- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2022 07:06 AM
Hi CSM experts
I am going to be rolling out ITSM and CSM shortly and wondered if there were any recommendations out there or potential issues to avoid regarding the rolling out of CSM after configuring ITSM. Also I am going to be implementing Single Sign-on for ITSM and for CSM and wondered if I could setup one IDP or need two?
Any recommendations are helpful
Cheers
Steve
Solved! Go to Solution.
- Labels:
-
Customer Service Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2022 07:16 AM
Hi SW,
CSM does support the SSO. You have to setup multiple SSO IDP providers in ServiceNow which are linking to your customer SSO identity providers. (it can be OKTA, Azure AD, GSuite etc...).
Once you done that, you need to consider following points:
1.Do NOT make any single idp record as Default (even your organisations idp). because a default IDP always redirects all users to that single SSO. We should avoid that as you have multiple IDPs.
2. Extend your login widget in portal (assuming Customer Portal is there), to make the login process as 2 step process
2.1: Prompt for only USER NAME when user/customer tries to login. Based on user name/email, the login widget server script should go and fetch the respective SSO url from IDP table. And redirect user to SSO.
2.2: For external users (users who don't have SSO setup - valid usecase some of the customers may not be with SSO). Here ask for Password if the server script does not return the SSO URL in step 1.
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2022 07:14 AM
Hello,
You can setup a second IDP if needed, but you'd need to edit the CSM portal login widget to point to the second IDP record if your customers are on a separate IDP.
Otherwise, they would self-register and login with a username/password locally within your instance.
For more information, I'd recommend reviewing the CSM documentation as well as reviewing Now Create and looking at implementation documentation for CSM as well.
And related to the individual who posted below: it's always respectful to simply point you to the link that contains the response, especially if you're going to copy/paste exactly what someone else has said. That conversation happened here: https://community.servicenow.com/community?id=community_question&sys_id=1cba0330db07d89411762183ca96...
Please mark reply as Helpful/Correct, if applicable. Thanks!
Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2022 07:22 AM
Hi,
I'm glad you found a correct answer that worked for you.
As I mentioned above, you may want to review the actual thread where the discussion took place that they then copy/pasted in their reply...to gain more context.
Take care!
Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2022 07:16 AM
Hi SW,
CSM does support the SSO. You have to setup multiple SSO IDP providers in ServiceNow which are linking to your customer SSO identity providers. (it can be OKTA, Azure AD, GSuite etc...).
Once you done that, you need to consider following points:
1.Do NOT make any single idp record as Default (even your organisations idp). because a default IDP always redirects all users to that single SSO. We should avoid that as you have multiple IDPs.
2. Extend your login widget in portal (assuming Customer Portal is there), to make the login process as 2 step process
2.1: Prompt for only USER NAME when user/customer tries to login. Based on user name/email, the login widget server script should go and fetch the respective SSO url from IDP table. And redirect user to SSO.
2.2: For external users (users who don't have SSO setup - valid usecase some of the customers may not be with SSO). Here ask for Password if the server script does not return the SSO URL in step 1.
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep