This is a 4 part series
- Setting Up Our Test Azure & ServiceNow Accounts
- Preparing our ServiceNow Personal Developer Instance (this article)
- Adding ServiceNow Enterprise Application & Initial Setup
- Configure Azure SSO & Provisioning
Preparing our PDI
Before we can make our connection to Azure and setup SSO we first need to install what are called Plugins to handle this. The one specifically we are looking for is Multiple Provider Single Sign On.
While signed in to your PDI, click on All in the Next Experience Unified Navigation bar at the top of the page to open the All Menu and type “Plugins” then click the result
After a brief moment, you are now in the All Applications Management area of the platform as shown below. This is where you can request new applications or plugins, update/repair currently installed products, and even find offerings available in the ServiceNow Store if you are on a live environment to add even more functionality to the platform (Note - PDI’s are not eligible for Store apps). In the search bar at the top enter “multiple provider” and find Integration - Multiple Provider Single Sign-On Installer - it should be the second in the list. Click Install over to the right.
You’ll be presented with a popup confirming activation, check the box to “Load demo data” and click Activate. After a few minutes, you’ll see the plugin has successfully installed.
Next, we need to create an admin user for Azure to use for the connection and provisioning of users/groups later on. To do this, go back to the All Menu and type “Users” and click the result under System Security > Users and Groups
A PDI comes with tons of demo user records (622 for me). It’s up to you if you wish to delete them or not. You may say “why not use one of the already existing accounts for this?” - sure, you can! That’s the joy of a testing environment! I will be making a dedicated account to use in this tutorial, and should you follow along you’ll want to click New in the top right. You’re presented with the New User Record form.
For me, I used the following values:
- User ID: azureadmin
- First Name: Azure
- Last Name: Admin
The other values really don’t affect any of this but you’re more than welcome to fill them out if you wish. Click “Submit” and you’re returned to the list view of all user records. Next we need to set a password for this account, so click on the Personalize List gear icon at the top
In the Available column on the left, find Password and add it to the Selected column on the right and Ok to save your selection. Back on the list view, you see the new column added. To set the account password, double click on the field where you see ******* and you’ll be presented with a box to input a password - type in your preferred password and click the green check mark to save.
The final step that we must take is to configure SSO Account Recovery and actually enable Multi-Provider SSO for our PDI. To do this, head to Multi-Provider SSO > Account Recovery > Properties
You'll be presented with this screen:
Important Note: You must configure this with an admin permissioned account, and once done you will ONLY be able to perform SSO configuration tasks under the said account. I would strongly suggest creating an ssorecovery user for this task. You can read more on this here.
Once you have an SSO recovery user, you can go to Multi-Provider SSO > Administration > Properties and make the following changes:
Enable Multiple Provider SSO: Checked
Enable Auto Importing of users from all identity providers into the user table: Checked
User identifying field: email
Now that we have our plugin installed and an account for the integration created, we can head back into Azure in the next entry of this series to set up the ServiceNow Enterprise Application.
