Configuring SAML SSO for ServiceNow

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and ServiceNow.

Prerequisite

1. Log in to ADSelfService Plus as an administrator.
2. Navigate to  Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select app_name from the applications displayed.
   Note: You can also find app_name application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
3. Locate and click on ServiceNow in the list of applications provided.
4. Click Download SSO Certificate link in the top-right corner of the screen.
5. In the pop-up that appears, click Download metadata file and save the XML file. Open the file in a text editor and copy its content.

ServiceNow (Service Provider) configuration steps

1. Now, Login to ServiceNow portal with an administrator’s credentials.

2. Navigate to Manage → Instance.

   

3. In the My Instance page, click on the instance URL. Also, note down this value. We will need it while configuring ServiceNow with ADSelfService Plus.

   

4. In the left pane, navigate to Multi-Provider SSO → Identity Providers and then click New.
   Note: If Multi-Provider SSO plugin is activated in your instance, Please follow this
   steps
   

   

5. In the What kind of SSO are you trying to create? section, select SAML

   

6. In the Import Identity Provider Metadata pop up that appears, select XML and paste the XML file content you had copied in Step 5 of Prerequisite.

   

7. Click Import.

   

8. All the required fields will be auto-filled. Scroll down and click Advanced tab. Make sure in the User Field, the value “email” is entered.

   

9. Click Test Connection. You will be asked to log in to ADSelfService Plus.
10. One the connection is successful, click Activate.

11. Now click on the Additional Actions icon at the topnear the identity provider and select Copy sys_id. Paste the value in a note and keep it safe.

    

12. In the left pane, navigate to Multi-Provider SSO → Administration → Properties.
13. Make sure that Enable multiple provider SSO in enabled.

14. In the field for user identification, change ‘user_name’ to email as the value.

    

15. Click Save.

16. In the left pane, navigate to User Administration → Users.

    

17. Select a user for whom you want to enable SSO and click his/her username.

18. Now click the Additional Actions icon and select Configure → Form Design.

    

19. Drag and drop the SSO source field from the left pane into the user’s form and click Save.

    

20. Close the form design tab and go back to the user configuration page. You can notice the SSO source field added to the user’s form

21. In the SSO source field, paste the sys_id you had copied in Step 11. Append “sso:” before the sys_id value.

    

22. Click Update.
23. Repeat steps 17-22 for other users to whom you want to enable SSO.

ADSelfService Plus (Identity Provider) configuration steps

1. Now, switch to ADSelfService Plus’ ServiceNow configuration page.
2. In the Domain Name field, enter the domain name of your email address. For example, if you use johndoe@thinktodaytech.com to log in to ServiceNow, then thinktodaytech.com is the domain name.
3. In the SAML Redirect URL field, enter the value you copied in Step 3 of ServiceNow configuration.
4. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application

5. Click Add Application

   .

   Your users should now be able to sign in to ServiceNow through ADSelfService Plus.

Note: For ServiceNow, both SP and IDP initiated flows are supported.