Steps to setup client credentials with the Resource Management spokeIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Customer's use case was to understand configuration steps that are required to authenticate and authorize access through the application itself, rather than relying on a signed-in user for Resource Management Spoke Facts<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } it's possible to use client credentials with the Resource Management spoke, provided the azure app/service principal has the necessary Azure RBAC permissions. Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } NA Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Below steps required to authenticate and authorize access through the application itself : 1. Azure Portal Configuration 1.1 Assign Contributor Role to the App Registration About the Contributor role: Grants full access to manage all resources (creation, updating, deletion), but does not allow assigning roles in Azure RBAC, managing assignments in Azure Blueprints, or sharing image galleries. Here is the list of other built‑in roles you can explore: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles. If you want granular roles instead of Contributor, please consult your Microsoft admin team for appropriate role assignment steps. To allow spoke to perform operations on Azure resources with client credential grant type: Log in to the Azure Portal.Go to the Resource Group where Automation Spoke actions should run.(You may assign at the Subscription level, but Resource Group is recommended to limit scope.)Open Access Control (IAM).Click Add → Add role assignment.Choose the Contributor role.Click Next.Under Members, select + Select members.Search for your App Registration (Service Principal).Select it → Click Select.Click Review + Assign. Your Service Principal/app now has Contributor access on the Resource Group. 2. ServiceNow Configuration 2.1 Update OAuth Settings to Client Credentials Open the record: Microsoft Azure Resource Management alias.Open the active Connection → then open the Credential attached to it.Open the linked OAuth Entity Profile.Change the Grant type to Client Credentials.Open the linked OAuth Provider record.Change its Grant type to Client Credentials as well. 2.2 Update OAuth Scopes On the OAuth Provider record, scroll to OAuth Entity Scopes.Delete all existing scopes.Create a new scope:Name: DefaultAuth scope value: https://management.azure.com/.defaultSave the OAuth Provider.Return to the OAuth Entity Profile record.In the Scopes list, delete old scopes and select the new Default scope. 2.3 Refresh Tokens Open the Manage Tokens table.Delete all existing tokens for Azure Resource Management spoke alias.Go back to the Credential record and click Refetch Token. This generates a new token using Client Credentials. 3. Test Azure Spoke ActionsAfter token refresh, execute any Azure Spoke action (e.g., Create Account, Look up Account) to confirm the setup. 4. Fix: MissingSubscriptionRegistration ErrorIf you see this error: "The subscription is not registered to use namespace 'Microsoft.Automation'". Your subscription is missing the required resource provider. 4.1 Register Microsoft.Automation Go to Azure Portal → Subscription.Open Settings → Resource providers.Search for Microsoft.Automation.Click Register. Once registered, re-run the spoke action. Note: Client Credentials is not the default grant type shipped with the Azure Spoke. Please test all actions thoroughly using Client Credentials before moving this configuration to production.