SNOW integration with Active Directory for Authentication- Help Needed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-29-2018 02:13 AM
Hi All,
We need to achieve below 2 use cases. (SNOW - JAKARTA PATCH 4)
(1) populate USER table for SNOW with Active Directory (AD) people data.
(2) Authenticate users of SNOW using Active Directory User ID and Password.
First we achieved with the help of a Mid Server . We are able to pull people data from AD and pushed to SNOW User table . This is working fine. (using LDAP on 389 with Mid Server).
Now I am working on authentication of users using Active Directory Credentials. - I read that mid server do not support AD authentication. So please suggest how to achieve?
In my thought
(1) Do we have to configure a LDAPS (with certificate) server on SNOW and open port 689 on firewall?
(2) Expose/ Create new AD server in DMZ and use that for authentication?
(3) Or i am missing any trick here? Also tried making source=ldap in user table and tested with some profile but AD authentication not worked.
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-29-2018 03:06 AM
LDAPS must be the way out .. haven't yet tried this though ..
You Don't Need a VPN Pt I - LDAP Integrations, User Data Imports & the MID Server solution
You Don't Need A VPN Part II - LDAP Integrations, User Data Imports, & the Internet solution
You Don't Need a VPN Part III - Using Single Sign-On for Authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-29-2018 03:10 AM
Thanks Surendra .
You mean -(1) Do we have to configure a LDAPS (with certificate) server on SNOW and open port 689 on firewall?
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-29-2018 03:25 AM
Yes . I would try that option only to start with
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-29-2018 03:16 AM
Hi RP,
Users should be imported from LDAP to ServiceNow. While importing users from LDAP to sys_user table, make sure to import "password" attribute along with other attributes. This will ensure that users will use their AD password for login at ServiceNow.
Now, if you want to go one step further then you can also implement ADFS integration with ServiceNow after importing LDAP users to sys_user table.
ADFS integration will redirect users to ServiceNow based on SSO and they don't have to enter their credentials after they login to their PC using AD credentials.
