Getting error "Failed creating access request. Forbidden."

Hi All,

we are using ISC Catalog connector to integrate IDN and Service now.
we are getting this 403–Failed creating access request. Forbidden. error once the Request is approved in ServiceNow. It was working fine 4-5 days earlier.

Hi @kumarsh9742

Can you validate that the scope of the personal access token used for your integration hasn’t been changed since it stopped working?

Hi Sir,

i am new to IDN can you please help me what changes i should do for this or is there anything we should do in ServiceNow

Hi @kumarsh9742

On SNOW Catalogue Connector side, the configuration will have an option that configures the personal access token that allows it to integrate with IDN / ISC through its API. This Personal Access Token is created in IDN and granted permissions through scopes which is what the integration will be allowed to use.

Step One: Identify the Personal Access Token used for integration on SNOW side.

Step Two: Validate the scopes applied to the Personal Access Token on IDN side.

Selecting sp:scopes:all authorizes the personal access token to all scopes granted by the user’s assigned user levels. If a user creates a personal access token with this scope and is later granted another user level, their token will take on the updated permissions.

1 Like

Hi Irshaad,

we have followed the steps for the the Client Credentials .created new token with the sp:scopes:all but facing still the same error.

Hi ,

One test we did … when we create some test roles and request for then it is not giving this forbidden error . TEST means they have create some roles manually.

Hi @kumarsh9742,

Is it with some specific entity you are facing issue or is it for the entire case?

Also, if some part of flow is working then can you try using some third-party tool like postman to perform the operation and see if things are going through.

Thanks

Thanks

Hi @kumarsh9742

I have experienced 403 forbidden with client credentials. Using Personal Access Token solved for me. Ensure that besides granting the scope:all permission, the user has the admin org permission on ISC.

Hi @kumarsh9742

I have experienced 403 forbidden with client credentials. Using Personal Access Token solved for me. Ensure that besides granting the scope:all permission, the user has the admin org permission on ISC. If it works, then you can just create some IDN admin user representing the service, grant the org admin user level, and generate a PAT with scope:all.

1 Like

Hi @kumarsh9742 , As mentioned bu @jsosa , Check that the user that the PAT is created under has the org_admin role in IDN too. And try using PAT for the integration if possible.

HI Julian/Irshaad,
OK let me confirm my the configurations in Servicenow we have used client Credentials option and have used the Client ID and Client Secret.
They have generated the PAT as mentioned in the DOC.

@jsosa “Using Personal Access Token solved for me” —can you please help us with the steps to create this ?

Hi Hemanth, the PAT steps are the ones you just perform following the link you posted. Just ensure that the identity has the admin user level, going to identities, and then set user level. I am not sure if a lower level will work, but you can try as admin, and if it works test with some lower level.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.