Configuring SharePoint Online Search Connector

The ServiceNow SharePoint Online Search Connector offers a modern consumer-grade search configuration to manage your information resources.

As search is the key to productivity, SharePoint Online Search Connector (SPOC) helps your employees to search and discover content from the ServiceNow employee experience. You can index content from multiple sites, enabling employees to find the relevant information through Employee Center, Service Portal, Now Mobile app, and Virtual Agent.

Here's a step by step Instruction guide organized across two parts for configuring SharePoint Online Search Connector on your instance. The first part will cover configuring Azure configurations and the second part will cover configuring ServiceNow configurations.

Part 1: Azure Configuration

Recording

Video to access the steps - Azure Setup

* Log in to the Azure Portal.
* Navigate to "Azure services" and select "App Registrations."
- Create a new app registration or select an existing one.
* Once inside the app, note down the "Client ID" (Application ID).
- Remember that the "Tenant ID" is common for the SharePoint instance.
* In the app settings, go to "Certificates & secrets."
- Create a new client secret with a description and expiration.
- Store the generated client secret securely.[Important]
* Move to the "Certificates & secrets" tab.
- Upload the necessary certificate file (e.g., .cer file or .certificate). Follow the below steps to generate a certificate file (.jks and .cer file pairs)
- Note the "Thumbprint" of the uploaded certificate.[Store the thumbprint to be added later in the ServiceNow instance]

If you are looking for ways to generate .jks and .cer file, here are some helpful commands to generate .jks and .cer file using java keytool

keytool -genkey -alias -keyalg RSA -keystore .jks -storepass -validity 360 -keysize 2048

keytool -export -alias -file .cer -keystore .jks -storepass

You would need the jks file while later in ServiceNow configurations

* Navigate to "API permissions" within the app settings.
* Click "Add a permission" > "Microsoft Graph."
- Choose "Delegated permissions"
- Go to sites and add "Sites.Read.All" permission.
- Go to the user module and select User.read
* Click "Add permissions" > "SharePoint."
- Select "Application permissions"
- Give "Sites.FullControl.All" and "User.Read.All" permissions.[TO BE CHANGED]
* Grant admin consent for the added permissions.
* Move to the "Authentication" tab.
- In the "Redirect URIs" section, add your ServiceNow instance URL followed by "/oauth_redirect.do" or the appropriate path. Eg- https:///oauth_redirect.do
* Save your changes and ensure all required configurations are completed on the Azure portal side.

Part 2: ServiceNow Configuration

Step 1

Recording

Video to access the steps - ServiceNow Configuration Step 1

Prerequisites

Obtain the Client ID, Client Secret, and Tenant ID from the Azure application created for the connector.
Generate a Java Key Store file and a certificate to be used for authentication.
Know the SharePoint host URL.

Create Connections

Go to "Application Registry" in ServiceNow.
For more details go to "Setting up SharePoint Online" section in product documentation
Create a record for the SharePoint Rest connection:
- Name: Choose a name (e.g., SharePoint Rest).
- Client ID: Use the Azure Client ID.
- Client Secret: Use the Azure Client Secret.
- Script: Refer to script - OauthUtilSPJWTOnline
- Grant Type: Client Credential.
- Token URL: Replace Tenant ID with the tenant id captured from the azure application and add it to the url -- https://login.microsoftonline.com//oauth2/token
- Redirect URL: Use the SharePoint instance URL followed by oauth_redirect.do
- Save the record.
Create another record for the SharePoint Graph connection:
- Name: Choose a name (e.g., SharePoint Graph).
- Client ID: Use the Azure Client ID.
- Client Secret: Use the Azure Client Secret.
- No need for authorization script
- Grant Type: Authorization Code.
- Authorization URL: Replace placeholders with Tenant ID. - https://login.microsoftonline.com/ /oauth2/v2.0/authorize
- Token URL: Replace Tenant ID with the tenant id captured from the azure application and add it to the url -- https://login.microsoftonline.com//oauth2/token
- Token Revocation URL: Use the SharePoint instance URL followed by oauth_redirect.do
- Save the record.

Verify OAuth Entity Profile Table

Verify the existence of default profiles for Graph and Rest connections.

OAuth Entity Scopes Table

Create entries for Graph and Rest:

For Graph:
- Name: Choose a name (e.g., Graph Scope).
- Provider: Use the Graph application registry record which we created in first step
- Scope: Use the provided scope in documentation - offline_access https://graph.microsoft.com/Sites.ReadWrite.All
For Rest:
- Name: Choose a name (e.g., Rest Scope).
- Provider: Use the Rest application registry record.
- Scope: Use the ServiceNow instance URL followed by default. eg - https://.sharepoint.com/.default

OAuth Entity Profile Scope Table

Create entries for Graph and Rest:

For Graph:
- Profile: Choose the default Graph profile as referred to in the Step - Verify OAuth Entity Profile Table
- Scope: Choose the Graph scope created in the OAuth Entity Scopes configuration
For Rest:
- Profile: Choose the default rest profile as referred to in the Step - Verify OAuth Entity Profile Table
- Scope: Choose the Rest scope created in the OAuth Entity Scopes configuration

Step 2

Recording

Video to access the steps - ServiceNow Configuration Step 2

OAuth 2.0 Credentials

Go to "OAuth 2.0 Credentials" in ServiceNow.
Create a record for the Graph connection:
- Name: Choose a name.
- Profile: Choose the Graph profile.
Create another record for the Rest connection:
- Name: Choose a name.
- Profile: Choose the Rest profile.

