Configuration for Blank Query Connection

1 How to Set Up Configuration
2 How to Test Configuration

How to Connect to Power BI if ServiceNow Uses MFA/2FA/SSO?

How to Set Up Configuration

Being signed in to your ServiceNow instance, open the Scheduled Jobs module.

Locate and open the Scheduled Generation based on Power BI Connector Auth record.

Select Execute Now.

Open the Application Registry module.

Find and open the Power BI Connector Auth record.

In the navigator box, enter the sys_properties.LIST, and then hit Enter.

The sys_properties.LIST will be automatically opened in a new tab.

Find and open x_acsof_power_bi_s.x_acsoft.pbi.client_secret.

Now you should have two tabs open: Power BI Connector Auth and x_acsof_power_bi_s.x_acsoft.pbi.client_secret

Return to the Power BI Connector Auth page, select the padlock icon, and then copy Client Secret (It will be opened after selecting the padlock icon).

Return to the x_acsof_power_bi_s.x_acsoft.pbi.client_secret page.
Paste the copied Client Secret into the Value field, and then select Update.

Find and open x_acsof_power_bi_s.x_acsoft.pbi.client_id (on the same page - sys_properties.LIST).

Return to the Power BI Connector Auth page, and then copy the Client ID value.

Return to the x_acsof_power_bi_s.x_acsoft.pbi.client_id page.
Paste the copied Client ID into the Value field, and then select Update.

Return to the Power BI Connector Auth page, and then select New.

In the *Name field, enter the preferable name for your Jwt Verifier Map, and then select Submit.

Generate JKS and OpenSSL certificate by following these guides:

Open newly-created Jwt Verifier Map record.

Select Lookup using list.

Select New.

In the *Name field, enter your certificate name.
Fill in the Format and Type fields as shown in the screenshot.

Open the publickey.cer file using a text editor.

Copy its data, paste it into the PEM Certificate field, and then select Submit.

Open JWT Providers, and then open the pbi jwt provider record.

Copy the Client ID (from Power BI Connector Auth), and then paste it into the Claim Value fields of the aud and iss records.

Select the info icon of the Signing Configuration field, and then select Open Record.

Select Lookup using list of the Signing Keystore field.

Select New.

In the Type field, select Java Key Store.

In the *Name field, enter the name of your certificate.

In the Key store password field, enter your key store password of the .jks file.

Select the clip icon, and then select your .jks file.

Select Submit.

Ensure the Signing Keystore field contains the correct record, and then select Update.

How to Test Configuration

Open Scripts - Background.

Paste the following script with the created values on your instance, and then select Run script.

var jwtAPI = new sn_auth.GlideJWTAPI();
var headerJSON = {  "kid": "5eff1ab1b383f9105a6ba26bf3a2cfa7"  };
var header = JSON.stringify(headerJSON);

var payloadJSON = { "jti": “client_id_application_registry”, "iss": "client_id_application_registry", "sub": "userEmail" };
var payload = JSON.stringify(payloadJSON);

var jwtProviderSysId = "497022f18783f9106f8263973cbb35ba";
var jwt = jwtAPI.generateJWT(jwtProviderSysId, header, payload);

gs.info("JWT:" + jwt);

“client_id_application_registry”: Application Registry → Power BI Connector Ath → Client ID

“userEmail“: Users (under Organization section) → find the user you need, and then copy their email

value for var jwtProviderSysId: JWT Providers → pbi jwt provider → right-click → Copy sys_id

Open Postman, select the POST method, and then enter the following URL:

https://your_instance_name/oauth_token.do

where your_instance_name is the name of your ServiceNow instance.

Select Body, select the x-www-form-urlencoded format, and then enter the following variables:

client_id - Application Registry → Power BI Connector Auth → Client ID
client_secret - Application Registry → Power BI Connector Auth → Client Secret
grant_type - urn:ietf:params:oauth-type:jwt-bearer
assertion: JWT generated by the background script in the ServiceNow instance