This article explains how to
- set up OIDC provider( Okta) on ServiceNow instance
- generate identity token using 3rd party client like POSTMAN
- make a call with identity tokens generated by a third-party OIDC provider for inbound API calls to ServiceNow.
- Please note any information regarding 3rd party OIDC provider should be obtained from the 3rd party vendor
OIDC stands for OpenID Connect (http://openid.net/connect/).
It is an authentication layer on top of OAuth 2.0
It allows clients, like ServiceNow, to verify the identity of the end user by sending the JWT token containing the end user information to OIDC provider.
1) Create free Okta developer account
2)create new application -> type -> Web
with the below settings
a)Login redirect URIs is:
b) create a user (with an email address) and associate this user to the application
4)On the ServiceNow instance
System OAuth - > Application Registry
What kind of OAuth application?
Select -> 'Configure an OIDC provider to verify ID tokens.'
b)Client ID & Client Secret from the Okta application created in step 2
<okta_developer_instance> is the developer account name created in step 1
User Claim : email
User Field : Email
9)The end point will respond with Access Token and id_token . Copy the id_token and validate it in https://jwt.io/
10)Make a call to ServiceNow REST end point with header ‘Authorization’ and value ‘Bearer <id_token>’