEM to enable the AEM users to access the ServiceNow instance as authenticated users. If you don't configure the OIDC provider details in AEM, an AEM user is considered as a public user when accessing the ServiceNow instance.

Procedure

Access the web console in AEM with a URL in the following format: https://<AEM_hostname>:<AEM_port>/system/console/configMgr.
Search for ServiceNow OAuth Configuration.
In the Name column, click the ServiceNow OAuth Configuration link.

Provide values for the configuration settings.

Table 3. ServiceNow OAuth Configuration settings
Field	Description
ServiceNow Client ID	Client ID you recorded when setting up the OAuth for your ServiceNow instance.
ServiceNow Client Secret	Client secret you recorded when setting up the OAuth for your ServiceNow portal.
OAuth Provider Auth URL	Authorization server end point used for obtaining the authorization code. In the following URL structure, substitute the domain name of the authorization server of your third-party OIDC provider. Example: https://<auth_server_domain>/oauth2/authorize
OAuth Provider Access Token URL	Authentication server endpoint used for exchanging the authorization code for an access token. In the following URL structure, substitute the domain name of the authorization server of your third-party OIDC provider. Example: https://<auth_server_domain>/oauth2/token
Authorization request scope	List of scopes for limiting the authorization access. Note: The default value `openid email profile offline_access` works for most OIDC providers (for example, Okta).
User property to store refresh token	Name of the user property to store the authentication refresh token. Note: Once filled, this token is used to obtain access tokens for that user in all future requests.

Click Save.