question

larry-lau avatar image
0 Votes"
larry-lau asked ·

Cannot register Application ID URI api://{instance}.service-now.com/{client_id}

I am establishing integration between our Microsoft Teams instance and our ServiceNow instance. One of the step is to register a single-tenant application in our Azure AD with Application ID URI in the following format api://{instance}.service-now.com/{client_id}

However, I keep getting the following error message:
Failed to update application property. Error detail: The host name should not be based on already owned domain paramName.

ServiceNow is a SaaS application hosted by ServiceNow at {our_instance}.service-now.com so I don't own the service-now.com domain and I can't add this domain as a custom domain in our Azure AD tenant. I can't change where it is hosted either.

MS Teams expects the Application ID URI in the above format in order for SSO to work. As they use this value to ensure your request is coming from the same domain.

I contacted ServiceNow technical support and was told to contact Azure support. I am not sure who is responsible to make this work. Any suggestion what I can try?

azure-active-directoryoffice-teams-app-dev
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@larry-lau
As this issue is not about Office deployment, so I removed tag "office-it-pro".
Thanks for your understanding.

0 Votes 0 ·

I am having the same issue when going through the service-now documentation.

0 Votes 0 ·
larry-lau avatar image
0 Votes"
larry-lau answered ·

Turn out that the Azure AD team has rolled out additional logic recently. The workaround is to use https:// instead of API://

So your Application ID URI should have this format https://{instance}.service-now.com/{client_id}

You will use this as your Client ID to match accordingly in ServiceNow.


· 3 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Larry,

Where you able to configure the ServiceNow Teams HUB using the solution above? Any tips and tricks? We are still getting an error.

Thank you,
Adrian

0 Votes 0 ·
larry-lau avatar image larry-lau AdrianHerdan-2746 ·

Hi Adrian,

Yes, I am able to set up ServiceNow Your Hub in MS Teams. The workaround is to use https:// instead of api:// in the Application ID URI

In the Edit a manifest file step, change the resource property to match your Application ID URI

"webApplicationInfo": {
"id": "xxxxxxx-xxx-xxx-xxx-xxx",
"resource": "https://{your-instance}.service-now.com/xxxxxxx-xxxx-xxxx-xxx-xxxxxxxxx"
},

In the Verify and update application registry values step, sure the Client ID field, change that to match your Application ID URI as well.

Then follow the rest of the installation instructions. That is.

0 Votes 0 ·

Hi Larry-lau

Edit manifest file, How to set the resource property in manifest file ? What I did is manually edited the XML file and loaded it in teams.. but am getting user not authorised error?

0 Votes 0 ·
RamaMohanaCharyAkavarapu-4424 avatar image
0 Votes"
RamaMohanaCharyAkavarapu-4424 answered ·

Hi @larry-lau,

Currently using Domain as *.azurewebsites.net is not supported. Could you please check this docs for more info. Also check the below screen shot.

68093-image.png



image.png (152.8 KiB)
· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I do understand that the azurewebsites.net domain is not supported. I thought I was very clear that my domain is {instance}.service-now.com. This is because service-now is a SaaS application. We are a customer of ServiceNow and we don't have control over the domain name here. I don't work for ServiceNow.

On the other hand, the second restriction seems relevant.

The instruction for setting up the integration for ITSM with Microsoft Teams is impossible to follow due to this restriction.

It seems overly restrictive since it doesn't consider the SaaS scenario where application is hosted on domain other than your AD tenant. It only accounts for enterprises registering their own app and has control over the domain name.


0 Votes 0 ·

Hi @larry-lau,

Could you please confirm whether you are trying to use application uri id some where else?

0 Votes 0 ·
AdrianHerdan-2746 avatar image
0 Votes"
AdrianHerdan-2746 answered ·

I am experiencing the exact same issue with a customer. We originally were able to set it up on our own tenant 3 weeks ago, then about 2 weeks ago we got the same issue when doing the setup for a customer, tried doing it again on our own instance and got the same error. Is there any solution for this?

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AdrianHerdan-2746 avatar image
0 Votes"
AdrianHerdan-2746 answered ·

Thank you Larry! Much appreciated! I was able to setup the HUB.

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Adrian

Could you please share the steps ? Am still getting an error “issue with authorising error” where and all do we need to change the URI ?

Thanks in advance
Kapil

0 Votes 0 ·

Hi Adrian

Could you please share the steps where do we need to update the resource ID in serviceNow , we are getting an error user authorisation fails..

Thanks in advance
Kapil

0 Votes 0 ·