Third party token workflow for service accounts

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:3分

    • Create a service account in ServiceNow® to represent the identity of a third-party application accessing APIs through a trusted identity provider (IdP). This account maps the token claims to a user record and manages access with roles and permissions.

    始める前に

    Role required: oauth_admin, mi_admin, admin

    このタスクについて

    When a third-party application authenticates using a token from an external identity provider (IdP), ServiceNow needs a corresponding user record to map the identity and apply access controls.

    Create a corresponding sys_user account in ServiceNow for your service account. The value of the claim configured during the initial setup in the token issued by your Idp is mapped to the user field specified. This account represents the service identity in ServiceNow. You can restrict this account to API access only, and assign the necessary permissions by adding the appropriate roles and groups.

    図 : 1. Service Account Workflow
    Service Account Workflow

    手順

    1. Follow the Third party token workflow for user accounts to create a user account.
    2. Create a sys-user account in ServiceNow to represent your service account identity.
      Ensure that the token claim value matches with that of the value in the mapped user field (such as user_name or email) in the user record. Example: user_name, email.
      1. Select the Web service access only option to restrict the account to API access.
      2. Assign the required roles and groups to grant the appropriate permission.

      The ServiceNow platform maps the configured claim to the specified user field in the sys_user record. It enforces access based on that user's assigned roles and groups.

    3. Make a GET request with the authorization header to the following endpoint: 
      Method: GET
Endpoint: https:// <servicenow_base_url> /api/now/incident
Authorization: Bearer YOUR_ACCESS_TOKEN