We are currently experiencing intermittent login issues on Community.  The team is actively working on a fix.

Key to successful cloning of instances with SSO?

Hangmanmio
Tera Contributor

‎10-02-2025 05:07 AM

Hi everyone,

I need your advice, as I struggle with cloning Full PROD over SSO/MFA enabled TEST instance for my customer. 

I've read a lot of materials, KB articles and official documentation, but it still does not manage to retain multi-factor authentication working on the target, resulting in such messages: 

Hangmanmio_0-1759406064888.png

I used the following documentation as reference: 

Based on these, I have modified my Profile's list of Preserves and Excludes (I can paste both in a comment later). However, I do not know if this list if comprehensive. I also could not find any recommendation regarding the cleanup scripts, so I included them all.

In any case, I do have a number of questions:

  • Should I preserve sys_user and related table - partially (maybe keep an admin user) or all?
  • What tables should I include as Preserves and Excludes?
  • What clean-up scripts shall I include in the profile? 
  • Do you have an experience with cloning over a SSO enabled instance? What was your approach?

Thank you all in advance for the support! 

 

0 Helpfuls
  • 1,111 Views
9 REPLIES 9

Brian Lancaster
Kilo Patron
In response to Hangmanmio

‎10-03-2025 12:44 PM

It should copy the out of the box items. So yes just make sure the tables are in your clone profile.

Hangmanmio
Tera Contributor
In response to Brian Lancaster

‎10-05-2025 06:33 AM

Thanks! I will try it tomorrow and will let you know if that resolved my problem. 

0 Helpfuls

Brian Lancaster
Kilo Patron
In response to Hangmanmio

‎10-08-2025 04:55 PM

Where you able to get this working? Please mark the answer(s) as correct if they fixed your issue.

0 Helpfuls

kaushal_snow
Giga Sage

‎10-02-2025 09:09 AM

@Hangmanmio ,

 

When cloning a ServiceNow instance with SSO and Multi Factor Authentication enabled, it's crucial to configure the clone profile to preserve and exclude specific tables to ensure that SSO and MFA settings are maintained correctly on the target instance. According to ServiceNow documentation, you should preserve the sys_user table to retain user records, and exclude the user_multifactor_auth table to prevent issues with MFA configurations post clone. Additionally, it's recommended to exclude the saml2_update1_properties table to avoid conflicts with SAML configurations. ServiceNow also advises including cleanup scripts in the clone profile to address any residual configurations that might interfere with the new instance settings...

 

check this: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0657100

 

If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.

 

Thanks and Regards,
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/

Hangmanmio
Tera Contributor
In response to kaushal_snow

‎10-02-2025 09:25 AM

Hi Kaushal, 

I followed the instructions in the same KB, the only difference is that I did not preserve the entire sys_user table. Maybe I should have.

If I do preserve the whole sys_user tables, should I also preserve: 

sys_user
sys_user_role
sys_user_group
sys_user_grmember
sys_user_has_role
sys_group_has_role
sys_user_role_contains?

Thanks & Regards,

M. 

0 Helpfuls