On Salesforce end
- From your Salesforce account, create a connected app.
- Configure the connected app to enable your Salesforce application to share data with your ServiceNow instance.
- Select Enable OAuth Settings and configure the authentication settings.
- Select Use Digital Signatures and upload a Java KeyStore (JKS) certificate.
- Select the OAuth scopes:
- Access and manage your data (api)
- Perform requests on your behalf at any time (refresh_token, offline_access)
- Specify ServiceNow instance URL in Callback URL in this format: https://<instance-name>.service-now.com/oauth_redirect.do
- After creating the connected app, under OAuth Policies on the Edit Policies page, set these values:
|Permitted Users||Admin approved users are pre-authorized|
|IP Restrictions||Relax IP Restrictions|
- Record the values of Consumer Key (client_id) and Consumer Secret (client_secret).
- Configure user provisioning for the connected app as per your requirement
- Manage the connected app and add the profile of the user
On ServiceNow Instance end
- Attach a Java Key Store certificate to the Salesforce spoke (follow documentation for all field/steps)
- System Definition > Certificates > New
|Type||Java Key Store|
|Key store password||Password associated with the certificate.|
- Click the attachments icon (Attachments icon) and attach a JKS certificate.
- Click Validate Stores/Certificates to validate the certificate.
- Create a JWT signing key for the Salesforce spoke (follow documentation for all field/steps)
- System OAuth > JWT Keys > New
|Name||Salesforce JWT Keys|
|Signing Keystore||Valid JKS certificate attached in the previous task. For example, Salesforce Certificate.|
|Signing Algorithm||Algorithm to sign with the JWT key.|
|Signing Key Password||Password associated with the signing key.|
- Click Submit.
- Create a JWT provider for the Salesforce spoke (follow documentation for all field/steps)
- System OAuth > JWT Providers > New
|Name||Salesforce JWT Provider|
|Signing Configuration||JWT signing key from the previous step. For example, Salesforce JWT Keys|
- Right-click the form header, and click Save.
The Standard Claims and Custom Claims related lists are displayed.
- In the Standard Claims related list, enter values for iss, sub, and aud.
- Click Update.
- Register Salesforce as an OAuth Provider (follow documentation for all field/steps)
- System OAuth > Application Registry > New (What kind of OAuth application? > Connect to a third party OAuth Provider)
- Save the form.
- The system validates the OAuth credentials and populates the Redirect URLfield.
- The system populates OAuth Entity Profile with Grant Type as JWT Bearer. For example, OAuth Entity Profile is created with default Name, Salesforce JWT provider default_profile.
- Click Update.
- Create credential records for the Salesforce spoke (Test - Get OAuth Token)
- Connections & Credentials > Credentials > New
|OAuth Entity Profile||OAuth profile that you created when you registered the Salesforce connected app as an OAuth provider. For example, select Salesforce OAuth default_profile.|
- Save the record.
- Test - Get OAuth Token
- RESULT : OAuth token flow completed successfully