We implemented ServiceNow with Azure AD SSO, for production, test and dev instances. There are separate Azure enterprise applications for each of the three ServiceNow instances. When we cloned the sub environments from prod, the sync from Azure to our sub environments stopped. We notice:
- There is one X.509 certificate for the Azure SSO in production, using an Azure AD Prod user.
- There are two X.509 certificates for the Azure SSO in each of the dev and test environments; one references the Azure AD Prod user and one references a sys ID of a user not found.
- The PEM certificate on all sub environment X.509 Azure SSO certificates match the PEM certificate of the production.
- The identity provider record in each of dev and test environments relates to the X.509 certificate that references the sys ID of a user not found.
- The identify provider URL on the identify provider records on each of the dev and test environments match the identity provider URL of production.
This setup was done between our 3rd party implementer and our IT team, but initial assumption is that we must update our ServiceNow dev and test environments' X.509 certificates and identify provider data, to that of the Azure enterprise applications for dev and test.
Does this sound like the correct direction to head?
