How Do I Always Redirect Vendor Contact Users to Their Portal (vdp or svdp)?

apjohn2 · ‎06-03-2024

Hello! Hoping someone here can help.

Preface: I am aware of and utilizing features outlined in KB0746730 for redirecting users to the Service Portal if they don't have specific roles assigned, e.g., the SPEntryPage() Script Include (SI) and the System Properties glide.entry.page.script and glide.entry.first.page.script.

What I need to do is make sure that Vendor Contact users (who all have the role snc_external) are always redirected to their portal (vdp or svdp, either one), so that they cannot access Service Portal or Next UI.

In that SPEntryPage SI is a line (according to the KB article linked above) that we can modify so that users w/ specific roles will not be redirected to Service Portal. Currently ours is configured like this (we have both ITSM and ITBM role users who need to hit Next UI):

if((user.hasRole("itil") || user.hasRole("scrum_user") || user.hasRole("it_project_user")) && !redirectURL && !isServicePortalURL)

With that configuration, when I impersonate a Vendor Contact user, I get redirected to our Service Portal, which is bad.

However, if I add another or condition of user.hasRole("snc_external"), then impersonate a Vendor Contact, I don't get redirected to the Service Portal (good), but I do land in the platform (Next) UI instead, which is maybe not bad, but it's not great either.

What should happen if I'm a Vendor Contact (i.e., a user w/ snc_external role assigned) is I should always get redirected to either the vdp portal or its secure counterpart the svdp portal.

Any help with this would be massively appreciated. Thank you in advance!

Community Alums · ‎06-04-2024

Hi @apjohn2 ,

I think you might require to create a client script (UI Script)

System UI -> UI Scripts, Click new

Global: true

function portal_redirect() {
    var location = window.top.location.toString();
    if (window.top.g_user && window.top.g_user.hasRole('snc_external')) {
        if (location.indexOf("/sp") >= 0 || location.indexOf("/navpage.do") >= 0) {
            window.top.location = "/svdp"; // or '/vdp' for the vendor portal
        }
    }
}

portal_redirect();

Hope this works for you.

Reference - https://www.servicenow.com/community/developer-forum/how-to-avoid-home-do-or-redirect-to-service-por...

If my response has resolved your query, please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!

Thanks & Regards,

Sanjay Kumar

View solution in original post

Community Alums · ‎06-03-2024

Hi @apjohn2 ,

Have you tried something like this- In the Script Include SPEntryPage Try updating the below code

    getFirstPageURL: function() {
        var session = gs.getSession();
        this.logProperties('before', session);

        // Check for snc_external role and redirect to vdp or svdp portal
        if (user.hasRole('snc_external')) {
            return '/vdp'; // or '/svdp' for secure portal
        }

Put all other redirection code after this. It will ensure to check the external user in the first place.

If my response has resolved your query, please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!

Thanks & Regards,

Sanjay Kumar

apjohn2 · ‎06-04-2024

Hi @Community Alums. Thank you so much. Your solution worked, in a way. Before I mark anything as the solution, I need to ask a follow-up question.

When impersonating an external user, I am able to bypass the redirect by replacing '/svdp' in the browser address line (URL) with '/sp'.

Can you advise on how to avoid that loophole?

As to your previous reply (thank you again!), I had to change it slightly.

While testing, my own user (which has 'admin' role, but not 'snc_external' role) was instantly redirected to the /svdp page. If I removed everything after '.com/' and hit Enter, it would redirect me back to '/svdp'. (I suspect this has something to do w/ the fact that 'admin' role essentially (if not explicitly) contains all other roles.)

I decided to reverse the logic, i.e., if the user does not have snc_internal role, send them to the svdp portal. That fixed my own redirection issue, and seems to work fine while impersonating an external user. Here's the modification to your suggested code:

    getFirstPageURL: function() {
        var session = gs.getSession();
        this.logProperties('before', session);

		// check for snc_external and redirect to secure vendor portal 'svdp'
		if (!user.hasRole('snc_internal')) {
			return '/svdp';
		}

Thank you once again!

Community Alums · ‎06-04-2024

Hi @apjohn2 ,

I think you might require to create a client script (UI Script)

System UI -> UI Scripts, Click new

Global: true

function portal_redirect() {
    var location = window.top.location.toString();
    if (window.top.g_user && window.top.g_user.hasRole('snc_external')) {
        if (location.indexOf("/sp") >= 0 || location.indexOf("/navpage.do") >= 0) {
            window.top.location = "/svdp"; // or '/vdp' for the vendor portal
        }
    }
}

portal_redirect();

Hope this works for you.

Reference - https://www.servicenow.com/community/developer-forum/how-to-avoid-home-do-or-redirect-to-service-por...

If my response has resolved your query, please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!

Thanks & Regards,

Sanjay Kumar