Determine which SSO to use based on URL?

MG Casey · ‎04-15-2016

My instance is using the Multi-Provider SSO plugin. The majority of our users are defaulted to our company SSO. This Identity Provider is also set as the default provider in our instance.

However, we have 1 ESS site (we also have multiple ESS websites too) that requires a different SSO.

How can I make ServiceNow check the URL to see if it contains the ESS suffix, and then redirect the user to the correct SSO?

For example, a customer has a link to a specific page on our affected ESS website. If the customer has never accessed our site before, they'll be incorrectly sent to our default SSO.

ian_cox · ‎04-15-2016

Try this article.

External Authentication (Single Sign-On - SSO) - ServiceNow Wiki

MG Casey · ‎04-16-2016

All of the actions available in the article seem to be more on the global level for my instance.

What could I do to affect just one of our ESS sites? Can a global UI Script run before getting automatically sent to our default SSO?

jeremy_gardner · ‎04-30-2016

Also interested in this. You can force SSO for the CMS sites by marking the view_content page public=false (via sys_public table), however that seems to apply to all CMS sites unilaterally. It doesn't allow for having certain CMS sites use SSO and others use local SN access.

Was also wondering if a global UI script on a CMS site/set of pages could detect if user was logged in, and if not forward to SSO IdP. Looks like we'd need to build the unique token that gets passed to the IdP, perhaps there's something in the SAML Login Scripts that we could leverage?

Thanks,
Jeremy