- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2017 07:49 AM
Our instance is using SSO LDAP. There are imports that pull the entire company's directory into sys_user. If the user does not have a specific role assigned to them, PA_user they cannot log in to ServiceNow.
Will someone help me find where that configuration is set?
I assumed it would be in the login script, but no luck there.
Solved! Go to Solution.
- Labels:
-
Instance Configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2017 05:44 AM
I ended up creating a HI ticket for support. Prasanna, from SN, found the custom script GroupBasedUserAuthenticationGate that check on a custom property instance.access.group which contained the group name being authenticated.
I have the customization documented now.
Thanks for you helpful suggestions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2017 11:57 AM
I checked all the transform maps. There are no references to any specific role or group. It does check for active and deactivate users. if they've been deactivated it will lock the account and take the active check away.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2017 11:59 AM
Then it must be happening during the authorization process in your ldap source (outside of ServiceNow). I would check there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2017 05:44 AM
I ended up creating a HI ticket for support. Prasanna, from SN, found the custom script GroupBasedUserAuthenticationGate that check on a custom property instance.access.group which contained the group name being authenticated.
I have the customization documented now.
Thanks for you helpful suggestions.
