Issue with AD Integration Synchronization - Help Needed

Community Alums
Not applicable

‎12-22-2023 04:42 AM - edited ‎12-26-2023 09:32 PM

Hi Connection,

 

We have a group BR_SG_S_NOW_AllUsers in which more than 3k user are active out of that only 460 user's not able to use ServiceNow. below is details and my analysis

 

My Analysis and AD Team

 

1. We has done some initial investigation, we need further information on the error logs from Azure. The provisioning happens from Azure AD -> ServiceNow, we don't have access to Azure to look at the logs why they are failing. Need help from Azure team.

 

2. 

We could see that provisioning for the same group and user from the same BU has been provisioned into ServiceNow today itself which points us the the following
1. Users for who provisioning is not happening might be setup in Azure AD incorrectly.
2. We could check from the logs some users have been skipped. It need to be checked on Azure AD why that has happened.
3.This might be a provisioning channel issue as well where some packet has been lost.

The configuration for the connection between Azure Ad and ServiceNow totally lies on AD end. ServiceNow team doesn't have visibility or control on the provisioning channel.

 

3

1. The provisioning is working fine from Azur AD to Service Now application.
2. The reason - "Skipped" in the provisioning logs indicates that the user was already provisioned successfully before and that's the reason it gets skipped when tried to provision again. PFA screenshot for the same.
3. From the attached list - "Users ServiceNow" containing 459 users, we have checked and all those users are reflecting in the group - "BR_SG_S_NOW_AllUsers" except one user - "j**ia.c****go@sup*****.com.**" so this cannot be a sync issue.
4. If it is an issue from the sync then it should affect all the users present in the group "BR_SG_S_NOW_AllUsers" which is around 5445.

Note: - Please check from your end once because sync is working fine between AD  Azure AD & Azure AD  Service Now and all users are successfully provisioned to the Service Now application.

 

4

Sync is working fine from our end. But for some users provisioning is not happening.
Please remove users in the attached file from the group "BR_SG_S_NOW_AllUsers" and add these users again to this group after an hour of removing so that they can get the access. User list is attached to the incident.
Note that we need to wait 1 hour before adding them back to the group.

 

Rafmine_0-1703247865382.png

 

Rafmine_1-1703248189664.png

 
 

 

Rafmine_5-1703248305207.png

 

Rafmine_6-1703248429396.png

 

Rafmine_8-1703248520111.png

 

 

 

Still users not able to user ServiceNow... Appreciate any help.

 

Best Regards,

Rafmine

 

 

 

 

0 Helpfuls
  • 847 Views
3 REPLIES 3

AnveshKumar M
Tera Sage
Tera Sage

‎12-24-2023 06:56 PM

Hi @Community Alums 

You already made good investigation.

 

I acn suggest that, The user records who doesn't have objectGUID, you can get them from AD as an export and import them in to ServiceNow using a transform, this way you can fix all the users with that issue at a time.

 

Thanks,
Anvesh
0 Helpfuls

Community Alums
Not applicable
In response to AnveshKumar M

‎12-26-2023 12:40 PM

Hi Anvesh,

 

 

 


Thank you for taking time answering my post, Import option is not recommended in our project. User's can ONLY able to login to Self Service Portal but not to the Instance. Can any one tell me what causing the issue and to treble shoot issue, or any check points steps if any.

 

Rafmine_1-1703623000096.png

 

 

 

also what is the difference between Single Sign-On Script MultiSSO_SAML2_Update1 and  MultiSSOv2_SAML2_custom

 

Rafmine_2-1703623101311.png

 

and 

 

Rafmine_3-1703623168429.png

 

appreciate any help.. Thanks in advance.

 

Best Regards,

Rafmine.

 

0 Helpfuls

ManeeshaD
Tera Contributor
In response to Community Alums

‎12-02-2024 09:37 AM

Did your issue got resolved? We are Having the same issue

 

Thank you

0 Helpfuls