Informative Technical Content

Dive into deep insights and technical expertise 😎

Saturday, November 29, 2025

Home » , , , , , , » ServiceNow + OneDrive OAuth Tokens: Why Files Keep Uploading to the Wrong User’s Folder

ServiceNow + OneDrive OAuth Tokens: Why Files Keep Uploading to the Wrong User’s Folder

No comments

ServiceNow OneDrive OAuth Tokens

Why ServiceNow Uploads Documents to the Wrong OneDrive Folder — And How to Fix It

Many ServiceNow teams experience a confusing issue:

“We clicked Get OAuth Token, but files upload to the wrong user’s OneDrive folder.”

This happens even when logged in as a different ServiceNow user or when impersonating.
The root cause is not in ServiceNow at all—it’s in Microsoft session handling.

Let’s explain.

1. OAuth Token Is Issued to the Active Microsoft Session

When you click Get OAuth Token in ServiceNow:

  • ServiceNow triggers an OAuth flow

  • Microsoft checks who is currently signed in

  • Microsoft issues an OAuth token for that account

  • ServiceNow stores that token under the user record

Therefore, ServiceNow is simply the redirect channel.
Microsoft chooses the identity.

2. VDI / SSO / Teams Auto-login Makes This Worse

Many enterprise users log into a VDI or laptop using SSO, causing Microsoft apps like:

  • Teams

  • Outlook

  • Office.com

  • OneDrive client

…to automatically authenticate using a personal or admin account.

This means:

  • Even if you open an Incognito window

  • Even if you log in to ServiceNow as a different user

  • Even if you impersonate

Microsoft will still issue a token belonging to the cached session.

3. Why You Were Never Prompted for Microsoft Credentials

Because the browser already had a valid Microsoft authentication session via:

  • PingOne (if used)

  • Native Windows sign-in

  • Office apps auto-login

  • VDI identity provider

Microsoft never prompts again unless that session is cleared.

4. How to Generate a Token for the Correct OneDrive Account

You must ensure the Microsoft session belongs to the OneDrive service account.

Correct procedure:

  1. Sign out from all Microsoft apps (Teams, Outlook, OneDrive sync client)

  2. Clear browser cookies

  3. Open a clean incognito window

  4. Manually sign in to Microsoft using the OneDrive service account

  5. Log in to ServiceNow using the same account (real login, not impersonation)

  6. Click Get OAuth Token

Now the token will belong to the correct OneDrive account.

5. Why Impersonation Does Not Work

Impersonation changes only the ServiceNow identity.

It does not (and cannot) change:

  • The Microsoft identity

  • Browser sessions

  • SSO sessions

  • Office login state

Thus, impersonation cannot control where files get stored.

6. Summary

ServiceNow does not decide where OneDrive files go.
The Microsoft account active during OAuth does.

To fix file uploads going to the wrong folder:

  • Ensure the correct Microsoft identity is active

  • Use clean browser isolation

  • Log in to ServiceNow with the OneDrive service account before generating the token

Once properly configured, all files will upload into the correct OneDrive or SharePoint folder.


Share:

0 comments:

Post a Comment

InformativeTechnicalContent.com