Connecting CNO for Visibility using the OAuth ProtocolCNO for visibility deployment includes a pod that is running in the Kubernetes cluster and reports to the ServiceNow instance. By default, this pod authenticates using basic authentication. However, it is possible to configure it to use the OAuth protocol. OAuth2.0 is considered more secure than basic authentication since the user’s credentials are not sent on every call. Instead, the instance issues an access token with expiry time. The OAuth Flow The flow is described in the diagram below. The CNO pod (a.k.a informer) is first sending a request with user, password, client_id and client_secret. The instance responds with access token and refresh token. From now on only the access token is being sent, until it is about to expire. At that point the refresh token is sent and we obtain a new access token. When the refresh token expires, we send the full credentials again and obtain new tokens. Setup the Instance In order to connect to the instance using OAuth, you need to navigate to “Application Registries”, add a record and get the “Client ID” and “Client Secret”. For more details refer to ServiceNow Official documentation. More details here. Installing the Informer When creating the instance credentials secret, in addition to the user and password, you need to pass the client ID and client secret obtained on the instance. In the following command replace INSTANCE_NAME, NAMESPACE, USERNAME, PASSWORD, CLIENT_ID, CLIENT_SECRET kubectl create secret generic k8s-informer-cred-INSTANCE_NAME --from-literal=.user=USERNAME --from-literal=.password=PASSWORD --from-literal=.client_id=CLIENT_ID --from-literal=.client_secret=CLIENT_SECRET -n NAMESPACE Alternatively, you can provide the credentials in the Helm command: helm install -n NAMESPACE --set acceptEula=Y --set instance.name=INSTANCE_NAME --set clusterName="CLUSTER_NAME" --set instanceCredentials.username=USERNAME --set instanceCredentials.password=PASSWORD --set instanceCredentials.clientId=CLIENT_ID --set instanceCredentials.clientSecret=CLIENT_SECRET k8s-informer HELM_CHART_URL