This is a 4 part series
- Setting Up Our Test Azure & ServiceNow Accounts
- Preparing our ServiceNow Personal Developer Instance
- Adding ServiceNow Enterprise Application & Initial Setup (this article)
- Configure Azure SSO & Provisioning
Our next step is to setup the ServiceNow Enterprise Application in the Azure portal. Type enterprise in the search bar at the top and click the respective Services result
Click New application
Search for ServiceNow, click the result, and choose Create
Once complete, you’re redirected to the Enterprise Application Overview screen
At this point, we’re ready to configure and connect Azure to our PDI. For that process there are 4 steps we need to take:
- Create Users and Groups we want to provision to ServiceNow
- Assign those entities to our Enterprise Application
- Configure SSO in ServiceNow
- Configure Provisioning Scopes
Once those are complete, we can turn on Provisioning and watch as they are sent to our instance.
We’ll perform steps 1 and 2 here, and 3 and 4 in the next post.
Create Users and Groups in Azure AD
To create users and groups in Azure, we need to go to Azure Active Director. To get there, type active directory and click the appropriate result
Next, click Users on the left under Manage. The great thing about Microsoft 365 Developer program is we get demo user records as a starting point.
At this point, it’s up to you if you want to delete these and start fresh with your own, or just use these as provisioning users. For the sake of the demo, we’ll create a new user record.
These options are all we need to fill in, but there are others like Job Title available should you scroll down. Once the user record is filled in to your liking, click Create and you’re taken back to the list of users. It will take a minute or so for your new user to show up, but you can just click refresh and you’ll end up seeing them show. Next, we’re going to create a Group. Click on the breadcrumb at the top to go back to the main Azure AD page and then go to Groups on the sidebar.
Click New Group at the top and enter a group name. A general best practice if you have a large environment and not every group should be provisioned would be to use an identifier that we can use in a scope filter (we will touch on this later). For our demo, we’ll create a group called SNOW_Service Desk. Leave the Membership Type to Assigned, and add our users to the group.
Once again, once you click create it will take a minute to show in the list of groups.
Add Entities to Enterprise App
Head back to the ServiceNow Enterprise App and click on Users and groups in the sidebar.
Click Add user and group, choose your group(s) and user(s), and click Assign
Note: As directed, only users in the group will be provisioned, and nested groups will NOT. If you have multiple groups to provision, each group needs to be selected.
At this point, we’re ready to move on and make our connection to ServiceNow and setup SSO from our Azure AD environment to our PDI.
