Orchestration: Azure Create User workflow Activity
Are you confused about how to integrate ServiceNow and Azure, in order to use Orchestration to use ServiceNow to create users within Azure? This is not the Multi Provider SSO, that creates users within ServiceNow. This is for using a request in ServiceNow to send data to Azure and Create the User in Azure.
I Created a new application in Azure showing you all of the APP ID's. i've already deleted this application so it does not work if you try to use it.
**Disclaimer**
I am NOT an Expert in this area. I had a need and figured it out. I went through this step by step in a new environment and was able to get the workflow working correctly.
- Login to Microsoft Azure using an account that has admin credentials.
- Click Active Directory.
- Click on App Registrations
- Create a New Application Registration
- Give it a Name Application Type: Web App / API
Sign-on URL: https://devxxxxx.service-now.com/login.do
click Create:
- Copy the Application ID and set it aside. You’ll need this data for ServiceNow.
- Click the Settings:
- Click on Properties:
- Change Multi-tenanted to “Yes”
- Click Save:
- Click on Reply URL’s
- Set any Redirect Urls that are needed. Your Production, Development, and Test Environments. make sure to have the /oauth_redirect.do at the end.
https://dev13195.service-now.com/oauth%5Fredirect.do - Click Save
- Click on Keys.
- Give the Key a Name (will only be used in Azure, This way you can tell what the key is for.
Set the Expiration Date. If you set an expiration date, the integration will fail when it expires. - Click Save to generate the key.
- Copy the Key (This will be the only time you’ll ever see this key in Azure. As soon as you leave this “blade” it will be hidden forever).
- Click Required Permissions
- Click the Windows Azure Active Directory API
- Check the “Read and write directory data” in the Application Permissions.
- Check the “Read and write directory data” in the Delegated Permissions.
- Click Save
- Click Grant Permissions
- Click Yes.
- Copy your Endpoints Information and set it aside.
ServiceNow Settings:
- Change to the Azure AD Application.
- Type “Oauth” in the filter navigator
- Under “System OAuth” click on Application Registry
- Click the Azure AD Record. (Do not Create a new One as this profile is setup for the Orchestration Events)
- Client ID: Copy the App ID that you copied from Azure.
- Client Secret: Copy the Private Key you copied from Azure.
- Authorization URL: The Link you copied from the Endpoints.
https://login.microsoftonline.com/92071890-a56d-4f26-92c0-aaa38471b9c4/oauth2/authorize
However, you need to add ?resource= {app id}
https://login.microsoftonline.com/92071890-a56d-4f26-92c0-aaa38471b9c4/oauth2/authorize?resource=2aefeea8-44ae-4747-8c6c-a20dec102c9e
- Click the OAuth Entity Profiles Tab.
- Click the Azure AD default profile to load the record.
- Double Click the Insert New Row
- Click the Magnifying Glass
- Select the Profile you just created.
- Save the record
- Type “Rest” in the filter navigator
- Click on the “Rest Message”
- Click the “Azure AD user Management” record
- Paste the Graph API link that you copied from the Azure Endpoints.
- Save the record
- Edit each record
- Enter the Graph API link that you copied from Azure Endpoints
- Update each record.replace the https://graph.windows.net/myorganization with the graph endpoint.if there is a /user/${userID} dont erase it.
- Test the OAuth Token:
https://www.servicenow.com/community/now-platform-articles/orchestration-azure-create-user-workflow-activity/ta-p/2310020
