Redirect to other instance url by automatic authentication with given credentials

Go to solution
Muhammad Salar
Giga Sage

3 weeks ago

Hello All,

In the source instance, there is a button that opens an article in the target instance when clicked, but it requires authentication.

Is there any workaround that would allow automatic login using the provided target instance credentials, or any other approach so that users do not need to enter credentials manually?

Note: The users in the source and target instances are different.

0 Helpfuls
  • 1,734 Views
1 ACCEPTED SOLUTION

Go to solution
Naveen20
ServiceNow Employee

3 weeks ago

There is no supported way to embed credentials in a URL to auto-login a user into another ServiceNow instance — it is explicitly a security anti-pattern and the platform does not provide this. Since the user accounts differ between instances, SSO alone will not transparently authenticate them either.

Practical options:

1. Make the article public on the target — set the knowledge base's "Can Read" user criteria to allow Public, and ensure the article does not require login. Simplest if the content is not sensitive.
2. SSO with provisioned users — configure both instances against the same IdP (SAML 2.0 / OIDC) and provision matching users in the target. The user will SSO into the target on click.
3. Server-side fetch — from the source, call the target's Knowledge REST API (/api/sn_km_api/knowledge/articles/{sys_id}) using OAuth or a service account, and render the article inside the source instance. No user redirect, no manual login.

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Muhammad Salar
Giga Sage

3 weeks ago

@Ankur Bawiskar  any suggestions??

 

0 Helpfuls

Go to solution
Naveen20
ServiceNow Employee

3 weeks ago

There is no supported way to embed credentials in a URL to auto-login a user into another ServiceNow instance — it is explicitly a security anti-pattern and the platform does not provide this. Since the user accounts differ between instances, SSO alone will not transparently authenticate them either.

Practical options:

1. Make the article public on the target — set the knowledge base's "Can Read" user criteria to allow Public, and ensure the article does not require login. Simplest if the content is not sensitive.
2. SSO with provisioned users — configure both instances against the same IdP (SAML 2.0 / OIDC) and provision matching users in the target. The user will SSO into the target on click.
3. Server-side fetch — from the source, call the target's Knowledge REST API (/api/sn_km_api/knowledge/articles/{sys_id}) using OAuth or a service account, and render the article inside the source instance. No user redirect, no manual login.

0 Helpfuls

Go to solution
Tanushree Maiti
Tera Patron

3 weeks ago

Hi @Muhammad Salar 

 

Automatically logging in by embedding target instance credentials in a UI action URL is highly discouraged and is often disabled by default due to significant security risks, including credential exposure and harvesting.

For security hardening, ServiceNow instances generally prevent direct URL-based authentication methods such as login.do? parameters.

When automation without SSO is required, the recommended approach is to use secure authentication mechanisms like OAuth 2.0 or API keys , which allow token-based authentication instead of transmitting plaintext credentials.

 

Refer ServiceNow Documentation: Authentication 

 

 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls