OAuth 2.0 credentials

  • Release version: Yokohama
  • Updated June 16, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of OAuth 2.0 credentials

    OAuth 2.0 credentials in ServiceNow enable secure access to user accounts on HTTP services by obtaining OAuth tokens. These credentials are configured in a dedicated form, allowing you to manage authentication for integrations with third-party OAuth providers, either on-premise or cloud-based.

    Show full answer Show less

    Key Features

    • Name: Assign a unique, descriptive identifier to each OAuth 2.0 credential for easy reference.
    • Active Status: Activate or deactivate credentials as needed.
    • OAuth Entity Profile: Defines the grant type (such as Client Credentials, Authorization Code, or Resource Owner Password Credentials) and scopes required for the OAuth flow.
    • Connect to Auth Server via MID Server: Enables routing OAuth token requests through a MID Server to connect securely to on-premise or cloud OAuth servers behind firewalls. This option is available only for certain grant types.
    • Applies to: Specifies whether the credential applies to all MID Servers or particular ones, ensuring proper communication between the selected MID Servers and the Auth server for token requests.
    • Order: Determines the sequence in which Discovery attempts to use credentials, which is important for managing login attempts and avoiding lockouts.
    • Credential Alias: Associates an alias to the OAuth credential for streamlined identification.
    • Integration Type: Defines whether the OAuth token is system-wide or user-specific:
      • System: Retrieves tokens based on a requester profile, supporting SAML and JWT authentication.
      • Personal: Retrieves user-specific tokens, requiring the MID Server user to have the oauthadmin role. Supports Authorization Code and Resource Owner Password Credentials grant types.

    Important Considerations

    • When using the MID Server connection option, ensure all selected MID Servers have status "Up," are validated, and have the REST or ALL capability to successfully communicate with the Auth server.
    • User-specific OAuth tokens require the Integration Type to be set to Personal. To use session user tokens in flows, configure the Run As property accordingly.
    • Credential ordering helps avoid login issues by prioritizing credential usage during authentication attempts.

    Practical Benefits for ServiceNow Customers

    By configuring OAuth 2.0 credentials properly, you can securely integrate ServiceNow with external HTTP services requiring OAuth authentication. Leveraging MID Servers for token requests ensures connectivity in complex network environments, while fine-grained control over integration types allows for both system-wide and user-specific access. This setup enhances security and flexibility in managing API integrations and user authentication flows.

    OAuth 2.0 credentials enable ServiceNow to obtain access to user accounts on an HTTP service.

    These fields are available in the Credentials form for OAuth 2.0.
    Table 1. OAuth 2.0 credentials form
    Field Input value
    Name Enter a unique and descriptive name for this credential. For example, you might call it OAuth2 credential.
    Active Specify whether this credential is active.
    OAuth Entity Profile An OAuth profile is a combination of a grant type and at least one scope.
    Connect to Auth Server via MID Server Connects your ServiceNow instance to an on-premise OAuth server that resides behind a firewall through a MID Server. It can also connect your ServiceNow instance to a cloud-based OAuth server through a MID server. When this option is enabled, the request for an OAuth token is sent through the MID Server.
    Important:
    • The option appears when the value in the Grant type field in the OAuth Entity Profile is set to eitherClient Credentials, Authorization Code, or Resource Owner Password Credentials. To learn how to set an OAuth entity profile for a third-party OAuth provider, see Connect to a third-party OAuth provider.
    • If you select the Connect to Auth Server via MID Server checkbox, you must identify the required MID Server or MID Servers from the Applies to list.
    Applies to

    Specify if the credential record is applicable for all MID Servers, or a specific MID Server. If specific, add the MID servers as necessary.

    Important:

    Ensure that you are aware of these considerations if you have selected the Connect to Auth Server via MID Server check box.
    Order

    Order (sequence) in which Discovery tries this credential as it attempts to log on to devices. The smaller the number, the higher in the list this credential appears. Establish credential order when using large numbers of credentials or when security locks out users after three failed login attempts. If all the credentials have the same order number (or none), the instance tries the credentials in a random order.
    Credential alias Specify the credential alias that you want to tie to the OAuth 2.0 credential.
    Integration Type Indicates the integration type for the credential. Invoke an API of a third-party with an OAuth request that generates an OAuth token that is system or user specific. Following are the integration types:
    • System: Pull the token information based on the requester profile. The System integration type supports the following authentication mechanisms:
      1. Security Assertion Markup Language (SAML)
      2. JSON Web Token (JWT)
    • Personal: Pull the token information that is user-specific. The MID Server user must have the oauth_admin role. The Personal and System integration types support the following grant types:
      1. Authorization Code
      2. Resource Owner Password Credentials

    If this Personal is selected on the OAuth Requestor Profile page, an additional flag called as Personal is displayed.

    Note:
    • Any information that is related to a user can only be accessed with user-specific OAuth tokens with the Integration Type as Personal.
    • To use the session user-related token, you have to select the Run As filed in the Flow properties as User who initiates session.