How to log in with user to bypass sso - Account recovery - Rome

JohnDF · ‎02-25-2022

Hi All,

we use Rome and use Azure AD for SSO. We must configure an account recovery user. This step is necessary before enabling multiple-provider single sign-on on an Rome instance.

So when you go to xxx.service-now.com you are redirected to the AD logon screen where you enter network ID and PW and then passes your thru.

For our users that do not have accounts in AD (non-SSO users), they have to use a different URL to ensure they hit the SNOW logon screen and bypass the AD SSO screen. In the past it was the URL xxx.service-now.com/login.do

This worked fine in the past, but its no more working with account recovery on.

Any ideas are welcome and appreciated how we can login with user without ad account.

Thanks for your help.

Community Alums · ‎02-28-2022

Hi @JohnDF ,

What you need to do here is create a public page. Clone the login widget and change in the code so it doesn't redirect to the SSO. Then you can share that link to the no users. Depending on your infrastructure and how you want, you can do your own url or just give them a url like "https://YOUR_INSTANCE.service-now.com/sp?id=YOUR_PAGE

For the widget and without going through every line. I would say you want to remove this:

Might be more things to clean up like the external checkbox etc. but by removing that, it should work. Then you can trim it down.

Mark my answer correct & Helpful, if Applicable.

Thanks,

Sandeep

Clarkie1 · ‎08-30-2022

I just had this same issue, and it is somewhat related to ACR.

If you go to Multi-Provider SSO > Account Recovery > Account Recovery Context, you will see that there is an SSO policy there called "SSO - ACR Context"

This policy is blocking your local account logins, and the simple thing is to ensure that the "Default Policy" choice is "Allow Policy" (should be default) and the "Allow Policy" field is set to "Allow Access Policy". This will allow both SSO and local logins.