Service Portal SSO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2017 02:46 PM
Hello,
We have SSO setup on our instance wherein if a user is logged on to the computer with their Active Directory (AD) account, they are automatically authenticated when accessing ServiceNow.
We didn't turn on SSO for the Service Portal because some of our users do not have an Active Directory account, therefore, anyone accessing the Service Portal sees the login page.
Is it possible to have SSO turned on for the Service Portal only for those who are logged on to the PC with their AD account? We have some computers that use generic AD accounts that don't match up with a user in ServiceNow, so if someone tries to access the Service Portal on those PCs, they should get the login page.
Any recommendations?
Thanks,
Maria
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2017 05:12 AM
Hello Maria,
What do you mean with "We didn't turn on SSO for the Service Portal"?
SSO (Single Sign On) would be honored for everyone, every user!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2017 06:22 AM
Hi Stefan,
Anytime a user accesses the URL for our Service Portal (https://......service-now.com/sp), they get a login screen.
If users access https://.......service-now.com, they get automatically authenticated using SSO.
Maria
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2018 07:16 AM
Two changes to implement SSO(Single sign-on) in Service Portal:
1)Changed "$sp" page to inactive in "sys_public" table.
2)Review your SPEntryPage script, in line 69 of the Script Include record, there is a condition that looks for a user role as a control. On a base system you will see the following code defined:
if (user.hasRoles() && !redirectURL && !isServicePortalURL)
The above code snippet is problematic as there is no variable user defined in SPEntryPage record. The condition will therefore never trigger. Service Now is well aware of this issue and will be addressing it in later releases of Helsinki and Istanbul.
This issue can be corrected by updating the Script Include from line 60 - 70 with the following code:
getFirstPageURL: function() {
var session = gs.getSession();
this.logProperties('before', session);
var check = session.getRoles();
// has roles and is not a Service Portal page - go to UI16
var nt = session.getProperty("nav_to");
var isServicePortalURL = new GlideSPScriptable().isServicePortalURL(nt);
var redirectURL = session.getProperty("login_redirect");
if (check && !redirectURL && !isServicePortalURL)
return;
