The fastest and simplest way to authenticate with Azure AD end-to-end

The fastest and simplest way to authenticate with Azure AD end-to-end

Learn how to enable bidirectional synchronization of records between Microsoft Azure DevOps and ServiceNow® Agile Development 2.0 by integrating the two applications. This is possibly the fastest and simplest way to authenticate with Microsoft Azure end-to-end.

Table of contents

  1. Introduction
  2. Prerequisites
  3. Principles of Software testing
  4. Security 
  5. Summary

Introduction

ServiceNow has created basic SAML (Security Assertion Mark-up Language) authentication for Azure AD users to allow specific users to login using their Azure credentials, but unfortunately in & out data flow configuration through API is scattered across different tables and not intuitive enough to quickly setup API integration for example to update CMDB entries.

Installation of proper spoke in the IntegrationHub kind of solves the problem. However some data cannot be gathered from Azure spokes, or type of authentication is not granting proper access to particular resources. That is why, to workaround such a case, we need to go through oauth with additional bearer token authentication. Another advantage of the solution is that any resources can be accessible this way, even without installing additional spokes, but it still requires proper permissions and roles from the Azure side.

Prerequisites

First, and the most important thing to start with when creating this solution on ServiceNow level, is to make sure that the azure admin is properly set up with all permissions and roles required to read or manipulate specific data. It’s very important because we, and azure admins, have to differentiate between delegated and application permissions. The first one requires initiating a session by properly granted users. For the application permission however, any user can access data, but the API requests must be sent from the one of the granted applications - in our case from the ServiceNow instance. Before you start doing proper configuration, you need to understand the requirements and agree with your team which way is actually better for your setup.

Another thing that is not “must have”, but really helpful for dealing with API calls, is to have an IntegrationHub license which is not a starter.
This will make the whole process much easier to develop instead of using normal and free actions. OOTB starter subscription doesn’t process REST calls, but you can do via scripted restmessagev2 call using script step within the action.

Another smart move is to get any API builder platform such as Postman, which will help you test the endpoints and API calls.

To continue reading, click here to download the whitepaper (no registration).

Whitepaper - The Cloud People - ServiceNow-MS Azure

Related blog posts

Content Item - a simple way to share data with the End Users

Content Item - a simple way to share data with the End Users

How to create a Content Item? A simple solution that provides data such as KB articles or redirection links to the necessary information for the End...

Custom Applications in ServiceNow

Custom Applications in ServiceNow

Replace manual work with custom applications in ServiceNow. This blog introduces custom applications in ServiceNow and what you should be aware of...

Common Service Data Model 4.0 - What has changed?

Common Service Data Model 4.0 - What has changed?

With the release of Tokyo, ServiceNow published a new version of the CSDM framework. Many of you might wonder what the key differences are to the...