Ultimate Troubleshooting Guide: Fixing ServiceNow + OneDrive OAuth & Folder Path Issues
ServiceNow’s integration with Microsoft OneDrive often works flawlessly—until it doesn’t.
Admins frequently see issues like:
-
Files uploaded into the wrong user’s OneDrive folder
-
Tokens regenerating but not applying properly
-
“OAuth access or refresh token not available”
-
OneDrive Spoke actions failing silently
-
No prompt for Microsoft login when clicking Get OAuth Token
This troubleshooting guide gives you precise workflows to identify and resolve root causes.
1. Verify You Are Using the Right OAuth Profile
Go to:
Confirm that:
✔ Only one OneDrive OAuth application exists
✔ Its Client ID matches Azure App Registration
✔ Its Client Secret is valid
✔ Grant Type = Authorization Code (required for OneDrive Spoke)
If there are duplicate profiles → delete or deactivate the unused ones.
2. Confirm You Are Clicking “Get OAuth Token” Under the Correct Credential
Navigate to:
Then:
✔ Ensure this credential uses the same OAuth profile
✔ Ensure your connection record uses this credential
✔ Click Get OAuth Token only after logging in with the correct Microsoft user
3. Verify Microsoft Session Identity (THE #1 FAILURE POINT)
Go to https://myaccount.microsoft.com and confirm:
✔ Who is currently logged in?
✔ Is Teams logged in?
✔ Is Outlook logged in?
✔ Is OneDrive sync client logged in?
Incorrect account = incorrect OAuth token.
4. Fix Token Ownership: Generate Token for the Right OneDrive Account
To issue the correct token:
-
Sign out from all Microsoft apps
-
Clear browser cookies + cache
-
Open a new incognito window
-
Sign in to Microsoft as the intended OneDrive service account
-
Log in to ServiceNow as the same account
-
Click Get OAuth Token
If it still uses the wrong account:
– Use a different browser
– Use a clean VM
– Use a private Windows profile
– Disable “Windows Account Manager” in Edge settings
5. Test OneDrive Spoke Connectivity
Test using:
✔ If results come from the wrong drive → wrong token
✔ If unauthorized → wrong permissions
✔ If empty → token is correct but folder path is wrong
6. Validate Graph Permissions
Your Azure App Registration must include:
Delegated permissions:
-
Files.ReadWrite.All
-
Files.Read.All
-
User.Read
-
offline_access
And admin consent must be granted:
Azure portal → App Registration → API Permissions → Grant admin consent
If consent is missing, tokens will work but operations silently fail.
7. Confirm the OneDrive Service Account Actually Has OneDrive Enabled
Go to the Microsoft Admin Center:
✔ The account must have a valid OneDrive license
✔ It must have logged in to OneDrive at least once
✔ Storage must be provisioned
If not, OneDrive Spoke will fail with misleading errors.
8. Check Whether the Token Belongs to the Wrong User in ServiceNow
Find token owner:
Look at the field:
Authorized by User
If this shows Hoff, admin, or any user except your service account → wrong identity is issuing the token.
9. Verify the Document Path Logic in ServiceNow
For Document Services:
Navigate to:
Check:
✔ Default folder
✔ Path variable mapping
✔ Whether a user-specific folder is enforced
✔ Whether the integration uses SharePoint or personal OneDrive
10. Reset Token If Needed
If things are completely broken:
-
Remove OAuth tokens from
sys_oauth_credential -
Remove token from OneDrive Spoke credential
-
Restart token flow (following Step 4)
Summary Checklist
|
Issue |
Likely
Cause |
|
Files going
to wrong OneDrive user |
Microsoft
session mismatch |
|
No Microsoft
login prompt |
SSO or cached
session |
|
OAuth token
unavailable |
Client secret
mismatch / expired token |
|
OneDrive
Spoke failing |
Missing Graph
permissions |
|
Token stored
under wrong ServiceNow user |
Wrong login
identity during OAuth |
|
Files
uploading but not into correct path |
Incorrect
folder mapping |
0 comments:
Post a Comment