- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2022 08:58 AM
I have to setup LDAP and SSO for the very first time and want some guidance to start up with what do I need from the other end?
How to do the setup?
Which team/designation person from the other end I should reach out?
Solved! Go to Solution.
- Labels:
-
Instance Configuration
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2022 12:47 PM
Your approach will depend somewhat on your desired outcomes as well as your SSO provider.
I've done multiple integrations of these types. Here are some things to consider:
1. How do you want to provision user data into ServiceNow? This could either be done via LDAP sync or from your SSO provider depending on their capabilities.
2. If you're using LDAP, will you be using a MID Server? (recommended). The downside of using a MID Server however is that you can't use direct LDAP authentication - which I'm assuming is why you're including SSO in this conversation.
If you can establish a direct connection from ServiceNow to your AD server, you can just use LDAP authentication. However, this typically requires that you expose LDAP to the internet. You can set up encrypted LDAP, but that can be a bit tricky to get working. I'd also strongly recommend using a Read-Only Domain Controller if you decide to go this route.
3. Will you need multiple SSO providers?
I've set up Azure sync to ServiceNow for SSO and provisioning. There's a good tutorial here if you're using Azure: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/servicenow-tutorial
If you can use SSO for both user provisioning and SSO, it might simplify things. If your SSO provider doesn't support provisioning or you can't do that for some reason and still need LDAP, you can find instructions about that here:
You should also review ServiceNow's Multi-Provider SSO documentation:
Hope this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2022 12:47 PM
Your approach will depend somewhat on your desired outcomes as well as your SSO provider.
I've done multiple integrations of these types. Here are some things to consider:
1. How do you want to provision user data into ServiceNow? This could either be done via LDAP sync or from your SSO provider depending on their capabilities.
2. If you're using LDAP, will you be using a MID Server? (recommended). The downside of using a MID Server however is that you can't use direct LDAP authentication - which I'm assuming is why you're including SSO in this conversation.
If you can establish a direct connection from ServiceNow to your AD server, you can just use LDAP authentication. However, this typically requires that you expose LDAP to the internet. You can set up encrypted LDAP, but that can be a bit tricky to get working. I'd also strongly recommend using a Read-Only Domain Controller if you decide to go this route.
3. Will you need multiple SSO providers?
I've set up Azure sync to ServiceNow for SSO and provisioning. There's a good tutorial here if you're using Azure: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/servicenow-tutorial
If you can use SSO for both user provisioning and SSO, it might simplify things. If your SSO provider doesn't support provisioning or you can't do that for some reason and still need LDAP, you can find instructions about that here:
You should also review ServiceNow's Multi-Provider SSO documentation:
Hope this helps!
