Two Okta Tenants integrated with Servicenow only one default IDP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2023 05:17 AM
Hi Experts,
We have two OKTA tenants integrated with Servicenow.
Example Tenant A and Tenant B, these two have SSO enabled with Servicenow.
Instance URL: ABC.Servicenow.com
Okta tenant URL Tenant A: ABCTenant A .OKTA.com
Okta tenant URL Tenant B:ABCTenant B .OKTA.com
There only one default IDP for SSO, we have set Tenant A IDP profile has default IDP so when any user try to login with Service instance ABC.Servicenow.com it default redirects to ABCTenant A .OKTA.com if users from Tennent A are able to login since it is there default Okta landing page for TenantA.
For Tenant B users we suggested to login to ABCTenant B .OKTA.com and access Servicenow through the Servicenow icon on the landing page of applications.
We have got some concerns from Tenant B users for direct login with Servicenow URL like Tenant A instead of login through ABCTenant B .OKTA.com
I need suggestion on how to achieve this and share your experiences on how it was best handled.
- Labels:
-
Architect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2023 06:22 AM
We have identified two solutions to handle this
Solution 1: Disable the default IDP and add the update respective IDP Sys IDs on the user records so when they login they will be redirected to their respective IDPs
Solution 2: We got the direct OKTA URL for launching Servicenow application and we have planned to setup a URL redirect
URL: ABC-A.Servicenow.com - redirects to ABCTenantA .OKTA.com
URL: ABC-B.Servicenow.com - redirects to ABCTenantB .OKTA.com
We have preferred Solution 2 and implementing it.
