SSO on Vendor Portal

Go to solution
c_d_mitchell
Giga Guru

‎05-28-2019 12:04 PM

We just installed the Vendor Risk Portal.   

We currently have Service Portal and our Instance as well.
Both SP and the instance works correctly for checking SSO, and directing the user based on role.   But some reason Vendor Portal isn't challenging for SSO.    

I see several articles about redirecting or disabling the Vendor Portal page, which makes me believe something is turned off on ours?  

Any ideas on what I'm missing?   Shouldn't the SSO Challenge on Vendor Portal as well?   

find_real_file.png

Labels:
Preview file
112 KB
0 Helpfuls
  • 2,953 Views
1 ACCEPTED SOLUTION

Go to solution
Tim Provin
Mega Guru
In response to c_d_mitchell

‎05-29-2019 11:33 AM

This is actually caused by an ACL.  The users do not have read capabilities on the UI Page.  I thought this was fixed in a London patch, but I may be mistaken.  Search your ACLs for name is content_redirect.  There should be one where the operation is read and the type is ui_page.  Check the roles on that ACL and make sure that your vendor users have a role associated to this ACL.

View solution in original post

11 REPLIES 11

Go to solution
Tim Provin
Mega Guru

‎05-28-2019 12:48 PM

What are you getting when you navigate to the Vendor Risk Portal from a browser that isn't already authenticated?

Go to solution
c_d_mitchell
Giga Guru
In response to Tim Provin

‎05-28-2019 01:03 PM

If we go to our link:  https://cscbtdev.service-now.com/
It will challenge you for your Global Pass.     Once challenged, if a non-user it will send you to Service Portal, if ITIL it will send you to the instance.   

find_real_file.png

If you go to the /vdp
Goes direct to the portal, and you can get in with no Global Pass, which our client does not want.
find_real_file.png

Preview file
214 KB
Preview file
42 KB

Go to solution
Shiva Thomas
Kilo Sage

‎05-28-2019 02:02 PM

Hi Mitchell,

SSO is usually about having third party applications and websites using some protocol, like LDAP, to use your central Active Directory database of credentials. Active Directory usually contains user's accounts for your own employees (internal and external). It needs to be centralised, and highly secured.

For Vendor Risk Management you don't need to manage external third party's users (aka Vendor Contacts). You don't want to administrate the Vendor Contacts yourself. You only define at least one Primary Contact for a Vendor in ServiceNow, then you let him add/remove/manage additional Contacts. It should not your responsibility to do that, because you have no way to know when a Contact will join/leave its position. No Vendor Contacts will ever be able to log in any of your other systems, nor do anything else in your ServiceNow instance. Vendor Contacts are not stored in same table as other users.

Using SSO for GRC Vendor Risk Management would only be useful for your own employees (aka Users), and those don't use the Vendor Assessment Portal. Users with Internal Vendor Risk Management roles, like the one who assess the vendors (vendor risk assessors or reviewers) or create templates and schedules (vendor risk managers). For that, they would not use the Vendor Assessment Portal, but the platform backend, ideally using a SSO linked to your Active Directory.

This is why any SSO configuration is de-activated by default for the Vendor Assessment Portal!

Having Vendor Contacts using SSO would only make sense if it was connected to the vendor's SSO instead of your own. Is that what you would like to achieve, having specific SSO configurations for each vendor that you manage?


Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful or Correct.
This enables other customers to learn from your thread.

Go to solution
c_d_mitchell
Giga Guru
In response to Shiva Thomas

‎05-28-2019 04:15 PM

Going to reach out to my BA and understand the requirements some more.    Thanks for responding!    Will send an update possibly tomorrow.

 

 

0 Helpfuls