Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Use a third-party OAuth provider

Log in to subscribe to topics and get notified when content changes.

Use a third-party OAuth provider

Create an OAuth application registry that specifies the OAuth provider.

Before you begin

Role required: admin


  1. Navigate to System OAuth > Application Registry.
  2. Click New.
  3. On the interceptor page, click Connect to a third party OAuth Provider.
  4. Fill out the fields, as appropriate (see table).
  5. Click Submit. The record is saved in the Application Registries [oauth_entity] table.
    The OAuth provider view
    Table 1. Application Registries (OAuth Provider view)
    Field Description
    Name A unique name identifying the application you are requiring OAuth access for.
    Client ID The unique ID of the application. The instance uses the client ID when requesting an access token. If you are accessing an application on another ServiceNow instance, you must use the same Client ID on that instance, as specified in the Application Registry record that you created as the endpoint.
    Client Secret [Required] The shared secret string the instance and the application use to authorize communications with one another. The instance uses the client secret when requesting an access token. Enter a string.
    OAuth API Script The script used to customize the request and response to the third-party OAuth provider. The script name must have the prefix OAuth.
    Logo URL The URL containing an image to use as the application logo.
    Default Grant Type The type of grant:
    • Authorization code: The code granted to the client to obtain an access token, which is then used to obtain access to the resource. You need to enter a value in the Authorization URL field if you select this option.
    • Resource owner password credentials: The user name and password of the user trying to obtain access to the resource.
    • Client Credentials: The client ID and client secret, which are both used to get the access token. This method does not provide access to a refresh token. This option is available starting with the Helsinki release.
    Refresh Token Lifespan The refresh token lifespan in seconds.
    Accessible from The application scope that this registry is accessible from.
    Active A check box for indicating that the instance can authorize access to the application. Only active applications can request access tokens.
    Authorization URL The URL of the endpoint to authorize the user if you are using the Authorization code grant type.
    Token URL The location of the token endpoint that the instance uses to retrieve and refresh tokens.
    Redirect URL The application endpoint that receives the authorization code. Leave this field empty to have the instance automatically generate this URL.
    Token Revocation URL The location of the endpoint that the instance uses to revoke the token.
    Comments Any additional information you want to associate with this application.
    Embedded lists
    OAuth Entity Profiles The profiles associated with the OAuth provider. The profile includes the grant type. Click the profile name to go to the OAuth Entity Profile form.
    OAuth Entity Scopes The entity scopes associated with the OAuth provider. The scope identifies the services the application has access to. Click the scope name to go to the OAuth Entity Scope form.


After you create the third-party application registry, the system automatically generates a default profile using the specified grant type, but without any scopes. You can create additional profiles, each with scopes.