Informative Technical Content

Dive into deep insights and technical expertise 😎

Sunday, November 30, 2025

Home » , , , , , » How to Generate the Correct OneDrive OAuth Token in ServiceNow

How to Generate the Correct OneDrive OAuth Token in ServiceNow

No comments
How to Generate the Correct OneDrive OAuth Token in ServiceNow

How to Correctly Generate the OneDrive OAuth Token in ServiceNow

If your ServiceNow instance keeps uploading files into the wrong OneDrive folder, it means the OAuth token was issued for the wrong Microsoft account.

Here is the exact procedure to generate a correct token for the right service account.

Prerequisites

  • OneDrive service account

  • Azure AD admin account (for App Registration)

  • OneDrive OAuth profile configured in ServiceNow

  • Valid Client ID and Client Secret

Why This Procedure Is Necessary

With SSO environments:

  • VDI login automatically logs users into Microsoft

  • Teams/Outlook auto-start with cached credentials

  • Office apps silently authenticate

This means clicking Get OAuth Token will always use whatever Microsoft session is active—even if you logged into ServiceNow with a different account.

Step-by-Step Procedure

STEP 1 — Completely log out of all Microsoft sessions

You must remove all cached Microsoft identity data:

✔ Sign out of Teams
✔ Sign out of Outlook
✔ Stop OneDrive sync client
✔ Close Office apps
✔ Log out of Office.com
✔ Clear browser cookies
✔ Restart the browser
✔ Optionally reboot the VDI session

STEP 2 — Open a new Incognito window

Do NOT use a normal window.
Normal windows share cookies from the VDI.

STEP 3 — Sign in to Microsoft manually with the OneDrive account

In the incognito window:

At this stage, Microsoft knows the identity that should receive the OAuth token.

STEP 4 — Log in to ServiceNow with the same service account

Still in the same incognito window:

  • Log in to ServiceNow as OneDrive service account

  • Do NOT use impersonation

STEP 5 — Navigate to the OneDrive OAuth profile

Go to:

System OAuth → Application Registry → Your OneDrive OAuth Profile

STEP 6 — Click “Get OAuth Token”

This time:

  • Microsoft sees OneDrive service account as the active session

  • Microsoft issues the OAuth token for OneDrive service account

  • ServiceNow stores the token under the OneDrive service account user context

STEP 7 — Validate the Token

Run a simple OneDrive Spoke action:

OneDrive → Create Folder

The folder should appear under OneDrive service account’s OneDrive path.

What If It Still Shows the Wrong Account?

Then the VDI or OS-level Microsoft session is still active.
Use one of these options:

  • Try a different browser

  • Use an entirely different machine

  • Use a private Windows account profile

  • Disable Teams auto-login temporarily

  • Use a clean VM with no corporate SSO session

Once the correct token is captured, normal usage will no longer rely on the end-user’s Microsoft session.

Summary

To ensure ServiceNow writes files into the correct OneDrive folder:

  • The OneDrive service account must be the Microsoft identity when generating the OAuth token

  • Logging in to ServiceNow as that service account ensures correct token storage

  • Clearing cached Microsoft sessions is essential in SSO environments

Following these steps guarantees the OAuth token belongs to the correct storage account every time.

Share:

0 comments:

Post a Comment

InformativeTechnicalContent.com