SSO on Vendor Portal

Go to solution
c_d_mitchell
Giga Guru

‎05-28-2019 12:04 PM

We just installed the Vendor Risk Portal.   

We currently have Service Portal and our Instance as well.
Both SP and the instance works correctly for checking SSO, and directing the user based on role.   But some reason Vendor Portal isn't challenging for SSO.    

I see several articles about redirecting or disabling the Vendor Portal page, which makes me believe something is turned off on ours?  

Any ideas on what I'm missing?   Shouldn't the SSO Challenge on Vendor Portal as well?   

find_real_file.png

Labels:
Preview file
112 KB
0 Helpfuls
  • 2,956 Views
1 ACCEPTED SOLUTION

Go to solution
Tim Provin
Mega Guru
In response to c_d_mitchell

‎05-29-2019 11:33 AM

This is actually caused by an ACL.  The users do not have read capabilities on the UI Page.  I thought this was fixed in a London patch, but I may be mistaken.  Search your ACLs for name is content_redirect.  There should be one where the operation is read and the type is ui_page.  Check the roles on that ACL and make sure that your vendor users have a role associated to this ACL.

View solution in original post

11 REPLIES 11

Go to solution
Tim Provin
Mega Guru
In response to Dirk M_

‎05-30-2019 07:29 AM

What do you mean by "Vendor Contract folks are not getting Challenged"?

0 Helpfuls

Go to solution
Shiva Thomas
Kilo Sage
In response to c_d_mitchell

‎05-29-2019 01:16 PM

Hi Dirk,

I do believe that my arguments cover the logic taken by ServiceNow for the Vendor Assessment Portal. Not everything should be centralised, not when it's for external contact that can't log into your instance main interface or anywhere on your network. 

I believe that when the KB article specify "implement a portal (like Vendor Portal)" they are not speaking of the Vendor Assessment Portal itself, but some custom portal that compare to the Vendor Assessment Portal.

The other Community post refer to an older version of the solution. Jakarta was the first release of Vendor Risk Management. I did look, but found nothing regarding this point in the official Release notes.

There was also not a single mention of SSO in the (London) Vendor Risk Management Implementation course and exam that I passed.

Should you choose to force SSO to third party vendors, what would be the process to create users, update password and disable users? Who would be in charge? What would be the communication channel used? Will the vendor risk assessors have to interact with the team in charge of the SSO for every contacts? To automatise that process, I expect that you would have to hide several of the out-of-the-box widgets in the Vendor Assessment Portal and remplace them by your own custom versions.

Going against the platform's logic implies implementation costs, and may have unexpected maintenance costs in the future.

Of course, should I be mistaken, please share your experience here. ^_^


Best regards from Switzerland
Shiva :¬,

If this reply assisted you, please consider marking it 👍Helpful.
This enables other customers to learn from this thread.

0 Helpfuls