STEP 19: And create scope as shown below and then "Submit" your form:

STEP 20: After submitting, click "OAuth Entity Profiles" and select default_profile.

STEP 21: If not already automatically added after you submit the record, manually add the two Entry Scopes which you just added:

STEP 22: Now it is time to create our credentials. Search for "credentials" and go to "IntegrationHub -> Connections & Credentials -> Credentials". Under "Credentials" page click "New" to create a new credentials:

STEP 23: Select "OAuth 2.0 Credentials"

STEP 24: And fill the form with appropriate details: a) Name: Name of the credentials b) OAuth Entry Profile: Select the Application Registry default profile which you have created in above step. c) Client Secret: Copied from above

Click "Submit":

STEP 25: Click "Get OAuth token" to generate and get your token:

STEP 26: A pop-up window will open. Give consent and "Accept":

STEP 27: And your token is ready to use:

STEP 28: A quick detour! Remember, our goal is being able to use Azure AD Spoke. So let's take a look at it to understand how it is going to use the token we just created. For this we need to "Flow Designer". Search for "integration" and go to "IntegrationHub -> Action Designer":

STEP 29: Once we're there, click "Actions" and search for actions under "Microsoft Azure AD Spoke" application:

STEP 30: Let's pick one to see how it authenticate itself; "Look Up User ID" for example:

STEP 31: In the action, we're looking for a "REST Step" where we make our rest API call. In this particular action, it is "Lookup User". Under "Connection Details" of this step we can see that the step uses a "Connection Alias" called "sn_azure_ad_spoke.AzureAD":

STEP 32: Now let's see where we can find that connection alias and how is it connected to our token. In the application navigator, search for "Connections & Credentials" and then go to "Connections & Credentials -> Connections & Credentials Aliases". Here we can see sn_azure_ad_spoke.AzureAD as the ID of the "AzureAD" connection alias. Now we need open it to add our connection with the right token:

STEP 33: In the "Connections" tab click on the "New" button:

STEP 34: And fill the form with appropriate details: a) Name: Name of the connection b) Select the credential you've created

c) Connection URL: https://graph.microsoft.com

Click on "Update"

STEP 35: At this point if we try to run our flow, we get the error below:

STEP 36: We still have a couple steps to take. We don’t have LDAP integration so we need to create a test user manually but without a password; a user we already have in Azure AD, in this case our main user:

STEP 37: We also need to create a new application in Azure AD for SSO integration. For that, we need to go back to our Azure AD and then "Enterprise applications -> All applications -> New application":

STEP 38: Give a name and "Add":

STEP 39: Under the application go to "Single sign-on" and select "SAML":

STEP 40: Copy/download the details below for further use and click "Test" to test SSO integration:

STEP 41: It looks like we also need to add our user to the application we just create:

STEP 42: To do that, we need to go to "Users and groups" under our application and "Add user":

STEP 43: If we go back and test SSO again, now it should work:

We should click the "Activate" button to activate SSO between Azure AD and our ServiceNow instance as stated in the "SSO Test Connection Summary" message.

STEP 44: Let's go back to flow designer and run our test flow again. We still have permission relate issues:

STEP 45 : To fix that, we need to go back to the app registration we created at the beginning and grant permissions:

STEP 46: Under the app registration go to "Settings -> Required permissions -> Microsoft Graph":

STEP 47: And "Grant permissions":

STEP 48: Since we changed permissions, we also need to refresh our OAuth token with the new permissions:

STEP 49: If we run our flow again, now it works and Look Up User ID action returns the user ID that It found in Azure AD:

In a separate article, I'll also explain how we can create an example demo flow in flow designer with which we can onboard and offboard users on Azure AD using Integration Hub Azure AD Spoke.