OAuth 2.0 credentials

  • Release version: Australia
  • Updated June 16, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of OAuth 2.0 credentials

    OAuth 2.0 credentials in ServiceNow enable secure access to user accounts on HTTP services by obtaining OAuth tokens. These credentials are configured through a dedicated form that captures key details and settings necessary for authentication and integration.

    Show full answer Show less

    Key Features

    • Name: Assign a unique, descriptive name to identify the credential.
    • Active: Toggle to specify whether the credential is currently active.
    • OAuth Entity Profile: Links to an OAuth profile combining a grant type and scopes, essential for token requests.
    • Connect to Auth Server via MID Server: Enables token requests to pass through a MID Server, supporting connections to on-premise or cloud OAuth servers behind firewalls. This option is available when specific grant types (Client Credentials, Authorization Code, or Resource Owner Password Credentials) are selected.
    • Applies to: Defines which MID Servers the credential applies to—either all or specific ones. It is critical that these MID Servers have proper connectivity to the Auth server, are active (Status: Up), validated, and have appropriate capabilities (REST or ALL).
    • Order: Specifies the sequence in which credentials are attempted during authentication, important for managing multiple credentials and avoiding lockouts.
    • Credential Alias: Allows tying the OAuth 2.0 credential to an alias for easier management.
    • Integration Type: Determines how the token is obtained and used:
      • System: Retrieves token based on the requester profile; supports SAML and JWT authentication mechanisms.
      • Personal: Retrieves user-specific tokens; requires the MID Server user to have the oauthadmin role. Supports Authorization Code and Resource Owner Password Credentials grant types. Enables access to user-related information and supports session user tokens when configured accordingly in Flow properties.

    Important Considerations

    • Ensure MID Servers selected for OAuth token requests can communicate with the Auth server.
    • At least one MID Server must be active, validated, and properly configured to handle REST calls.
    • Select the appropriate integration type based on whether tokens need to be system-wide or user-specific.
    • Using personal tokens allows accessing user-specific data; thus, proper roles and Flow configurations are necessary.

    By properly configuring OAuth 2.0 credentials with these fields and considerations, ServiceNow customers can securely and efficiently integrate with third-party OAuth providers, enabling automated and user-specific API access.

    OAuth 2.0 credentials enable ServiceNow to obtain access to user accounts on an HTTP service.

    These fields are available in the Credentials form for OAuth 2.0.
    Table 1. OAuth 2.0 credentials form
    Field Input value
    Name Enter a unique and descriptive name for this credential. For example, you might call it OAuth2 credential.
    Active Specify whether this credential is active.
    OAuth Entity Profile An OAuth profile is a combination of a grant type and at least one scope.
    Connect to Auth Server via MID Server Connects your ServiceNow instance to an on-premise OAuth server that resides behind a firewall through a MID Server. It can also connect your ServiceNow instance to a cloud-based OAuth server through a MID server. When this option is enabled, the request for an OAuth token is sent through the MID Server.
    Important:
    • The option appears when the value in the Grant type field in the OAuth Entity Profile is set to eitherClient Credentials, Authorization Code, or Resource Owner Password Credentials. To learn how to set an OAuth entity profile for a third-party OAuth provider, see Connect to a third-party OAuth provider.
    • If you select the Connect to Auth Server via MID Server checkbox, you must identify the required MID Server or MID Servers from the Applies to list.
    Applies to

    Specify if the credential record is applicable for all MID Servers, or a specific MID Server. If specific, add the MID servers as necessary.

    Important:

    Ensure that you are aware of these considerations if you have selected the Connect to Auth Server via MID Server check box.
    Order

    Order (sequence) in which Discovery tries this credential as it attempts to log on to devices. The smaller the number, the higher in the list this credential appears. Establish credential order when using large numbers of credentials or when security locks out users after three failed login attempts. If all the credentials have the same order number (or none), the instance tries the credentials in a random order.
    Credential alias Specify the credential alias that you want to tie to the OAuth 2.0 credential.
    Integration Type Indicates the integration type for the credential. Invoke an API of a third-party with an OAuth request that generates an OAuth token that is system or user specific. Following are the integration types:
    • System: Pull the token information based on the requester profile. The System integration type supports the following authentication mechanisms:
      1. Security Assertion Markup Language (SAML)
      2. JSON Web Token (JWT)
    • Personal: Pull the token information that is user-specific. The MID Server user must have the oauth_admin role. The Personal and System integration types support the following grant types:
      1. Authorization Code
      2. Resource Owner Password Credentials

    If this Personal is selected on the OAuth Requestor Profile page, an additional flag called as Personal is displayed.

    Note:
    • Any information that is related to a user can only be accessed with user-specific OAuth tokens with the Integration Type as Personal.
    • To use the session user-related token, you have to select the Run As filed in the Flow properties as User who initiates session.