Understanding OAuth OIDC Authentication for Outlook Actionable MessagesIssue This articles explains the authentication flow between Outlook and ServiceNow when using Outlook Actionable Messages plugin. When the plugin is activated, two of the main components installed are: OAuth OIDC Entity - Outlook ActionableOIDC Provider - Microsoft Office Upon activation of the plugin, a fix script named 'Change client_id for OAM' is executed which sets the client_id and client_secret for the 'Outlook Actionable' OIDC Entity. The client_id is set to the instance URL like this:https://<instance-name>.service-now.com The client_secret is an auto-generated secure random string. The next section discusses in detail on how the authentication between Outlook and ServiceNow is performed when a user performs an operation on the actionable message on Outlook client. OAuth OIDC Authentication between Outlook and ServiceNow When a user performs an operation on either the approval or survey actionable message, a POST REST API call is made to a scripted REST API with a JWT token. The instance then gets the public key from the Microsoft Office well-known config and validates the JWT token. Based on the configurations in the OIDC Provider 'Microsoft Office', the value from the User claim specified ('sub' by default) is retrieved and queried on the sys_user to find the user with that value in the user field specified ('email' by default). Once the user is found, a new session is established, the request is processed and a response with updated values is sent back to Outlook. Related LinksEmbed an approval request within the Outlook email client Embed a survey within the Outlook email client