CSM Contacts to authenticate through corporate SSO

Lemajeur
Mega Expert

‎09-02-2020 01:58 AM

Hello,

We are about to configure our CSM module so that our customers can as well log in using our company SSO, howver they will have emails that are not our company's, has someone done this and would like to point me to a material that describes how to achieve it or give what we should consider? 

Thanks

  • 2,505 Views
4 REPLIES 4

FUMIO T
Tera Contributor

‎04-08-2021 09:43 PM

I have the same requirement to manage the customer account by the company IdP(Open ID Connect/OIDC supported). From the version Paris, SN start support OIDC, but it seems only for local account.

Customer (customer_contact table) uses the several portal site of our company, so they want to use SSO for manage their account ID and credential information (name, email, password, mailing address, corporate/department etc.). 

My question to HI support is replied back and they does not support SSO for CSM.

So I will issue the idea to support the SSO login for customer (customer_contact), not consumer or service portal sys_user.

 

 

0 Helpfuls

Poorna Kola
Tera Guru
In response to FUMIO T

‎04-10-2021 11:11 AM

CSM does support the SSO. You have to setup multiple SSO IDP providers in ServiceNow which are linking to your customer SSO identity providers. (it can be OKTA, Azure AD, GSuite etc...).

Once you done that, you need to consider following points:

1.Do NOT make any single idp record as Default (even your organisations idp). because a default IDP always redirects all users to that single SSO. We should avoid that as you have multiple IDPs.

2. Extend your login widget in portal (assuming Customer Portal is there), to make the login process as 2 step process

2.1: Prompt for only USER NAME when user/customer tries to login. Based on user name/email, the login widget server script should go and fetch the respective SSO url from IDP table. And redirect user to SSO.

2.2: For external users (users who don't have SSO setup - valid usecase some of the customers may not be with SSO). Here ask for Password if the server script does not return the SSO URL in step 1.

 

This needs a good customisation on the login process and widget. Let me know if you need more details.

FUMIO T
Tera Contributor
In response to Poorna Kola

‎04-12-2021 03:26 AM

Hello, Poorna,

Thank you for your reply and useful information.

Today, SN Hi support on my case issue has confirm the CSM customer_contact support multiple SSO login as you replied back.

We have existing SAML IdP login for the company employee users. The enterprise customer will move to use the Open ID Connect(OIDC) Idp soon. I will do the test new OIDC IdP according to your advice.

Best regards,

 

 

 

0 Helpfuls

Dorothy
Tera Contributor

‎04-22-2022 04:24 AM

Might i ask if these external customers, since they are logged in via SSO, will they sit in sys_user table ?

0 Helpfuls