Hello,

We have just purchased Servicenow and are about to set up the architecture.

The first things we are interested in are authentication/authorization.

As we don't have an IDP (Identity Provider), we are unable to produce SAML v2.0 token, so there is no way to implement SSO, do you Agree ?

If there is no way for SSO, then the second option is to use the corporate Active Directory for authentication via LDAPS : http://wiki.servicenow.com/index.php?title=LDAP_Integration

Please tell me if something is wrong in the following statements summarizing my understanding of Servicenow authentication/authorization mechanism.

• LDAP integration for authentication is possible through the MID Server, so no need to think to put the LDAP instance on the DMZ (http://wiki.servicenow.com/index.php?title=LDAP_Integration_via_MID_Server_Setup)
• The LDAP instance reside in the corporate Intranet (LAN) and we must set up a rooting rules form the MID Server (located in the DMZ), to the LDAP (port 636), in order to fulfill read-only operations.
• The users (some of their attributes), must be imported into Servicenow database, via LDAP, it is recommended to do a regular refresh for keeping information up to date.
• The authorization is managed at Servicenow level, and on Serviceow database, no way to manage authorizations based on LDAP groups located on the LDAP instance in the corporate LAN.
• The MID Server is the only spot exposed to the public network in the company, no need to open a VPN connection with Servicenow.

In which case we can be obliged to have a VPN connection with Servicenow ?

If you have any ideas or best practices regarding our need, please do not hesitate to give us details.

1. Regards.