OAuth 2.0 credentials

  • Release version: Xanadu
  • Updated June 16, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of OAuth 2.0 credentials

    OAuth 2.0 credentials in ServiceNow allow your instance to securely obtain access tokens to interact with user accounts on external HTTP services. These credentials are configured through a dedicated form that captures essential information for OAuth authentication and authorization.

    Show full answer Show less

    Key Features

    • Name: Assign a unique, descriptive name to each OAuth 2.0 credential for easy identification.
    • Active: Enable or disable the credential as needed.
    • OAuth Entity Profile: Defines the OAuth grant type and scopes, which determine how tokens are requested and what access is granted.
    • Connect to Auth Server via MID Server: Allows your ServiceNow instance to communicate with on-premise or cloud-based OAuth servers behind firewalls through a MID Server. This option is only available when the grant type is set to Client Credentials.
    • Applies to: Specifies whether the credential applies to all MID Servers or specific ones. Proper MID Server selection is critical to ensure successful token requests.
    • Order: Determines the sequence in which Discovery attempts to use multiple credentials when logging into devices, helping manage credential prioritization and security limits.
    • Credential Alias: Allows linking to an alias for organizational or operational purposes.
    • Integration Type: Defines whether the OAuth token is system-wide or user-specific:
      • System: Token based on the requester profile for system-level integrations.
      • Personal: User-specific token tied to the session initiator, required for accessing user-related data.

    Important Considerations

    • When using the MID Server connection, ensure that the selected MID Servers are operational (Status “Up” and Validated “Yes”) and have REST or ALL capabilities.
    • Ensure MID Servers can communicate with the OAuth provider’s token URL to successfully obtain tokens.
    • For user-specific OAuth tokens, select the Personal integration type and configure flows to run as the user initiating the session.

    Practical Application for ServiceNow Customers

    By properly configuring OAuth 2.0 credentials, you enable secure, flexible, and scalable authentication for integrations with third-party services. This supports both system-wide and user-level access, facilitates access through firewalls with MID Servers, and allows prioritization of credentials when multiple are used. These capabilities ensure seamless API integrations, improve security posture, and enable personalized user experiences within your ServiceNow environment.

    OAuth 2.0 credentials enable ServiceNow to obtain access to user accounts on an HTTP service.

    These fields are available in the Credentials form for OAuth 2.0.
    Table 1. OAuth 2.0 credentials form
    Field Input value
    Name Enter a unique and descriptive name for this credential. For example, you might call it OAuth2 credential.
    Active Specify whether this credential is active.
    OAuth Entity Profile An OAuth profile is a combination of a grant type and at least one scope.
    Connect to Auth Server via MID Server Connects your ServiceNow instance to an on-premise OAuth server that resides behind a firewall through a MID Server. It can also connect your ServiceNow instance to a cloud-based OAuth server through a MID server. When this option is enabled, the request for an OAuth token is sent through the MID Server.
    Important:
    • The option appears when the value in the Grant type field in the OAuth Entity Profile is set to Client Credentials. To learn how to set an OAuth entity profile for a third-party OAuth provider, see Connect to a third-party OAuth provider.
    • If you select the Connect to Auth Server via MID Server checkbox, you must identify the required MID Server or MID Servers from the Applies to list.
    Applies to

    Specify if the credential record is applicable for all MID Servers, or a specific MID Server. If specific, add the MID servers as necessary.

    Important:

    Ensure that you are aware of these considerations if you have selected the Connect to Auth Server via MID Server check box.

    • Ensure that all the MID Servers selected in Applies to can communicate with the Auth server. This is required to execute the token request against the Token URL mentioned in the OAuth provider record (that is linked to the OAuth entity profile specified in the OAuth 2.0 credential record).Token URL in the OAuth provider record.
    • Ensure that there is at least one MID Server (in the MID Servers selected in Applies to) with these configurations:
      • The value of the Status field is Up.
      • The value of the Validated field is Yes.
      • The capability of the MID Server is set to REST or ALL. To learn how to configure the MID server, see .MID Server status.

        To learn more about these statuses, see MID Server dashboard.
    Order

    Order (sequence) in which Discovery tries this credential as it attempts to log on to devices. The smaller the number, the higher in the list this credential appears. Establish credential order when using large numbers of credentials or when security locks out users after three failed login attempts. If all the credentials have the same order number (or none), the instance tries the credentials in a random order.
    Credential alias Specify the credential alias that you want to tie to the OAuth 2.0 credential.
    Integration Type Indicates the integration type for the credential. Invoke an API of a third-party with an OAuth request that generates an OAuth token that is system or user specific. Following are the integration types:
    • System: Pull the token information based on the requester profile.
    • Personal: Pull the token information that is user-specific. The user who initiates the session.

    If this Personal is selected on the OAuth Requestor Profile page, an additional flag called as Personal is displayed.

    Note:
    • Any information that is related to a user can only be accessed with user-specific OAuth tokens with the Integration Type as Personal.
    • To use the session user-related token, you have to select the Run As filed in the Flow properties as User who initiates session.