Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

How to Connect to Power BI if ServiceNow Uses MFA/2FA/SSO?

How to Set Up Configuration

  1. Being signed in to your ServiceNow instance, open the Scheduled Jobs module.

Scheduled Jobs.gif

  1. Locate and open the Scheduled Generation based on Power BI Connector Auth record.

Scheduled Generation.gif

  1. Select Execute Now.

Execute Now.gif

  1. Open the Application Registry module.

Application Registry.gif

  1. Find and open the Power BI Connector Auth record.

Power BI Auth.gif

  1. In the navigator box, enter the sys_properties.LIST, and then hit Enter.

The sys_properties.LIST will be automatically opened in a new tab.

LIST.gif

  1. Find and open x_acsof_power_bi_s.x_acsoft.pbi.client_secret.

Now you should have two tabs open: Power BI Connector Auth and x_acsof_power_bi_s.x_acsoft.pbi.client_secret

x_acsof_power.gif

  1. Return to the Power BI Connector Auth page, select the padlock icon, and then copy Client Secret (It will be opened after selecting the padlock icon).

Copy client secret.gif

  1. Return to the x_acsof_power_bi_s.x_acsoft.pbi.client_secret page.

  2. Paste the copied Client Secret into the Value field, and then select Update.

Paste in value.gif

  1. Find and open x_acsof_power_bi_s.x_acsoft.pbi.client_id (on the same page - sys_properties.LIST).

Client_ID.gif

  1. Return to the Power BI Connector Auth page, and then copy the Client ID value.

Client ID.gif

  1. Return to the x_acsof_power_bi_s.x_acsoft.pbi.client_id page.

  2. Paste the copied Client ID into the Value field, and then select Update.

client id - value.gif

  1. Return to the Power BI Connector Auth page, and then select New.

Make sure that you are on the Jwt Verifie Map tab.

Power BI Connector Auth - New.gif

  1. In the *Name field, enter the preferable name for your Jwt Verifier Map, and then select Submit.

Jwt Name.gif

  1. Generate JKS and OpenSSL certificate by following these guides:

Before starting, ensure that you have an admin role and installed OpenSSL on your machine.

When all steps are done, the following list of files will appear:

  • pbi.p12

  • pbiauth2024.jks

  • private.key

  • publickey.cer

pasted-movie.png

  1. Open newly-created Jwt Verifier Map record.

It was created in step 12.

Jwt Record .gif

  1. Select Lookup using list.

The new tab - X.509 Certificates - will be opened.

Lookup using list.gif

  1. Select New.

New.gif

  1. In the *Name field, enter your certificate name.

  2. Fill in the Format and Type fields as shown in the screenshot.

Name, Format, Type.gif

  1. Open the publickey.cer file using a text editor.

pasted-movie.png

  1. Copy its data, paste it into the PEM Certificate field, and then select Submit.

PEM Certificate.gif

  1. Open JWT Providers, and then open the pbi jwt provider record.

JWT Providers.gif

  1. Copy the Client ID (from Power BI Connector Auth), and then paste it into the Claim Value fields of the aud and iss records.

Copy Client ID.gifaud - iss.gif

  1. Select the info icon of the Signing Configuration field, and then select Open Record.

Signing Configuration .gif

  1. Select Lookup using list of the Signing Keystore field.

The new tab - X.509 Certificates - will be opened.

Signing Configuration - Lookup.gif

  1. Select New.

Signing Keystore - New.gif

  1. In the Type field, select Java Key Store.

Java Key Store.gif

  1. In the *Name field, enter the name of your certificate.

Name of Key store.gif

  1. In the Key store password field, enter your key store password of the .jks file.

Key store password and submit.gif

  1. Select the clip icon, and then select your .jks file.

Clip Icon.gifpasted-movie.png

  1. Select Submit.

The newly-created record will be automatically added to Power BI JWT Key.

Submit.gif

  1. Ensure the Signing Keystore field contains the correct record, and then select Update.

Check and submit.gif

How to Test Configuration

  1. Open Scripts - Background.

Script Background.gif

  1. Paste the following script with the created values on your instance, and then select Run script.

Values that have to be substituted are highlighted with green color on the screenshot below.

Values to substitute.gif
 To copy script
var jwtAPI = new sn_auth.GlideJWTAPI();
var headerJSON = {  "kid": "5eff1ab1b383f9105a6ba26bf3a2cfa7"  };
var header = JSON.stringify(headerJSON);

var payloadJSON = { "jti": “client_id_application_registry”, "iss": "client_id_application_registry", "sub": "userEmail" };
var payload = JSON.stringify(payloadJSON);

var jwtProviderSysId = "497022f18783f9106f8263973cbb35ba";
var jwt = jwtAPI.generateJWT(jwtProviderSysId, header, payload);

gs.info("JWT:" + jwt);
 Where to find the required values

  • “client_id_application_registry”: Application Registry → Power BI Connector Ath → Client ID

client_id_application_registry.gif

  • “userEmail“: Users (under Organization section) → find the user you need, and then copy their email

userEmail (1).gif

  • value for var jwtProviderSysId: JWT Providers → pbi jwt provider → right-click → Copy sys_id

JwtProviderId.gif

Run script.gif

After the script is finished, the JWT (JSON Web Token) will be generated.

Generated JWT.gif

  1. Open Postman, select the POST method, and then enter the following URL:

https://your_instance_name/oauth_token.do

where your_instance_name is the name of your ServiceNow instance.

  1. Select Body, select the x-www-form-urlencoded format, and then enter the following variables:

  • client_id - Application Registry → Power BI Connector Auth → Client ID

  • client_secret - Application Registry → Power BI Connector Auth → Client Secret

  • grant_type - urn:ietf:params:oauth-type:jwt-bearer

  • assertion: JWT generated by the background script in the ServiceNow instance

pasted-movie.png
  • No labels