Create Connections

Go to the "Connections" table.
Create an HTTPS connection for Graph:
- Name: Choose a name.
- Credential: Select the Graph credential.
- Connection Alias: Use the provided alias - sn_sp_spoke.MicrosoftSharePointGraph
- Connection URL: Use the provided URL. - https://graph.microsoft.come/v1.0/
Create another HTTPS connection for Rest:
- Name: Choose a name.
- Credential: Select the Rest credential.
- Connection Alias: Use the provided alias. - sn_sp_spoke.MicrosoftSharepointOnline
- Connection URL: Use the ServiceNow instance host URL. - https:///

Create Tenants

Go to the "Tenants" table.
Create a tenant entry for Graph:
- Alias: Use the provided alias - sn_sp_spoke.MicrosoftSharePointGraph
- Tenant ID and Resource Id is auto populated
- SharePoint Root URL: Use the provided SharePoint root URL.
- Instance – Choose instance as online

Create Tenants.png

Create another tenant entry for Rest:
- Alias: Use the provided alias. - sn_sp_spoke.MicrosoftSharePointOnline
- Tenant ID: Use the Rest tenant ID.
- SharePoint Root URL: Use the provided SharePoint root URL.

Certificates and JWT Keys

Go to "Certificate" in ServiceNow. Navigate to System Definition -> Certificates -> Microsoft SharePoint Online Certificate
Open the Microsoft SharePoint Online certificate uploaded earlier in section "Upload Certificate" above
Attach the JKS file and enter its password.
Save the record.

Note:

If glide.security.file.mime_type.validation - the value is set to true, then it won't allow the jks file to upload.

Will throw an error File type not permitted or mime type does not match the file content.

Either turn the value to false or add jks file extension in glide.attachment.extensions

JWT Keys

Go to "JWT Keys" and open the JWT key.
Enter the JKS file password and save.

JWT Providers

Go to "JWT Providers" and open the provided JWT provider record available OOB.
Update the "Aud" claim with the url provided in documentation.
Update the "iss" and "sub" claims with the Client ID.

Connection Thumbprint

Open the Rest connection.
Go to "Attributes" and enter the Thumbprint value extracted earlier.
Save the record.

Get Tokens

Go to OAuth2.0 Credentials section and use the "Get Authorization Token" related link for the Rest connection to fetch the Rest token.
Similarly, use the related link for the Graph connection to fetch the Graph token.

Step 3

Recording

Video recording can be found here - ServiceNow Configurations Step 3

EVAM Configuration

User Credential Configuration

Go to the "Connection and Credentials" table.
Open the "SharePoint Ingest User" record (an out-of-box record).
Create a new basic auth credential record:
- Name: Choose a name (e.g., SharePoint).
- Username: Specify the SharePoint user's username.
- Password: Enter the user's password.
- Ensure the user has the "ais_external_content" role assigned.

Confirm AIS Search Server is configured

Ensure an AIS server is connected and operational.

EVAM Definitions and Bundles

Go to the "EVAM Definitions" table.
Open the "ESC Portal Search" EVAM definition.
Navigate to the "M2M Bundle" tab.
Link an existing bundle, and select "SharePoint Search Bundle."[Available OOB]
Specify an order and submit the record.
Repeat the same process for "Virtual Agent Search," ensuring the proper bundle is linked.

Search Profile Configuration

Go to the "Search Profiles" table.
Open the "ESC Portal Default Search Profile" record.
In the "Search Sources" tab, link the "SharePoint" search Source.
In the same record, ensure the following:
- Set the state to "Published" for stop words and synonyms.
After making changes, publish the record.

Step 4

Recording

Recording can be found here - ServiceNow Configurations Step 4

* Perform the same steps for the Now Mobile Default Search Profile as you did for the ESC Portal Default Search Profile.
- Follow the instructions provided earlier to link the SharePoint Search Source and configure any other necessary settings.
* Go to the "Virtual Agent Default Search Engine" table.
- Open the record and update it with the following values:

Search Application Configurations.png

* In the same record, go to the specified tab.
- Add a new script for SharePoint integration.

Sharepoint connected script.png

Global Search M2M Item Configuration

Navigate to Global Search M2M Item Configuration (sys_sg_global_search_m2m_master_item) and create the following:

Global Search Configuration: Homepage Search - Catalog, Knowledge, People

Item Configuration: Sharepoint External Search Excel Main Item

Application: SharePoint Search Connector

Global Search Configuration: Homepage Search - Catalog, Knowledge, People

Item Configuration: Sharepoint External Search File Main Item

Application: SharePoint Search Connector

Global Search Configuration: Homepage Search - Catalog, Knowledge, People

Item Configuration: Sharepoint External Search HTML Main Item

Application: SharePoint Search Connector

Global Search Configuration: Homepage Search - Catalog, Knowledge, People

Item Configuration: Sharepoint External Search Pages Main View

Application: SharePoint Search Connector

Global Search Configuration: Homepage Search - Catalog, Knowledge, People

Item Configuration: Sharepoint External Search PDF Main Item

Application: SharePoint Search Connector

Global Search Configuration: Homepage Search - Catalog, Knowledge, People

Item Configuration: Sharepoint External Search PPT Main Item

Application: SharePoint Search Connector

Global Search Configuration: Homepage Search - Catalog, Knowledge, People

Item Configuration: Sharepoint External Search Site Main Item

Application: SharePoint Search Connector

Global Search Configuration: Homepage Search - Catalog, Knowledge, People

Item Configuration: Sharepoint External Search Word Main Item

Application: SharePoint Search Connector

Here is how the search results look like: