Seeking Advice: ServiceNow External User Self-Registration Plugin in an SSO Environment

Ashwani Arya2 · ‎12-28-2023

Hello ServiceNow Community,

Our organization utilizes an SSO setup for accessing ServiceNow, and I am exploring options to allow external users access to our new vendor registration process utilizing ServiceNow External User Self-Registration plugin, I am unsure how this operates within an SSO-required environment.

Q1: Does the ServiceNow External User Self-Registration plugin support user registration when SSO is mandatory for accessing ServiceNow?

Q2: Are there any configurations or additional steps recommended to enable external users to register themselves as vendors despite the SSO requirements within ServiceNow?
Q3: Alternatively, are there workarounds or methods within ServiceNow that allow for user registration specific to certain functionalities, such as vendor registration, within an SSO setup?

We aim to create a new vendor registration process in ServiceNow (webform) and after approval create them as external users similar to what ServiceNow External User Self-Registration plugin does. Any insights, recommendations, or experiences shared regarding user registration in an SSO-enabled ServiceNow environment would be greatly appreciated.

Best regards,
Ashwani

-O- · ‎12-29-2023

Do you mean to say you want to create the external user accounts so that they can authenticate using SSO?

Ashwani Arya2 · ‎12-31-2023

Hi,

Yes the goal is to grant access to these external users to some applications but after approval. We are looking to create an interface where they can fill the form (a web form on ServiceNow for external users so that they can access the form without SSO), someone approves the requests and then after approval our IAM tool to provision the account and assign role.

-O- · ‎01-01-2024

This will be tricky and most likely will require custom configuration.

ServiceNow does come with a plugin that allows self registration and user (better said consumer user) registration.

But those are local user - maintained in ServiceNow, with no connection to any SSO and as such with no possibility to log in using SSO.

But you could use it as a starting point to a solution where instead of a user registration a user on-boarding process is triggered.

Thus activating External Self Registration - as far as I can tell - would provide no benefit.

Also because you hint at vendors needing registration, but the external self registration plugin OOB creates consumer users.

A different paradigm as consumers are more like clients, not vendors.

One solution might be to create a custom scope/application consisting of a portal page with needed widget where vendors could be redirected, similar to the OOB plugin, where with help of a pre-shared key and CAPTCHA vendors would self register, which would create a record in a request table, which would trigger a flow that sent a verification mail to the registered email, upon verification completion would trigger approval and finally would trigger user on-boarding in the IAM tool (which should create the user, assign minimal initial roles and would somehow let the user know an initial password and a mechanism to reset it).

Of course this user would be "picked up" by regular IAM (user and group/role) synchronization and a SSO user would be created in SN allowing vendors to log in using regular SSO.

On 1st thought.

ersureshbe · ‎12-29-2023

Hi, Im trying to understand the external user's data source. If the external users are coming from Azure or Other source then SSO configuration support and help.

For some reason, external users are created from ServiceNow catalogues, Emails or Manually created then you should do the customization. In the SSO config page itself you have an option to create a custom code and configure.

Regards,
Suresh.