You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: copilot/employee-self-service/servicenow-hrsd-itsm.md
+85-3Lines changed: 85 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -73,7 +73,7 @@ Refer to the ESS Agent deployment guide for installation of the agent and subscr
73
73
|**Application Developer** (*minimum privileged role*) | User who can register an application | Create an App registration - *if using Microsoft Entra OAuth for ServiceNow connector*| Microsoft 365 Admin Center |
74
74
|**Environment Maker**| User who can customize ESS Agent | Configure & Customize ESS Agent | Microsoft Copilot Studio |
75
75
76
-
###ServiceNow configuration
76
+
## ServiceNow configuration
77
77
78
78
This section outlines the tasks required to be configured in ServiceNow by an administrator. ServiceNow integration supports three types of authentications as follows:
79
79
@@ -88,7 +88,86 @@ This section outlines the tasks required to be configured in ServiceNow by an ad
88
88
> [!TIP]
89
89
> Without elevating access, the new security objects can't be created. If **New** button in the top right of configuration pane is missing, then the role isn't elevated to "`security_admin`”.
90
90
91
-
#### Option 1: Using OAuth2 authentication - Create an OAuth Application Registry
91
+
### Basic authentication
92
+
93
+
This method of authentication involves a ServiceNow username and password to authenticate API requests. This method is simple to use and is primarily suggested for testing purposes, as it offers lower security compared to other authentication methods.
94
+
95
+
### Microsoft EntraID OAuth using Certificate
96
+
97
+
This authentication uses app tokens, allowing a registered Entra ID application to access ServiceNow with a token specifying the ServiceNow Entra ID app as the resource.
98
+
99
+
#### Task 1: Register an application in Microsoft Entra ID for OIDC integration with ServiceNow
100
+
101
+
[Learn how to register an app in Microsoft Entra ID.](/entra/identity-platform/quickstart-register-app)
102
+
103
+
1. Sign into the Microsoft Entra admin portal as a global administrator or cloud app administrator.
104
+
1. Go to **Applications** then **App registrations**.
105
+
1. Select **New registration.**
106
+
1. In the new registration form, fill in the following fields:
107
+
1.**Name:** Any name that represents the purpose of app registratio
108
+
1.**Redirect URL:** Not needed
109
+
1. Choose **Register** to complete the creation of the new app registration.
110
+
1. Select **Token configuration** then **Add optional claim** for adding claims setting.
111
+
1. Select **Token type** as **Access** and choose the following claims:
112
+
1.*aud* - for audience validation
113
+
1.*email* - addressable email for user
114
+
1.*upn* - an identifier for the user
115
+
1. Select **Add** to complete adding the claims.
116
+
1. If this is the first time OpenId Connect being setup using claims like email, upn, there’ll be a confirmation to turn on the Microsoft Graph permissions, please check the box and select **Add**.
117
+
1. This flow completes the Microsoft Entra piece of configuration.
118
+
119
+
#### Task 2: Register OIDC provider in ServiceNow
120
+
121
+
1. Login to the ServiceNow instance that needs to be integrated with ESS Agent.
122
+
1. Elevate access permissions using **Elevate role**. Refer to the section **Error! Reference source not found.** – only the first part and not the tasks.
123
+
1. Click **All** in the top navigation bar.
124
+
1. Search for “OAuth” in the search box within dropdown navigation menu.
125
+
1. Select **System OAuth à Application Registry** from the search results (if you don’t see this option, then you don’t have sufficient privileges).
126
+
1. Select **New** in the configuration section pane.
127
+
1. Select **Configure an OIDC provider to verify ID tokens**.
128
+
1. Fill in the following information for the new application registry:
129
+
130
+
|Configuration |Description |
131
+
|--------------|------------|
132
+
|Name |a meaningful name to identify that this OIDC provider was created for ESS Agent |
133
+
|Client ID |The client ID of Entra Application created in Task 1 above |
134
+
|Client secret |This value will not be used; can be any value |
135
+
|OAuth OIDC provider configuration |Add a new OIDC provider configuration by selecting the search icon and choosing **New** in the search popup. Fill in the fields as follows:</br> **OIDC Provider:** A name that represents the Microsoft Entra tenant from task 1 above.</br> **OIDC Metadata URL:**`login.microsoftonline.com/<tenant ID>/.well-known/openid-configuration`</br> Replace < tenant ID > with the Entra tenant ID from task 1 above.</br> **OIDC Configuration Cache Life Span:** 120</br> **Application:** Global</br> **User Claim:** oid</br> **User Field:** User ID</br> **Enable JTI claim verification:** disabled</br> Select **Submit** and update the OIDC Entity form. |
136
+
137
+
#### Task 3: Register an Application in Microsoft Entra ID for connector usage
138
+
139
+
This is the application which plays the role of a user with elevated permissions in the ServiceNow instance.
