issue with SSO user on ServiceNow

Snehal13
Kilo Sage

‎01-17-2024 02:56 AM - edited ‎01-17-2024 02:57 AM

I have set up an Azure AD integration with ServiceNow. So one AD acount and under that AD account, created a group and created a test user. main AD account and Test user under the group have different IDs, email.

 

Through user provisioning, I am able to get both users into ServiceNow from Azure AD.

 

When I try to login through SSO with main AD account, it works

When I try to login through SSO with test account created under the group of main account, it fails and logout immediately landing on logout page.

 

User profiles in ServiceNow are active, each user record in ServiceNow is different based on email id and UserID, SSO profile have defined username field which is rightly mapped to user record being used.

 

What is going wrong here ?

 

0 Helpfuls
  • 1,002 Views
3 REPLIES 3

Dr Atul G- LNG
Tera Patron
Tera Patron

‎01-17-2024 03:39 AM

Hi @Snehal13 

 

https://www.servicenow.com/community/developer-articles/servicenow-sso-logout-error-redirects-to-log...

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0727658

 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

Service_RNow
Mega Sage

‎01-17-2024 04:04 AM

Hi @Snehal13 

Plz check this solution this Article with step by step.

How to: Implement Azure AD SSO with ServiceNow 

 

Please mark reply as Helpful/Correct, if applicable. Thanks!

0 Helpfuls

Pavel _ulek
Tera Contributor

‎02-01-2024 02:32 AM

I know where is the problem , 

 

user_name mismatches on Azure vs ServiceNow , 

thats why email is better solution 🙂 ,

1) in IDP in advanced tab , user_field = email - save
2) Multi-provider SSO -> Administration -> properties - in that last line should be email as well - save
3) Ensure you have users in ServiceNow with exatct same email which is in Azure (User principal name) in main tab of some user - thats the email which needs to be assigned to user's email in SN

then logout successful page shout be out and you should be in with both accounts - if emails are correct 😉 
no SSO source needed, no roles, nothing... 

0 Helpfuls