Informative Technical Content

Dive into deep insights and technical expertise 😎

Saturday, November 29, 2025

Home » , , , , , , » Understanding ServiceNow + OneDrive Integration: Why Two Microsoft Accounts Are Required

Understanding ServiceNow + OneDrive Integration: Why Two Microsoft Accounts Are Required

No comments
Understanding ServiceNow + OneDrive Integration

Understanding Why ServiceNow Needs Two Microsoft Accounts for OneDrive Integration

Integrating ServiceNow with Microsoft OneDrive often confuses teams—especially when they realize two different Microsoft accounts are involved:

  1. A Microsoft OneDrive account

  2. A Microsoft Azure AD (Entra ID) account

Why are both required? Let’s break it down clearly.

1. OneDrive Account — The Storage Identity

The OneDrive account is the identity that actually owns the files.

This is the account whose folder you will ultimately see files uploaded into. When ServiceNow pushes a document to OneDrive, it goes to the personal or shared folder of the account whose OAuth token ServiceNow is holding.

This account represents where the documents live.

2. Azure AD Account — The Admin Identity for App Registration

The Azure AD administrative account is used only for configuring the integration.

This account:

  • Creates the App Registration

  • Generates the Client ID

  • Creates/rotates the Client Secret

  • Grants Microsoft Graph API permissions

  • Approves admin consent

This account does not store documents and does not represent a user on the OneDrive side.
It only provides the OAuth infrastructure.

3. Why You Cannot Use Only One Account

Because Microsoft separates:

  • Identity used for API permissions (Azure)

  • Identity owning the files (OneDrive)

ServiceNow must interact with both:

Function

Requires

Why

OAuth authentication

Azure account

App Registration + permissions

File upload

OneDrive account

Determines where the file is stored

4. Most Common Confusion in Organizations

Many teams mistakenly think:

“We updated the client secret in ServiceNow, but OneDrive still uploads into the wrong user’s folder.”

This happens because:

  • The Azure credentials control the application

  • The Microsoft session of whoever clicks “Get OAuth Token” controls the OneDrive identity

5. Summary

To successfully integrate:

  • Use the Azure AD admin account only for configuring the OAuth application.

  • Use the OneDrive service account to generate the OAuth token that ServiceNow will use during runtime.

Both identities serve different purposes, and both are required for a functional and secure integration.

Share:

0 comments:

Post a Comment

InformativeTechnicalContent.com