Logon when ADFS SSO is down

kurt9 · ‎04-22-2015

When ADFS SSO is down, I believe that logging into the public internet will no longer work either as the log-in page for the public internet is present by ADFS and authenticated by ADFS. So, what is necessary to provide a work around if ADFS goes down completely? I think one answer would be to allow local log-on for admins and perhaps ITIL users. It looks as though this would require maintaining a local database for those users. Am I correct about this approach? Has anyone come up with a better way to handle this? Perhaps having the service desk use email tickets in order to reduce the the size of the local database that one has to maintain down to just Resolver groups and admins? I'd like to hear how others have approached this mitigation.

Shawn Dowler · ‎05-05-2015

We probably are using two licenses, but considering that we only have three users with admin accounts, the cost is negligible.

kurt9 · ‎04-27-2015

Is there a way to maintain local login for a select group of users, or a class, like ITIL users, as a work around if ADFS is down?

Shawn Dowler · ‎04-27-2015

You could do this, but you would, again, have to populate their user records with passwords in ServiceNow and instruct them to user side_door.do to log in. Getting the passwords populated would be the hardest part, depending on how they are stored currently. If you did it right, you can't get the plain-text password again.

If this is for a subset of users, you might instruct them to fill out the password on the user form themselves if they want to be able to log in without using SSO.