Integrate your Salesforce account with your ServiceNow instance. Create a custom OAuth application in Salesforce and authenticate requests from ServiceNow.

Before you begin

  • Request an Integration Hub subscription
  • Activate Salesforce spoke
  • Role required: admin
Note: Two spoke setup procedures are outlined here. Perform one of the procedures as per your requirement.
Note: Don't delete the default connection alias record. This can result in an unexpected behavior. Configure your connection using the default connection alias.

Create a connected app in Salesforce

Create a connected app in your Salesforce account to enable OAuth 2.0 authentication with the Salesforce spoke.

Before you begin

  • Salesforce account
  • Role required: Salesforce admin

About this task

Complete these steps from your Salesforce account. See Create a Connected App in Salesforce Trailblazer forum documentation for instructions on creating and configuring connected apps.

Procedure

  1. From your Salesforce account, create a connected app.
  2. Configure the connected app to enable your Salesforce application to share data with your ServiceNow instance.
    1. Select Enable OAuth Settings and configure the authentication settings.
    2. If you want to set up the spoke using JWT signing key, select Use Digital Signatures and upload a Java KeyStore (JKS) certificate.
    3. Select the OAuth scopes:
      • Access and manage your data (api)
      • Perform requests on your behalf at any time (refresh_token, offline_access)
    4. Specify ServiceNow instance URL in Callback URL in this format: https://<instance-name>.service-now.com/oauth_redirect.do
    5. After creating the connected app, under OAuth Policies on the Edit Policies page, set these values:
      Field Value
      Permitted Users Admin approved users are pre-authorized
      IP Restrictions Relax IP Restrictions
    6. Configure user provisioning for the connected app as per your requirement.
  3. Record the values of Consumer Key and Consumer Secret.
    Note:
    • Assign profile and permission set as per your requirement.
    • In OAuth app IP restrictions, specify OAuth policies to ensure that the connected app works like a default app.

Result

The connected app is created in Salesforce.

Option 1: Set up the Salesforce spoke using OAuth authorization template

Integrate your Salesforce account with your ServiceNow instance. Create a custom OAuth application in Salesforce and authenticate requests from ServiceNow using OAuth authorization template.

Before you begin

Procedure

  1. Navigate to Connection & Credentials > Connection & Credential Aliases.
  2. Open the record, Salesforce.
  3. Click the Create New Connection & Credential related link.
  4. On the form, fill these values.
  5. Click Create and Get OAuth Token.
    The OAuth2 authentication dialog box is displayed.
  6. Log in to the Salesforce admin account that you used to create your Salesforce application.
    Your ServiceNow instance creates an OAuth token for Salesforce and then automatically returns you to the Integration Profile form.
  7. Click Publish.

Option 2: Set up the Salesforce spoke using JWT signing key

Integrate your Salesforce account with your ServiceNow instance. Create a custom OAuth application in Salesforce and authenticate requests from ServiceNow using JWT signing key.

Before you begin

Attach a Java Key Store certificate to the Salesforce spoke

Enable the JSON Web Token (JWT) Bearer Grant token authentication by attaching a valid Java KeyStore (JKS) certificate to the Salesforce spoke.

Before you begin

  • Valid Java KeyStore certificate
  • Role required: admin

Procedure

  1. Navigate to All > System Definition > Certificates.
  2. Click New.
  3. On the form, fill in the fields.
  4. Click the attachments icon (Attachments icon) and attach a JKS certificate.
  5. Click Validate Stores/Certificates.

Result

The JKS certificate is created and attached to the Salesforce spoke.

Create a JWT signing key for the Salesforce spoke

Create a JSON Web Token (JWT) signing key to assign to your Java KeyStore certificate.

Before you begin

Role required: admin

Procedure

  1. Navigate to All > System OAuth > JWT Keys.
  2. Click New.
  3. On the form, fill in the fields.
  4. Click Submit.

Result

The JWT key is created and assigned to the JKS certificate.

Create a JWT provider for the Salesforce spoke

Add a JSON Web Token (JWT) provider to your ServiceNow instance.

Before you begin

Role required: admin

Procedure

  1. Navigate to All > System OAuth > JWT Providers.
  2. Click New.
  3. On the form, fill in the fields.
    Table 4. JWT Provider form
    Field Description
    Name Name to uniquely identify the JWT provider. For example, Salesforce JWT Provider.
    Expiry Interval (sec) Number, in seconds, to set the lifespan of JWT provider tokens.
    Signing Configuration JWT signing key from the previous step. For example, Salesforce JWT Keys.
  4. Right-click the form header, and click Save.
    The Standard Claims and Custom Claims related lists are displayed.
  5. In the Standard Claims related list, enter values for iss, sub, and aud.
  6. Click Update.

Result

The JWT provider is added to your ServiceNow instance.

Register Salesforce as an OAuth Provider

Use the information generated during Salesforce connected app configuration to register Salesforce as an OAuth provider and enable the instance to request OAuth 2.0 tokens.

Before you begin

Role required: admin

Procedure

  1. Navigate to All > System OAuth > Application Registry.
  2. Click New.
    The system displays the message What kind of OAuth application?
  3. Select Connect to a third party OAuth Provider.
    The system displays a blank Application Registries form.
  4. On the form, fill in the fields.
  5. Right-click the form header, and click Save.
    • The system validates the OAuth credentials and populates the Redirect URL field.
    • The system populates OAuth Entity Profile with Grant Type as JWT Bearer. For example, OAuth Entity Profile is created with default Name, Salesforce JWT provider default_profile .
  6. Copy the value from the Redirect URL field.
  7. Click Update.
  8. Log in to your Salesforce account to edit the configuration of your connected app.
    See the Salesforce Trailblazer forum documentation for instructions.
  9. Paste the Redirect URL value into the Callback URL of your Salesforce connected app.
    For example, paste https://<instance-name>.service-now.com/oauth_redirect.do.

Result

The instance can request OAuth 2.0 tokens for the Salesforce spoke.
Note: When an OAuth token expires, the spoke automatically regenerates a new token in most cases. If a token expires and is not regenerated, a user with the admin role can regenerate the spoke OAuth token.

Create credential records for the Salesforce spoke

Create Credential records for the Salesforce connected app that you created. The Salesforce spoke connection and credential alias use these credentials to authorize actions.

Before you begin

Role required: admin

Procedure

  1. Navigate to All > Connections & Credentials > Credentials.
  2. Click New.
    The system displays the message What type of Credentials would you like to create? .
  3. Select OAuth 2.0 Credentials.
    The pop-up window displays a blank OAuth 2.0 Credentials form.
  4. On the form, fill in the fields.
  5. Save the record.
  6. Click the Get OAuth Token related link to generate the OAuth token.

Result

The credential record for the Salesforce spoke is created.

Create connection records for the Salesforce spoke

Create connection records for your Salesforce account. The Salesforce spoke connection and credential alias use these connections to perform actions in Salesforce.

Before you begin

Role required: admin

Procedure

  1. Navigate to All > Connections & Credentials > Connection & Credential Aliases.
  2. Open for the record for Salesforce.
  3. On the Connections tab, click New.
    The system displays a blank HTTP(s) Connection form.
  4. Enter these values.
  5. Right-click the form header and click Save.
  6. Ensure that api_version is set v48.0 in the Attributes related list.

Result

The Salesforce spoke is set up and integrated with the ServiceNow instance.