OAuth 2.0 authentication via MID Server using external credential storage
Store OAuth 2.0 credentials-client ID and client secret-in the CyberArk vault instead of the ServiceNow instance. The MID Server gets the credentials from the CyberArk vault, when required to get the OAuth token. The token is stored in the MID Server and refreshed automatically upon expiry.
The CyberArk Application Identity Management (AIM) product uses the Privileged Account Security solution to eliminate the need to store application passwords embedded in applications, scripts or configuration files, and allows these highly sensitive passwords to be centrally stored, logged, and managed within the CyberArk vault. You can configure the CyberArk vault to store OAuth 2.0 credentials rather than directly in a ServiceNow credentials record. To know more about CyberArk, see CyberArk credential storage integration.
Architecture of OAuth 2.0 authentication of MID Server request
The architecture has two parts: ServiceNow instance and the environment where the Application Identity Manager (AIM) client and the MID Server are configured. Examples of environment are the cloud or a customer environment.
The MID Server and the Application Identity Manager (AIM) client must be configured on the same environment and the Application Identity Manager (AIM) must be configured to interact with the CyberArk external vault. The CyberArk external vault could be hosted in the same environment as that of MID Server and the Application Identity Manager (AIM) or a different environment.