140
+
141
+
1. Login to Entra administration portal as global administrator (or) cloud app administrator.
142
+
1. Go to **Applications** > **App registrations**.
143
+
1. Select **New registration**.
144
+
1. In the new registration form, fill in the following fields:.
145
+
1.**Name:** any name that represents the purpose of app registration.
146
+
2.**Redirect URI:** Not needed.
147
+
1. Click **Register** to complete the creation of new app registration.
148
+
1. Select **Certificates & secrets** then upload the .cer file of the certificate. In case of SNI certificate, just add trustedCertificateSubjects in the manifest of the application with the relevant authorityId and subjectName.
149
+
150
+
#### Task 4: Create a System User in ServiceNow
151
+
152
+
This is the Application created in the above task 3 which is a user in ServiceNow instance.
153
+
154
+
Go to **User Administration** > **Users** to create a new user.
155
+
156
+
**User ID:** The object ID of the service principal of Application created in Task 3 above.
157
+
158
+
Check **Web service access only**.
159
+
160
+
### Microsoft Entra ID OAuth User Login
161
+
162
+
This is user-token based authentication where the end user can sign into Entra ID 1st party application i.e. ServiceNow connector 1st party app and get an access token with scope for the ServiceNow representative Entra ID app.
163
+
164
+
Perform Task 1 & Task 2 from the previous section Microsoft Entra ID OAuth using Certificate.
165
+
166
+
In the Task 1 – add the 1st party application i.e., ServiceNow connector to the permission scope – Client ID = c26b24aa-7874-4e06-ad55-7d06b1f79b63.
167
+
168
+
In the Task 2 – update the user claim to upn or any other custom claim property from the token in ServiceNow. The user field should match the ServiceNow system user table field containing the upn or user ID.
169
+
170
+
### Using OAuth2 authentication - Create an OAuth Application Registry
92
171
93
172
1. Log in to the ServiceNow instance that needs to be integrated with ESS Agent.
94
173
2. Elevate access permissions using **Elevate role**.
@@ -104,7 +183,7 @@ This section outlines the tasks required to be configured in ServiceNow by an ad
104
183
|**Name**| a meaningful name to identify that this application registry is created for ESS Agent |
105
184
|**Client ID**| autogenerated code <br><divclass="alert">**Note**</br>This value is used in Microsoft 365 Copilot Connector configuration, if no Advanced Scripting is used. |
106
185
|**Client Secret**| leave it blank to automatically generate a string <br><divclass="alert">**Note**</br>This value is used in Microsoft 365 Copilot Connector configuration, if no Advanced Scripting is used. |
107
-
|**Redirect URL**| a required callback URL that the authorization server redirects to </br>For Microsoft 365 Enterprise:</br>`https://gcs.office.com/v1.0/admin/oauth/callback`</br>For Microsoft 365 Government:</br>`https://gcsgcc.office.com/v1.0/admin/oauth/callback`|
186
+
|**Redirect URL**| a required callback URL that the authorization server redirects to </br>For Microsoft 365 Enterprise:</br>`https://gcs.office.com/v1.0/admin/oauth/callback`</br>For Microsoft 365 Government:</br>`https://gcsgcc.office.com/v1.0/admin/oauth/callback` Refer to the note after the table for more information.|
108
187
|**Logo URL**| A URL that contains the image for the application logo |
109
188
|**Active**| Set to active |
110
189
|**Refresh token lifespan**| The number of seconds that a refresh token is valid. </br>By default, refresh tokens expire in 100 days (8,640,000 seconds). Recommended value is 31,536,000 (one year) |
@@ -113,6 +192,9 @@ This section outlines the tasks required to be configured in ServiceNow by an ad
113
192
|**Accessible from**| All application scopes |
114
193
|**Client Type**| Integration as a Service |
115
194
195
+
>[!NOTE]
196
+
>[Please use the actual callback URL from the sign-in popup window during connection configuration by following the steps below, when the URL redirection fails with the error **Invalid redirect_uri**:</br> Copy/paste the complete URL from the authorization popup window</br> Extract redirect_uri parameter.</br> Example: `redirect_uri=https%3a%2f%2ftip1-shared.consent.azure-apim.net%2fredirect`</br> After decoding the URL – replacing %3a with : and %2f with /</br> Update the Redirect URL field.]
