Configure authentication for Microsoft 365 support integration with ServiceNow

Prerequisites

These prerequisite steps are required to set up Microsoft 365 support integration.

Azure Active Directory administrator

  1. [AAD Admin] Create Azure AD Application for Outbound under your Microsoft 365 tenant.

    1. Log on to the Azure Portal with your Microsoft 365 tenant credentials and go to the App registrations page to create a new application.

    2. Select Accounts in this organizational directory only ({Microsoft-365-tenant-name} only – Single tenant) and select Register.

      Select Register.

  2. Go to Authentication and select Add a platform. Select the Web option and enter the redirect URL: https://{your-servicenow-instance``}.service-now.com/oauth_redirect.do

    Select Add a platform and the redirect URL.

  3. Get the Application Client ID and create a Client secret and get that value.

  4. [ServiceNow Admin] Set up the Outbound OAuth Provider in ServiceNow.

    If the scope is not set to Global, go to Settings > Developer > Applications and switch to Global.

    Switch to Global.

  5. Go to System OAuth > Application Registry.

  6. Create a new application by using the Connect to a third party OAuth Provider option and entering these values:

    • Client ID: This is the Client ID of the application created in step #1.

    • Client Secret: This is the Client Secret value of the application created in step #3.

    • Default Grant type: Client Credentials

    • Token URL: https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token

    • Redirect URL: https://{service-now-instance-name``}.service-now.com/auth_redirect.do

[OPTIONAL] Allow the service’s IP addresses to Microsoft 365 support integration

If your company is limiting internet access with your own policies, enable network access for the service of Microsoft 365 support integration by allowing the IP addresses below for both inbound and outbound API access:

  • 52.149.152.32

  • 40.83.232.243

  • 40.83.114.39

  • 13.76.138.31

  • 13.79.229.170

  • 20.105.151.142

Note

This terminal command lists all active IPs of the service for Microsoft 365 support integration: nslookup`` connector.rave.microsoft.com

Configure the Microsoft 365 support integration application

These steps are required to set up the integration between your ServiceNow instance and Microsoft 365 support.

To open the Microsoft 365 support integration setup wizard, type Microsoft 365 in the ServiceNow navigator and select Setup.

Steps performed by a ServiceNow administrator

  1. Switch the scope to Microsoft 365 support integration.

    Switch the Application to Microsoft 365 support integration.

  2. Go to Microsoft 365 Support > Setup to open the integration workflow.

    Note

    If you see the error "Read operation against 'oauth_entity' from scope 'x_mioms_m365_assis' has been refused due to the table’s cross-scope access policy," it was caused by your table access policy. You must make sure All application scopes > Can read is checked for the table oauth_entity.

    Make sure All application scopes is selected.

  3. Select Agree to continue.

    Select Agree.

  4. Configure the environment and start the setup.

    If this installation is on a test environment, select the option This is a test environment. You can disable this option after the setup and your tests are completed later.

    Start setup.

  5. Enter your Microsoft 365 tenant domain.

    Enter tenant domain.

  6. Configure authentication settings.

    1. Register the Azure Active Directory (AAD) app.

    2. After completing the instructions in the prerequisites section, select Done. Otherwise, follow the instructions in the wizard to create the necessary application registration in AAD.

      Register the AAD app.

    3. Register the ServiceNow OAuth app.

    4. After completing the instructions in the prerequisites section, select the newly created OAuth application registration and select Next. Otherwise, follow the instructions to create the entity in ServiceNow, and then select the new application registration.

      Register the ServiceNow OAuth app.

Steps performed by a Microsoft 365 administrator in the Microsoft 365 admin portal

Note

Do not select Test setup before the Microsoft 365 administrator finishes performing the next steps.

Verify that the following information is correct.

Verify that the information in this screenshot is correct.

Note

The following steps configure the Microsoft 365 support integration for ServiceNow application version 2.0.0 and later. If you've installed version 1.0.11 or earlier, you can't configure a new installation of the application.

  1. Configure the support integration settings:

    Select the Basic information tab > Internal support tool > ServiceNow, and enter the Outbound App ID value in the Application ID to issue Auth Token field. This Outbound App ID is on Step 6 – Complete the Integration, which was created in Prerequisite step #1.

    Configure support integration settings.

    • On the Repositories tab, select New repository and update it with the following settings:

      If you have version 1.0.11 or earlier installed, you must upgrade the application to version 2.0.0 or later.

      Update the new repository.

    • Repository: The Repository ID value from Step 6 – Complete the Integration, which was created in Prerequisite step #1.
      Endpoint: The Endpoint value from Step 6 – Complete the Integration, which was created in Prerequisite step #1.

      Complete the integration by setting Repository and Endpoint.

  2. Select Save.

Steps performed in ServiceNow by a ServiceNow administrator.

A ServiceNow administrator tests the connection and completes the setup.

  • To complete the setup, go back to your ServiceNow instance and select Test setup.

Test setup

The Microsoft 365 support integration app executes tests to make sure the integration is working. If there's a problem with the configuration, an error message explains what needs to be fixed. Otherwise, the application is ready.

Setup validation successful.

Enable Microsoft support integration for an existing user

Microsoft 365 support integration is enabled for the user with one of these roles:

  • x_mioms_m365_assis.insights_user

  • x_mioms_m365_assis.administrator

If any user has the role x_mioms_m365_assis.administrator and is using different Microsoft 365 accounts to manage a Microsoft 365 support case, they must set up their Microsoft 365 admin email by going to Microsoft 365 support > Link Account.

Graphical user interface, text, application, chat or text message Description automatically generated