SSO Auth Options - Insight Needed

Zack Zap · ‎04-20-2025

Hello, good day! I'm keen to understand how to configure this kind of set-up as I'm still grasping the concepts of ServiceNow's SSO:

If a user is part of an SSO group,

-allow login with username & password

If not part of group,

-need to login via provider

We found this OOB auth policy context called "SSO - ACR Context" and we thought changing the Policy Condition: "Allow Non Local Login Users" to

would allow this to take effect. Am I missing a config somewhere?

Also checked the documentation for reference but I'm still quite confused:

https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/single-sign-on/...

Your help and insight would be appreciated. Thanks!

Shree_G · ‎04-20-2025

Hello @Zack Zap ,

If SSO is configured successfully, you can set\create the property "glide.sso.acr.enabled" as "false". Then users can login with local login as well. Reference KB:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0997746

If this solution helped resolve your issue, please consider marking it as helpful or correct.
This will assist others in finding the solution faster and close the thread.

Zack Zap · ‎04-23-2025

Hi @Shree_G ,

Thank you for the reply! I'm not too comfortable deactivating this system property due to the security implications, unfortunately. Also, this may not cover the:
"If a user is part of an SSO group,

-allow login with username & password

If not part of group,

-need to login via provider"
part of the requirement. Thank you nonetheless. 🙂