Configuration for Blank Query Connection

1 How to Set Up Configuration
2 How to Test Configuration

How to Connect to Power BI if ServiceNow Uses MFA/2FA/SSO?

How to Set Up Configuration

Being signed in to your ServiceNow instance, open the Scheduled Jobs module.

Locate and open the Scheduled Generation based on Power BI Connector Auth record.

Select Execute Now.

Open the Application Registry module.

Find and open the Power BI Connector Auth record.

In the navigator box, enter the sys_properties.LIST, and then hit Enter.

The sys_properties.LIST will be automatically opened in a new tab.

Find and open x_acsof_power_bi_s.x_acsoft.pbi.client_secret.

Now you should have two tabs open: Power BI Connector Auth and x_acsof_power_bi_s.x_acsoft.pbi.client_secret

Return to the Power BI Connector Auth page, select the padlock icon, and then copy Client Secret (It will be opened after selecting the padlock icon).

Return to the x_acsof_power_bi_s.x_acsoft.pbi.client_secret page.
Paste the copied Client Secret into the Value field, and then select Update.

Find and open x_acsof_power_bi_s.x_acsoft.pbi.client_id (on the same page - sys_properties.LIST).

Return to the Power BI Connector Auth page, and then copy the Client ID value.

Return to the x_acsof_power_bi_s.x_acsoft.pbi.client_id page.
Paste the copied Client ID into the Value field, and then select Update.

Return to the Power BI Connector Auth page, and then select New.

Make sure that you are on the Jwt Verifie Map tab.

In the *Name field, enter the preferable name for your Jwt Verifier Map, and then select Submit.

Generate JKS and OpenSSL certificate by following these guides:

Before starting, ensure that you have an admin role and installed OpenSSL on your machine.

When all steps are done, the following list of files will appear:

pbi.p12
pbiauth2024.jks
private.key
publickey.cer

Open newly-created Jwt Verifier Map record.

It was created in step 12.

Select Lookup using list.

The new tab - X.509 Certificates - will be opened.

Select New.

In the *Name field, enter your certificate name.
Fill in the Format and Type fields as shown in the screenshot.

Open the publickey.cer file using a text editor.

Copy its data, paste it into the PEM Certificate field, and then select Submit.

Open JWT Providers, and then open the pbi jwt provider record.

Copy the Client ID (from Power BI Connector Auth), and then paste it into the Claim Value fields of the aud and iss records.

Select the info icon of the Signing Configuration field, and then select Open Record.

Select Lookup using list of the Signing Keystore field.

The new tab - X.509 Certificates - will be opened.

Select New.

In the Type field, select Java Key Store.

In the *Name field, enter the name of your certificate.

In the Key store password field, enter your key store password of the .jks file.

Select the clip icon, and then select your .jks file.

Select Submit.

The newly-created record will be automatically added to Power BI JWT Key.

Ensure the Signing Keystore field contains the correct record, and then select Update.

Managing PBI JWT Access Policies.

open Key Management Administration;
add your user to the Selected User;
click Save;
Re-login to the instance.

Open Module Access Policies;
Search for the "PBI JWT Access".

Open the record;
Make sure that the record is in the state Track if not, the Update Script Version action will appear → Click.

Verifying and Updating PBI JWT Key Configuration

Make sure that system property x_acsof_power_bi_s.x_acsoft.pbi.kid is updated with the value from the application registry JWT Verifier Maps related List.

Open JWT Providers Module.

Open the PBI record;
Open the Signing configuration record.

Make sure that the KID is the same as for the system property and the Signing configuration record.

How to Test Configuration

Open Scripts - Background.

Paste the following script with the created values on your instance, and then select Run script.

Values that have to be substituted are highlighted with green color on the screenshot below.

var jwtAPI = new sn_auth.GlideJWTAPI();
var headerJSON = {  "kid": "5eff1ab1b383f9105a6ba26bf3a2cfa7"  };
var header = JSON.stringify(headerJSON);

var payloadJSON = { "jti": “client_id_application_registry”, "iss": "client_id_application_registry", "sub": "userEmail" };
var payload = JSON.stringify(payloadJSON);

var jwtProviderSysId = "497022f18783f9106f8263973cbb35ba";
var jwt = jwtAPI.generateJWT(jwtProviderSysId, header, payload);

gs.info("JWT:" + jwt);

“client_id_application_registry”: Application Registry → Power BI Connector Ath → Client ID

“userEmail“: Users (under Organization section) → find the user you need, and then copy their email

value for var jwtProviderSysId: JWT Providers → pbi jwt provider → right-click → Copy sys_id

After the script is finished, the JWT (JSON Web Token) will be generated.

Open Postman, select the POST method, and then enter the following URL:

https://your_instance_name/oauth_token.do

where your_instance_name is the name of your ServiceNow instance.

Select Body, select the x-www-form-urlencoded format, and then enter the following variables:

client_id - Application Registry → Power BI Connector Auth → Client ID
client_secret - Application Registry → Power BI Connector Auth → Client Secret
grant_type - urn:ietf:params:oauth:grant-type:jwt-bearer
assertion: JWT generated by the background script in the ServiceNow instance

Power BI Connector for ServiceNow

Configuration for Blank Query Connection

Analytics

How to Set Up Configuration

How to Test Configuration

Related content