SSO and last login

Earl L · ‎11-07-2013

We have a SAML/SSO configuration that is working great for us. However, I noticed that the last login time isn't getting set for user accounts, where users are actively logging into the system (my account included). I dug up the "last login time" script that's in our instance (under System properties > Script actions) but for probably obvious reasons it's not recording last login time. It is set to fire on the login event.

So I suppose there are two (or more?) possibilities here:
1) the login event isn't being fired because we've enabled the SSO? (possibly)
2) the script isn't written correctly to actually record the last login time? (doubtful)

I also tried taking the appropriate line from the script (ugr.last_login_time = event.sys_created_on;) and adding it into the SAML login script. This just broke the SSO login. I suppose I was probably injecting it in an inappropriate place. I'm going to look at that some more.

If anyone has any experience with getting the last login time working after doing an SSO integration I'd really like to hear from you. Thanks.

Earl

Aitor Cabello · ‎02-21-2024

Good afternoon,

We have opened a case to Servicenow with this problem and they have referred us to these KB's:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0759252

https://support.servicenow.com/kb?id=kb_article_view&sys_kb_id=d519afd01b665154c16b43f6fe4bcbdd

This information does not solve the problem with the last_login_time field.

We have created a new field in the sys_user table that we update through a scheduled job/flow that loops through the sys_user_session table and last accessed field (there we do see information about the logged in user).

Note: We have been able to verify that the "login" event is only triggered if the user logs in from Servicenow but if they are logged in with SSO on another system, the event is not triggered.

I hope this comment is helpful

Regards.