Can we use SSO if we already have a LDAP setup?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2017 01:12 AM
Hi all experts,
We are planning to implement Single Sing-on in our service-now instance. We had a LDAP set up from beginning for user authentication and data imports to user table from active directory. We want to use this LDAP set up for data imports and use SSO for user authentication. is this possible? Basically does it have any impact on existing LDAP if we use SSO?
There are multiple SSO techniques available from product document as follows:
- Unencrypted HTTP Header
- Digest Token Authentication
- SAML 1.1 Browser POST Profile
- SAML 2.0 Web Browser SSO Profile
- Stateless Open ID with signature verification
- Multiple Provider Single Sign-On
Which technique is suitible in this case? I'm expecting detailed reply with related links.
Thanks in advance.
Regards,
Souren
- Labels:
-
Instance Configuration
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2017 02:08 AM
Graeme,
I'm looking for a suggestion which service can be suitable with the above scenario.
Many Thanks.
Regards,
Souren
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2017 02:10 AM
Sorry, not what I meant. What SSO application are you planning to integrate with? e.g. ADFS or Okta, or something else?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2017 03:00 AM
Hi Graeme,
I misunderstood your question. It has not been decided yet. We don't have
any company owned SSO application. We might have to use external
application that you mentioned (ADFS, Okta). I need to go through both the
application set up once and get back to you.
Thanks,
Souren
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2017 03:13 AM
In that case, I'd definitely agree with charlotte, and their recommendation to start by looking at the Multi Provider SSO Plugin. It's easy to use and should integrate with most SSO providers.
It's definitely possible to use LDAP solely for data import, and once you decide on and configure an SSO solution, I don't see you hitting any issues in that regard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-30-2018 07:42 AM
Hi all.
I have another question but in the same area. we are using SAML 2.0 Single Sign-On through our provider OneLogin at the moment. Works fine. Although it does not update all fields we want such as "Company", "manager" etc. Does anyone run SAML login with OneLogin where this has been successfully implemented to autoupdate all user information from OneLogin? When using the field mapping assistant it doesnt show these fields unfortunately.
Another questions would be to activate LDAP on the side of the SAML setup. Would this affect the already existing user accounts or just be a complement if the username already exists?
Thanks a lot for your help.
