Configure an OAuth profile to use a client ID and secret for token generation

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Configure an OAuth profile using a client ID and client secret to create an email account for using Microsoft Graph (receive) in your email account type.

Before you begin

Create an Microsoft Azure account to configure OAuth profile.

Complete the set up steps using your Microsoft Azure Developer account. See the Microsoft Azure product documentation for instructions on creating and configuring custom applications.

Role required: admin and Microsoft Azure portal administrator

Procedure

Log in to the Microsoft Azure registration portal with your organization credentials.
For more information, see the Microsoft Azure registration portal documentation.
Register a new custom application by filling in the application name, supported account type, and redirect URI, and select Register.

Note:
Enter the redirect URI in the following format: https://<instance>/oauth_redirect.do.

An overview of the application's basic information is displayed.
Copy the client ID to a text file.
You will use this ID and the client secret value generated in the next steps to register the app as a third-party OAuth provider on your ServiceNow instance. You use the application ID as the client ID when you connect the application to your instance.
Enable the Mail.ReadWrite permission.
1. In Microsoft Azure, navigate to Manage > API permissions.
2. Select Add a permission.
3. Select the Microsoft Graph tile.
4. Select Application Permissions.
5. In the Select permissions field, enter Mail.ReadWrite.
6. Select the Mail.ReadWrite check box.
7. Select Add permissions.
Select Grant admin consent for <your organization name>.
Select Yes to confirm.
Add a client secret.
1. In Microsoft Azure, navigate to Manage > Certificates & secrets.
2. Select New client secret.
3. Provide a description and an expiration date and select Add.
Copy the value (secret value) to a text file.
Navigate to Overview > Endpoints and copy the OAuth 2.0 token endpoint (v2) to a text file.

Register an application as an OAuth provider

Use the information generated during Microsoft Azure account configuration to register an application as an OAuth provider.

Before you begin

Role required: admin

Procedure

Navigate to All > System OAuth > Application Registry.
Select New.
On the What kind of OAuth application screen, select Connect to a third-party OAuth Provider.

On the form, fill in the fields.

Table 1. Application Registries form
Field	Value required
Name	Name to uniquely identify the record.
Client ID	Application ID of the application you created in Microsoft Azure.
Client Secret	The client secret you generated when you created the application in Microsoft Azure. Note: When using certificates, the Client Secret is a dummy value.
OAuth API Script	OAuth API script name. For more information see, OAuth API Script. Note: This is required only while using certificates.
Default Grant type	Client Credentials.
Token URL	Token URL copied after configuring the Microsoft Azure account.
Redirect URL	`https://<instance>./oauth_redirect.do` Note: This URL should be the same as the URL in Microsoft Azure.

Right-click the form header and select Save.
An OAuth Entity Profile record is created.
In the OAuth Entity Scopes related list, add scopes to match the permissions you defined when you configured the application.
Select Insert a new row.
Enter Default as the name and .default as OAuth scope.
Right-click the form header and select Save.
In the OAuth Entity Profiles embedded list, select the profile created by default.
In the OAuth Entity Scopes embedded list, add a new row and select the Default scope.
Select Update.

What to do next

Create an email account for Microsoft Graph (receive) using the OAuth profile.