- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2025 02:41 AM
Hello all,
I'm currently working on a requirement where we need to use ServiceNow as the Identity Provider (IdP) for external systems, rather than the usual approach where Azure AD or other IdPs authenticate users into ServiceNow via SSO.
Use Case:
A customer logs in successfully to the ServiceNow Customer Portal. When they then access an external system (such as the Aha! Ideas Portal), they should be authenticated automatically via SSO, without needing to log in again.
To achieve this, I've configured ServiceNow as a SAML 2.0 Identity Provider using the Multi-Provider SSO > Identity Providers module.
Here are the key configuration details:
- SAML 2.0 protocol used
- X.509 certificate (default in ServiceNow)
- Fingerprint hash of the certificate generated and applied in the Aha! SAML settings
However, the integration is currently failing with the following error on the Aha! side: "SAML response missing"
Has anyone successfully implemented ServiceNow as an IdP for an external SAML-based application?
Any guidance on what might be missing or misconfigured would be greatly appreciated.
Thanks in advance!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2025 02:56 AM
Why not have ServiceNow provide the details into a platform that is created for SSO (like Okta, AAD)? Create the users in those systems from ServiceNow and use them to authenticate login on the other applications.
ServiceNow doesn't provide built-in IdP features. You would have to build your own SAML IdP logic (issuing SAML assertions, signing, handling requests), write and maintain the XML, crypto and endpoint mappings, (possibly) expose a public endpoint and you would be responsible for all security and are in violation of what ServiceNow officially supports (if it breaks, you have to deal with it, ServiceNow won't help).
ServiceNow isn't optimized or licensed as an identity platform, so you may also be non compliant to internal rules (non ISO compliant) and is more for managing the customers than to authenticate them for third party apps.
My advise: don't do it. Use the platforms for what they are build for.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2025 03:06 AM - edited 07-14-2025 03:47 AM
Hi @Moses E Ali
Currently servicenow as a provider is only available with Oauth with limited capabilities, and not at all with SAML protocal.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2025 02:47 AM
Unfortunately ServiceNow cannot be used as Idp as per knowledge.
ServiceNow platform is designed for core service management and not around robust identity management.
for an application to be identity provider following things needs to be considered
SAML Requirements for Identity Providers
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2025 02:56 AM
Why not have ServiceNow provide the details into a platform that is created for SSO (like Okta, AAD)? Create the users in those systems from ServiceNow and use them to authenticate login on the other applications.
ServiceNow doesn't provide built-in IdP features. You would have to build your own SAML IdP logic (issuing SAML assertions, signing, handling requests), write and maintain the XML, crypto and endpoint mappings, (possibly) expose a public endpoint and you would be responsible for all security and are in violation of what ServiceNow officially supports (if it breaks, you have to deal with it, ServiceNow won't help).
ServiceNow isn't optimized or licensed as an identity platform, so you may also be non compliant to internal rules (non ISO compliant) and is more for managing the customers than to authenticate them for third party apps.
My advise: don't do it. Use the platforms for what they are build for.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2025 03:06 AM - edited 07-14-2025 03:47 AM
Hi @Moses E Ali
Currently servicenow as a provider is only available with Oauth with limited capabilities, and not at all with SAML protocal.