Set up Microsoft OneDrive spoke

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 4 minutes de lecture

    • Integrate the ServiceNow instance and Microsoft OneDrive spoke by using OAuth 2.0 credentials to authenticate ServiceNow requests.

    Avant de commencer

    • Request an Integration Hub subscription.
    • Activate the Microsoft OneDrive spoke.
    • Role required: admin.

    Configure Microsoft OneDrive application

    Create a custom OAuth application from your Microsoft OneDrive account to enable OAuth 2.0 authentication with the Microsoft OneDrive spoke.

    Avant de commencer

    Microsoft OneDrive requirements:
    • Microsoft OneDrive account
    • Microsoft Azure account
    • Role required: Microsoft OneDrive tenant administrator credentials

    Pourquoi et quand exécuter cette tâche

    Complete these steps from your Azure Developer account. See the Azure product documentation for instructions on creating and configuring custom applications.

    Procédure

    1. Log in to the Microsoft Azure App registration portal with your organization credentials.
    2. Register a new custom application.
      Fill in the application name, the supported account type, and the redirect URI, and then click Register.
      An overview of the application's basic information is shown.
      Remarque :
      Ensure that you enter the redirect URI in this format: https://<instance>.service-now.com/oauth_redirect.do.
    3. Copy the application ID to a text file.
      You will use this ID and the client secret generated in the next step to register the app as a third-party OAuth provider on your ServiceNow instance. You use the application ID as the client ID when you connect the application to ServiceNow.
    4. Add a client secret.
      1. In Microsoft Azure, navigate to Manage > Certificates & secrets.
      2. Provide a description and an expiration date and click Add.
        Remarque :
        The client secret is only displayed in plain text for a short time. You use the client secret when you connect the application to ServiceNow.
    5. Enable the permissions you want the application to support.
      For more information, see the Microsoft Graph permissions reference.
      1. In Microsoft Azure, navigate to Manage > API permissions.
      2. Click the Microsoft Graph tile.
      3. Select the Delegated or Application permissions that the application supports.
        Delegated permissions enable the application to access the API as a signed-in user. Application permissions enable the application to run as a background service or daemon without a signed-in user. You must mention these API permissions in the OAuth Entity scopes tab while configuring the application registry.
        Remarque :
        You must ensure that these API permissions are provided for your custom app.
        Name OAuth scope
        Calendars.ReadWrite Calendars.ReadWrite
        Calendars.ReadWrite.Shared Calendars.ReadWrite.Shared
        email email
        Files.Read Files.Read
        Files.Read.All Files.Read.All
        offline_access offline_access
      4. Click Add permissions.

    Register Microsoft OneDrive as OAuth provider

    Use the information generated during Microsoft OneDrive account configuration to register Microsoft OneDrive as an OAuth provider and allow the instance to request OAuth 2.0 tokens.

    Avant de commencer

    • Request Integration Hub subscription.
    • Activate Microsoft OneDrive spoke.
    • Create Microsoft OneDrive application.
    • If you are using a single tenant app registration, obtain the value of Directory (tenant) ID from the Azure portal.

    Role required: admin

    Procédure

    1. In ServiceNow, navigate to System OAuth > Application Registry.
    2. Click New.
    3. On the screen titled What kind of OAuth application, select Connect to a third-party OAuth Provider.
    4. Enter these values in the Application Registries form:
      Field Value required
      Name Enter any name to uniquely identify the record, for example OneDrive OAuth profile.
      Client ID Enter the Application ID of the OneDrive application you created in Azure.
      Client Secret Enter the Client Secret you generated when you created the application in Azure.
      Default Grant type Select Authorization Code.
      Authorization URL
      • If you are using a multi-tenant app registration, click the lock iconLock icon, enter https://login.microsoftonline.com/common/oauth2/v2.0/authorize, and then click the lock icon again.
      • If you are using a single tenant app registration, click the lock iconLock icon, enter https://login.microsoftonline.com/<Directory-ID>/oauth2/v2.0/authorize, and then click the lock icon again.

        In the URL, replace <Directory-ID> with the value of Directory (tenant) ID obtained from the Azure portal.
      Token URL Click the lock icon Lock icon, enter https://login.microsoftonline.com/common/oauth2/v2.0/token, and then click the lock icon again.
      Redirect URL Click the lock icon Lock icon, enter https://<instance>.service-now.com/oauth_redirect.do, and then click the lock icon again.
    5. In the OAuth Entity Scopes related list, add scopes to match the permissions you defined when you configured the Microsoft OneDrive application.
      Click Insert a new row and enter the name and the OAuth scope of the permission. The name and the OAuth scope are often the same string. Ensure that these scopes are provided.
      Name OAuth scope
      Calendars.ReadWrite Calendars.ReadWrite
      Calendars.ReadWrite.Shared Calendars.ReadWrite.Shared
      email email
      Files.Read Files.Read
      Files.Read.All Files.Read.All
      offline_access offline_access
      Remarque :
      The scopes mentioned here must be same as the API permissions provided during the custom app configuration.
    6. Right-click the form header, and click Save.
      The system validates the OAuth credentials.

    Create Connection and Credential Alias for Microsoft OneDrive spoke

    Create Connection records to your Microsoft OneDrive account. The Microsoft OneDrive spoke connection and credential aliases use these connections to perform actions in the Microsoft OneDrive.

    Avant de commencer

    Role required: admin

    Procédure

    1. Navigate to All > IntegrationHub > Connections & Credentials > OneDrive.
    2. From Related Links, click Create New Connection & Credential.
    3. On the form, fill in these fields:
      Field Value required
      Connection Name Name to identify the connection. This field is automatically set to Microsoft Onedrive Spoke Connection
      Connection URL The URL to make connection to the spoke. This field is automatically set to https://graph.microsoft.com
      OAuth Entity Name Name of the OAuth entity profile. This field is automatically set to Microsoft Onedrive Spoke Auth.
      OAuth Client ID Client ID of the OneDrive application you registered in Microsoft Azure App registration portal.
      OAuth Client Secret Client Secret generated when you registered the application in Microsoft Azure portal.
      OAuth Redirect URL The redirect URL. The format of the URL is https://<your-instance>.service-now.com/oauth_redirect.do
    4. Click Create and Get OAuth Token.

    Résultats

    The Microsoft OneDrive spoke is set up and integrated with the ServiceNow instance.