This article explains how to

• set up OIDC provider( Okta) on ServiceNow instance
• generate identity token using 3rd party client like POSTMAN
• make a call with identity tokens generated by a third-party OIDC provider for inbound API calls to ServiceNow.

OIDC stands for OpenID Connect (http://openid.net/connect/).
It is an authentication layer on top of OAuth 2.0
It allows clients, like ServiceNow, to verify the identity of the end user by sending the JWT token containing the end user information to OIDC provider.

1) Create free Okta developer account

https://developer.okta.com/signup/

2)create new application -> type -> Web

with the below settings

3)

a)Login redirect URIs is:

https://getpostman.com/oauth2/callback

b) create a user (with an email address) and associate this user to the application

4)On the ServiceNow instance
System OAuth - > Application Registry

What kind of OAuth application?
Select -> 'Configure an OIDC provider to verify ID tokens.'

5)

a)Provide Name

b)Client ID & Client Secret from the Okta application created in step 2

c)OAuth OIDC Provider Configuration-> Click on Magnifying glass-> New

OIDC Metadata URL ->

https://<okta_developer_instance>-admin.oktapreview.com/.well-known/openid-configuration

<okta_developer_instance> is the developer account name created in step 1

for example:

https://dev-735661-admin.oktapreview.com/.well-known/openid-configuration

User Claim : email

User Field : Email

 Please check the below screenshots:

 

 

6) Create a user in sys_user table to have an email matching the user created in step 3 (b)

 

7) To generate ID token:

From the POST MAN REST Client click on OAuth 2.0 -> Authoriztion-> Get New Access Token . Fill in the details to match the configuration done above . Sample call -

9)The end point will respond with Access Token and id_token . Copy the id_token and validate it in https://jwt.io/

10)Make a call to ServiceNow REST end point with header ‘Authorization’ and value ‘Bearer <id_token>’