Salesforce Spoke Integration with ServiceNow using JWTSummaryOn Salesforce end From your Salesforce account, create a connected app.Configure the connected app to enable your Salesforce application to share data with your ServiceNow instance. Select Enable OAuth Settings and configure the authentication settings.Select Use Digital Signatures and upload a Java KeyStore (JKS) certificate.Select the OAuth scopes: Access and manage your data (api)Perform requests on your behalf at any time (refresh_token, offline_access) Specify ServiceNow instance URL in Callback URL in this format: https://<instance-name>.service-now.com/oauth_redirect.do After creating the connected app, under OAuth Policies on the Edit Policies page, set these values: FieldValuePermitted UsersAdmin approved users are pre-authorizedIP RestrictionsRelax IP Restrictions Record the values of Consumer Key (client_id) and Consumer Secret (client_secret).Configure user provisioning for the connected app as per your requirement Manage the connected app and add the profile of the user On ServiceNow Instance end Attach a Java Key Store certificate to the Salesforce spoke (follow documentation for all field/steps) System Definition > Certificates > New FieldDescriptionNameSalesforce CertificateTypeJava Key StoreKey store passwordPassword associated with the certificate. Click the attachments icon (Attachments icon) and attach a JKS certificate.Click Validate Stores/Certificates to validate the certificate. Create a JWT signing key for the Salesforce spoke (follow documentation for all field/steps) System OAuth > JWT Keys > New FieldDescriptionNameSalesforce JWT KeysSigning KeystoreValid JKS certificate attached in the previous task. For example, Salesforce Certificate.Signing AlgorithmAlgorithm to sign with the JWT key.Signing Key PasswordPassword associated with the signing key. Click Submit. Create a JWT provider for the Salesforce spoke (follow documentation for all field/steps) System OAuth > JWT Providers > New FieldDescriptionNameSalesforce JWT ProviderSigning ConfigurationJWT signing key from the previous step. For example, Salesforce JWT Keys Right-click the form header, and click Save.The Standard Claims and Custom Claims related lists are displayed.In the Standard Claims related list, enter values for iss, sub, and aud. NameDescriptionissclient_id of the connected app (from Salesforce)subusername of the user (Salesforce)audUse the authorization server’s URL for the audience value: https://login.salesforce.com, https://test.salesforce.com, or https://site.force.com/customers Click Update. Register Salesforce as an OAuth Provider (follow documentation for all field/steps) System OAuth > Application Registry > New (What kind of OAuth application? > Connect to a third party OAuth Provider) NameDescriptionNameSalesforce OAuthClient IDConsumer key that you generated during the Salesforce connected app configurationClient SecretConsumer secret that you generated during the Salesforce connected app configuration.Token URLOAuth server token endpoint. For production instance, enter https://login.salesforce.com/services/oauth2/token.For sandbox instance, enter https://test.salesforce.com/services/oauth2/token Default Grant typeJWT Bearer Save the form.The system validates the OAuth credentials and populates the Redirect URLfield. The system populates OAuth Entity Profile with Grant Type as JWT Bearer. For example, OAuth Entity Profile is created with default Name, Salesforce JWT provider default_profile. Click Update. Create credential records for the Salesforce spoke (Test - Get OAuth Token) Connections & Credentials > Credentials > New NameDescriptionNameSalesforce CredentialsOAuth Entity ProfileOAuth profile that you created when you registered the Salesforce connected app as an OAuth provider. For example, select Salesforce OAuth default_profile. Save the record.Test - Get OAuth TokenRESULT : OAuth token flow completed successfully