# Identity Consumer Instance

## Create Application Registry

In native ServiceNow, navigate to **System OAuth > Application Registry** and click **New**.

![img](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MQBk35gIi557UHt7QlJ-850646046%2Fuploads%2F30ESRN12wRQI9UJibDTJ%2FHTSOCG%20-%20Identity%20Consumer%20Instance%201.png?alt=media\&token=38af270f-85bc-49c6-9f6b-9f533ad44a2c)

On the interceptor page, click **Connect to a third party OAuth Provider**.

![img](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MQBk35gIi557UHt7QlJ-850646046%2Fuploads%2FdEPrxWNRtNadaDWBsDkF%2FHTSOCG%20-%20Identity%20Consumer%20Instance%202.png?alt=media\&token=0a0a110a-6ed4-4d1a-81e9-da0eebe22658)

The fields to be configured for the Application Registry record are as follows:

| Field                    | Description                                                   | Value                                                                 |
| ------------------------ | ------------------------------------------------------------- | --------------------------------------------------------------------- |
| Name                     | Name of the OAuth app                                         | \<Your Unique Name>                                                   |
| Client ID                | The client id of the OAuth app                                | The Client ID from the Identity Provider Instance                     |
| Client Secret            | The client secret of the OAuth app                            | The Client Secret from the Identity Provider Instance                 |
| Default Grant type       | The Default Grant Type used to establish the OAuth token      | 'Resource Owner Password Credentials'                                 |
| Refresh Token Lifespan\* | The number of seconds a refresh token issued will be good for | 8,640,000 (default value - automatically populated)                   |
| Token URL                | OAuth token endpoint to retrieve access and refresh tokens    | 'https\://\<your-provider-instance>.service-now\.com/oauth\_token.do' |
| Comments                 | Comments about the OAuth app                                  | \<Your description of the purpose of the OAuth entity>                |

\*This value is to be left as-is.

{% hint style="info" %}
**Token URL**: Replace the `<your-provider-instance>` element of the URL with that of the Identity Provider Instance.
{% endhint %}

*Your Application Registries New Record should look like this:*

![img](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MQBk35gIi557UHt7QlJ-850646046%2Fuploads%2F3KZ2AVKmhtjBVCG4nlmN%2FHTSOCG%20-%20Identity%20Consumer%20Instance%203.png?alt=media\&token=3d87b95d-9fd7-40dc-9167-76e279332554)

**Right-click** and **Save** to remain on the record.

{% hint style="success" %}
Validate that the OAuth Entity Profiles related list has been populated with the following values:

Name: \<Your Unique Name> default\_profile

Is default: true

Grant type: Resource Owner Password Credentials
{% endhint %}

![img](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MQBk35gIi557UHt7QlJ-850646046%2Fuploads%2FiMvxxcyaJOS5pfdNTHY0%2FHTSOCG%20-%20Identity%20Consumer%20Instance%204.png?alt=media\&token=686b9158-5729-482a-afac-53306be86983)

{% hint style="info" %}
This is the profile which will be selected when configuring the Connection.
{% endhint %}

## Configure Connection

In Unifi Integration Designer, navigate to Connections and click New.

{% hint style="info" %}
We are going to configure a Connection for the Pre-Production environment because we have already configured connections for both the Development and Test environments. Choose whichever environment is appropriate for your requirements.
{% endhint %}

The fields to be configured for the New Connection modal are as follows:

| Field        | Description                                        | Value                           |
| ------------ | -------------------------------------------------- | ------------------------------- |
| Environment  | The environment this connection applies to.        | 'Pre-Production'                |
| Endpoint URL | The external system's access URL.                  | \<External system Endpoint URL> |
| Active       | Use this connection for the integration when true. | \<true>                         |

### Outbound Connectivity

The format of the Endpoint URL is as follows:

`https://<your_provider_instance>.service-now.com/<your_provider_process_api>`

{% hint style="success" %}
The entire Endpoint URL can be easily obtained from the automatically created Message Resource on the Unifi Scripted REST API (displayed in the widget at the top of the Connections page in the other instance).
{% endhint %}

![img](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MQBk35gIi557UHt7QlJ-850646046%2Fuploads%2FKJidBP41O8zCpC8aFfPi%2FHTSOCG%20-%20Identity%20Consumer%20Instance%205.png?alt=media\&token=3c64de40-24b6-4aee-b116-b111ee09a63c)

*Your New Connection modal should look like this:*

![img](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MQBk35gIi557UHt7QlJ-850646046%2Fuploads%2FRavJdz26cJLcKPd4dWLb%2FHTSOCG%20-%20Identity%20Consumer%20Instance%206.png?alt=media\&token=21ea0af4-b322-4eb8-9a78-370ddb9638a5)

**Submit and view** to further configure the Connection.

### Connection Details

The fields to be configured for the Details form are as follows:

| Field          | Description                                                                                                                      | Value                                                               |
| -------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- |
| Authentication | The authentication method to use for this connection.                                                                            | 'OAuth 2.0'                                                         |
| OAuth Profile  | The OAuth Entity Profile to authenticate with.                                                                                   | '\<Your Unique Name> default\_profile' (as created/validated above) |
| Inbound user   | The user profile used by the external system for authentication. An active connection must be found for the user to gain access. | lookup: \<Your Inbound User>                                        |

*Your Details form should look like this:*

![img](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MQBk35gIi557UHt7QlJ-850646046%2Fuploads%2F7j1PWJcIsAMhvS4EMz4a%2FHTSOCG%20-%20Identity%20Consumer%20Instance%207.png?alt=media\&token=a8a00ec7-7057-44f6-8713-2c1fd7e75e2a)

**Save** the Connection.

### Get OAuth Token

Once you have saved the Connection, the 'Get OAuth Token' button is available.

![img](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MQBk35gIi557UHt7QlJ-850646046%2Fuploads%2FZCPawO4Z2A2D8pPEkq2s%2FHTSOCG%20-%20Identity%20Consumer%20Instance%208.png?alt=media\&token=0943ae54-8544-4be9-a457-ca9d7b63b6e4)

Click **Get OAuth Token**.

On the modal that pops up, enter the **Username** & **Password** (for the Inbound user of the Identity Provider Instance).

![](https://content.gitbook.com/content/2EJsRh73QF1TvP9eLF8k/blobs/vmR0ZCVzOqVKkMLEgCEA/HTSOCG%20-%20Identity%20Consumer%20Instance%209.png)

Click **Get OAuth Token**.

![](https://content.gitbook.com/content/2EJsRh73QF1TvP9eLF8k/blobs/g8XDpp4DEIucPPlmTznb/HTSOCG%20-%20Identity%20Consumer%20Instance%2010.png)

The '**OAuth token flow completed successfully**' info message is displayed. **Close** the modal.

{% hint style="success" %}
**Congratulations**. You have successfully configured both halves of the OAuth Connection.
{% endhint %}

To future proof your OAuth connection, please consider setting up the [OAuth Refresh Token Job](https://docs.sharelogic.com/unifi/4.2/configure/how-to-guides/how-to-setup-an-oauth-connection/oauth-refresh-token-job).