197
+
116
198
9. Select **Submit** or **Update** button to save the changes.
description: Learn about Learning Tools Interoperability (LTI) Microsoft apps, and how they will help educators when integrating Microsoft apps into their Learning Management System (LMS).
19
+
description: Learn about Learning Tools Interoperability (LTI) Microsoft apps, and how they help educators when integrating Microsoft apps into their Learning Management System (LMS).
18
20
---
19
21
20
22
# Integrating Microsoft products with your Learning Management System (LMS)
@@ -27,36 +29,29 @@ These tools include:
27
29
28
30
-[OneDrive LTI](#onedrive-lti-apps)
29
31
-[Teams Assignments LTI](#teams-assignments-lti)
30
-
-[Teams Meetings LTI](#teams-meetings-lti)
31
-
-[Teams Classes LTI](#teams-classes-lti)
32
32
-[Microsoft Reflect LTI](#microsoft-reflect-lti)
33
33
34
+
You can also [sync teams with your LMS](#sync-teams-with-your-lms).
35
+
34
36
For general information on managing Microsoft LTI apps, see [Manage Microsoft LTI apps for any LMS](manage-microsoft-one-lti.md).
35
37
36
38
> [!IMPORTANT]
37
39
> We're streamlining the LTI® (Learning Tools Interoperability) experiences for education customers who may be using different LMS systems. We're simplifying onboarding and usage by consolidating the capabilities of multiple LTI tools available today into fewer and more functional tools.
38
40
>
39
-
> The capabilities of the Teams Classes LTI and Meetings LTI tools are among the first tools updated in this consolidation. Microsoft is announcing the end of support for the Teams Classes LTI and Meetings LTI tools on September 15, 2025, as their capabilities will be superseded by a new, unified experience. Release details for the unified experience are forthcoming.
41
+
> The capabilities of the Teams LTI and Meetings LTI tools are among the first tools updated in this consolidation. Microsoft is announcing the end of support for the Teams Classes LTI and Meetings LTI tools on September 15, 2025, as their capabilities will be superseded by a new, unified experience. Release details for the unified experience are forthcoming.
40
42
41
43
## OneDrive LTI apps
42
44
43
45
Learn more about using Microsoft OneDrive with your Learning Management System (LMS).
44
46
45
-
-**Brings Microsoft 365 directly into your workflows**
46
-
47
-
The Microsoft OneDrive LTI app integrates with your LMS to bring Microsoft OneDrive and Microsoft 365 directly into your most important workflows that include:
48
-
49
-
- Attaching resources and organizing content.
50
-
- Starting collaborative documents.
51
-
- Creating and grading assignments.
47
+
-**Brings Microsoft 365 directly into your workflows** - The Microsoft OneDrive LTI app integrates with your LMS to bring Microsoft OneDrive and Microsoft 365 directly into your most important workflows that include:
48
+
- Attaching resources and organizing content.
49
+
- Starting collaborative documents.
50
+
- Creating and grading assignments.
52
51
53
-
-**Secure and fully compliant with latest LTI standards**
52
+
-**Secure and fully compliant with latest LTI standards** - The Microsoft OneDrive LTI App is compatible with LTI 1.3 and LTI Advantage, allowing for a secure and integrated user experience.
54
53
55
-
The Microsoft OneDrive LTI App is compatible with LTI 1.3 and LTI Advantage, allowing for a secure and integrated user experience.
56
-
57
-
-**Modern and rich user experience**
58
-
59
-
We're improving upon the existing Microsoft 365 integration in your LMS by delivering a modern user experience, complete with an expanded Microsoft OneDrive file picker and rich editing experiences for Office files.
54
+
-**Modern and rich user experience** - We're improving upon the existing Microsoft 365 integration in your LMS by delivering a modern user experience, complete with an expanded Microsoft OneDrive file picker and rich editing experiences for Office files.
60
55
61
56
Microsoft owns the OneDrive LTI app, which means you’ll always get the latest updates from Microsoft automatically.
62
57
@@ -78,6 +73,7 @@ For configuration steps, see:
78
73
-[Microsoft OneDrive LTI with D2L Brightspace](onedrive-lti-brightspace.md)
79
74
80
75
## Teams Assignments LTI
76
+
81
77
The Microsoft Teams Assignments LTI brings the Learning Accelerators: Reading Progress, Math Progress. Search Progress and Speaker Progress along with Microsoft Forms, Whiteboard, OneNote Pages, and all of the new generative AI features of Teams Assignments to your LTI v1.3 Advantage compliant LMS.
82
78
The integration allows you to Connect Class Teams and add Teams Assignments right into your LMS assignments list where students can launch and complete them and sync grades and feedback automatically back to the LMS.
83
79
@@ -88,32 +84,7 @@ The integration allows you to Connect Class Teams and add Teams Assignments righ
88
84
-[Microsoft Assignments integration with Desire2Learn Brightspace](teams-assignments-with-brightspace.md).
89
85
-[Microsoft Assignments integration with any LTI 1.3 compliant LMS](teams-assignments-with-other-lms.md).
90
86
91
-
More LMS support coming soon! Please sign up for more information on current and future LMS integration previews at https://aka.ms/LMSPreview
92
-
93
-
## Teams Meetings LTI
94
-
95
-
Microsoft Teams Meetings LTI app incorporates Teams meetings into LMS courses. Educators and students can view past and upcoming meetings, schedule individual or recurring meetings, and join team meetings related to the course, all from within their LMS.
96
-
97
-
For configuration steps, see:
98
-
99
-
-[Microsoft Teams Meetings with Canvas](teams-meetings-with-canvas.md).
100
-
-[Microsoft Teams Meetings with Moodle](teams-classes-meetings-with-moodle.md).
101
-
-[Microsoft Teams Meetings with Open LMS](open-lms-teams-classes-and-meetings.md).
102
-
-[Microsoft Teams Meetings with Desire2Learn Brightspace](teams-classes-meetings-with-brightspace.md).
103
-
-[Microsoft Teams Meetings with Schoology Learning](teams-classes-and-meetings-with-schoology.md).
104
-
-[Microsoft Teams Meetings LTI with any LTI 1.3 compliant LMS](integrate-with-other-lms.md).
105
-
106
-
## Teams Classes LTI
107
-
108
-
The Microsoft Teams Classes LTI app helps educators and students navigate between their LMS and Teams. Users can access their class teams associated with their course within their LMS.
109
-
110
-
For configuration steps, see:
111
-
112
-
-[Microsoft Teams Classes with Canvas](teams-classes-with-canvas.md).
113
-
-[Microsoft Teams Classes with Blackboard](teams-classes-with-blackboard.md).
114
-
-[Microsoft Teams Classes with Moodle](teams-classes-meetings-with-moodle.md).
115
-
-[Microsoft Teams Classes with Open LMS](open-lms-teams-classes-and-meetings.md).
116
-
-[Microsoft Teams Classes with Desire2Learn Brightspace](teams-classes-meetings-with-brightspace.md).
87
+
More LMS support coming soon! Sign up for more information on current and future LMS integration previews at https://aka.ms/LMSPreview
117
88
118
89
## Microsoft Reflect LTI
119
90
@@ -128,3 +99,15 @@ For configuration steps, see:
128
99
-[Microsoft Reflect with Moodle](reflect-lti-moodle.md).
129
100
-[Microsoft Reflect with D2L Brightspace](reflect-lti-brightspace.md).
130
101
-[Microsoft Reflect with Blackboard Learn](reflect-lti-blackboard.md).
102
+
103
+
## Sync Teams with your LMS
104
+
105
+
Syncing Microsoft Teams with your LMS helps educators and students navigate between their LMS and Teams. Users can access their teams associated with their course within their LMS.
106
+
107
+
For configuration steps, see:
108
+
109
+
-[Microsoft Teams with Canvas](teams-classes-with-canvas.md).
110
+
-[Microsoft Teams with Blackboard](teams-classes-with-blackboard.md).
111
+
-[Microsoft Teams with Moodle](teams-classes-meetings-with-moodle.md).
112
+
-[Microsoft Teams with Open LMS](open-lms-teams-classes-and-meetings.md).
113
+
-[Microsoft Teams with Desire2Learn Brightspace](teams-classes-meetings-with-brightspace.md).
0 commit comments