- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-12-2017 09:52 AM
Two companies have merged, but they still have two distinct AD servers.
The goal going forward is for one company to transition into using the other's ServiceNow instance and adopt the other's IT processes.
This instance is already configured using ADFS and SSO with SAML 2.0.
Domain separation is not preferred as we want the catalog to be shared and service desk to service both entities.
I imagine collecting users from both AD servers via LDAP would not be significantly more difficult than just repeating the process for the new server. However, I've not set up user import/authentication/sso using more than one provider, (a second AD server with ADFS) and I'm curious about potential pitfalls/obstacles.
1. Does Multiple provider SSO handle this easily?
2. Are there additional considerations when using two systems containing different sets of users/groups?
3. Would Domain separation impact this significantly, either simplifying or complicating?
Thanks,
-Stephen
Solved! Go to Solution.
- Labels:
-
Instance Configuration
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-12-2017 03:34 PM
1. We have a domain separated environment with multiple domains using LDAP and SSO without a problem.
In the user record, you define what SSO sys_id to use. So just ensure that in the transform map for the user import is defining SSO as: "answer = 'SSO:<sys_id of sso>'"
2. Just make sure the transform map defines whatever fields you may need defined to separate the users. Like Company (if necessary), LDAP Server, SSO, etc..
3. Domain separation really doesn't affect this. We have all the LDAP, SSO IdP configurations at Global, and define the LDAP Server and SSO in the transform map inside the LDAP configuration. From that transform map, we define the company and domain for the users being pulled, but to answer your question, since everything is being configured at a higher level, domain separation really doesn't change anything.
Hope that helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-12-2017 03:34 PM
1. We have a domain separated environment with multiple domains using LDAP and SSO without a problem.
In the user record, you define what SSO sys_id to use. So just ensure that in the transform map for the user import is defining SSO as: "answer = 'SSO:<sys_id of sso>'"
2. Just make sure the transform map defines whatever fields you may need defined to separate the users. Like Company (if necessary), LDAP Server, SSO, etc..
3. Domain separation really doesn't affect this. We have all the LDAP, SSO IdP configurations at Global, and define the LDAP Server and SSO in the transform map inside the LDAP configuration. From that transform map, we define the company and domain for the users being pulled, but to answer your question, since everything is being configured at a higher level, domain separation really doesn't change anything.
Hope that helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-12-2017 03:43 PM
Thanks John.
Exactly what I was hoping to hear.
I had read that multiple sources weren't supported.. but that information must have predated Multi provider SSO.
-Stephen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-12-2017 03:46 PM
Yea, i can tell you for sure I have multiple SSO sources running in my environment without a problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-28-2018 11:52 AM
Hi John what URL do you give to the users to log in the first time and following times?
