Two Issues after implementing Azure AD SSO with ServiceNow

Yuri Yoshinami
Tera Contributor

‎05-13-2020 03:08 AM

We have implemented Azure AD SSO with the prod instance.

Could you kindly advise us the solution for the below issues?

1. The user which have deleted in the AzureAD seems still exist in the servicenow instance.

In our case, almost all the users are created in the AzureAD and they are added to the servicenow from AD automatically. However even after we delete the userA in the AzureAD ,we still find the userA in the sys_user.list in the ServiceNow.

Is there any solution for this case?

 

2.When we update the value as Null in the AzureAD are not synchronizesd/updated in servicenow.

It looks like when the servicenow got the value NULL from AzureAD when provisioning, servicenow doesn't do any updates, even it is updated as NULL in AzureAD.

Could you kindly tell me any best practice for updating it as NULL in servicenow?

Labels:
0 Helpfuls
  • 2,058 Views
8 REPLIES 8

Yass
Kilo Expert
In response to Astrid Sapphir1

‎12-15-2020 03:56 AM

Hello @Astrid Sapphire,

 

Thanks for your reply.

I realize that I didn't be enough specific on my requirements.

We encountered the following issue: 

"2.When we update the value as Null in the AzureAD are not synchronized/updated in servicenow."

We are trying to find why this sync is not working and how to allow Azure AD to update to empty some fields in ServiceNow.

 

Regards,

Yass

0 Helpfuls

Astrid Sapphir1
Giga Expert
In response to Yass

‎12-15-2020 03:17 PM

Hi Yass,

This relates to the point 2 that I discussed in my last message. I have done some testing with my PDI, and can confirm that you can enforce setting values to null in ServiceNow using a SOAP integration by including the allow_empty_value parameter with a value of true.

I'll provide an example that I used in my PDI, which uses Fred Luddy's user (unless you don't have demo data, you'll have it too). Without the additional &allow_empty_value=true URL parameter, the user does not get modified, both on the string field 'title' and the reference field 'department'. Adding it allows this to be done.

Below is an example SOAP envelope and the URL above:

URL="https://*instance_name*.service-now.com/sys_user.do?SOAP&allow_empty_value=true"

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sys="http://www.service-now.com/sys_user">
   <soapenv:Header/>
   <soapenv:Body>
      <sys:update>
         <department></department>
         <sys_id>5137153cc611227c000bbd1bd8cd2005</sys_id>
         <title></title>
      </sys:update>
   </soapenv:Body>
</soapenv:Envelope>

As such, getting Azure AD to set null values would be a matter of adding this query parameter to the queries Azure AD is dispatching over SOAP.

If there are limitation on doing this from the AzureAD side, this community may not be the best place to get answers for that, as the limitation would be in Azure and engaging with support there may be a better bet.

I hope that this clarified things somewhat for you. Please let me know if this helped.

Kind regards,

Astrid

0 Helpfuls

Yass
Kilo Expert
In response to Astrid Sapphir1

‎12-16-2020 08:30 AM

Hello Astrid,

 

You've right, just I can't find the soap API between Azure AD and ServiceNow.

 

regards,

Yass

0 Helpfuls

adinad
Tera Guru
In response to Astrid Sapphir1

‎06-09-2022 06:28 AM

Hi,

Where exactly can you put the additional parameter "&allow_empty_value=true " in Azure?

 

Thanks,

Adina

0 Helpfuls