App Engine form not accessible to public/external users outside the network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Requirement: Create a form that will be accessible to public/external users outside the network.
We built the form in App engine (AES) which allows unauthenticated users to access it without logging into ServiceNow. This form works great in our DEV and Sandbox instances where users can access the form from a link without authenticating to ServiceNow.
When I move the build to our TEST instance for QA, it is prompting users to authenticate to our network. The difference in the instances is that both DEV and Sandbox uses SN authentication while TEST and PROD uses MHS azure SSO authentication.
Could the issue in TEST be Azure SSO?
I think the moment a request/call is made to https://xyztest.service-now.com it redirects the user to Azure SSO before even getting to ServiceNow.
If my deduction is correct, how can I get around this? Will I need to configure Azure to exclude this URL?
Thanks
Garfield
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
Hi @GChanner ,
Yes, your deduction is correct. In TEST/PROD, Azure SSO is enforcing authentication at the instance level, so the request is redirected to Azure AD before ServiceNow can allow anonymous access to your App Engine form.
To resolve this, you’ll need to bypass SSO for the public form URL and ensure the page is configured for anonymous access in ServiceNow.
Step-by-Step Solution
Step 1: Identify the Public Form URL
Example:
https://xyztest.service-now.com/sp?id=<your_page>This is the URL that should be accessible without login
Step 2: Configure Azure SSO Exclusion
In Azure AD:
Go to Azure Active Directory
Navigate to Enterprise Applications
Select your ServiceNow application
Open Single Sign-On / Conditional Access
Create or modify a policy to:
Exclude the public form URL
Or allow unauthenticated access for that endpoint
Depending on setup, this may involve:
Conditional Access Policy (Exclude URL / App)
Custom routing rules
Allow anonymous access for specific paths
Step 3: Enable Public Access in ServiceNow
Go to Service Portal → Pages
Open your page
Ensure:
Public = true
Check widgets used on the page:
Ensure they allow access to:
publicsnc_external
Step 4: Test Access
Open the URL in:
Incognito / Private browser
Verify:
It does NOT redirect to Azure login
Form loads directly
