Two Okta Tenants integrated with Servicenow only one default IDP

Prabu Velayutha · ‎07-24-2023

Hi Experts,

We have two OKTA tenants integrated with Servicenow.

Example Tenant A and Tenant B, these two have SSO enabled with Servicenow.

Instance URL: ABC.Servicenow.com

Okta tenant URL Tenant A: ABCTenant A .OKTA.com

Okta tenant URL Tenant B:ABCTenant B .OKTA.com

There only one default IDP for SSO, we have set Tenant A IDP profile has default IDP so when any user try to login with Service instance ABC.Servicenow.com it default redirects to ABCTenant A .OKTA.com if users from Tennent A are able to login since it is there default Okta landing page for TenantA.

For Tenant B users we suggested to login to ABCTenant B .OKTA.com and access Servicenow through the Servicenow icon on the landing page of applications.

We have got some concerns from Tenant B users for direct login with Servicenow URL like Tenant A instead of login through ABCTenant B .OKTA.com

I need suggestion on how to achieve this and share your experiences on how it was best handled.

Prabu Velayutha · ‎09-03-2023

We have identified two solutions to handle this

Solution 1: Disable the default IDP and add the update respective IDP Sys IDs on the user records so when they login they will be redirected to their respective IDPs

Solution 2: We got the direct OKTA URL for launching Servicenow application and we have planned to setup a URL redirect

URL: ABC-A.Servicenow.com - redirects to ABCTenantA .OKTA.com

URL: ABC-B.Servicenow.com - redirects to ABCTenantB .OKTA.com

We have preferred Solution 2 and implementing it.