ADFS vs Direct LDAPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2014 10:39 AM
We are currently configured to use direct LDAPS integration with Service-Now linked to our active directory. We are looking at moving to AD LDS/ADFS model.
What do we give up by moving this direction?
Aside from a more comfortable security model, what do we gain?
We have researched both but are unable to find a direct comparison of capabilities.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2014 09:50 AM
All,
This has been a painful learning curve for us so I will share.
- Service-Now is capable of leveraging multiple LDAP sources. We use this for the creation of the user record. To Mark's point about ADFS not creating the accounts - this can be addressed using the LDAP source and specifying the username as the unique identifier in the ADFS token.
- With direct LDAP integration/authentication Service-Now can authenticate against multiple sources as long as they have unique user IDs. domain1\user1 and domain2\user1 are not considered unique IDs because Service-Now looks at the user name not the UPN or logon name.
- The current version (Calgary and Dublin) of Service-Now does not support multiple STS (Security Token Services - also referred to as SAML or ADFS).
- Eureka will support multiple STS - Multiple Provider Single Sign-On - ServiceNow Wiki
We are in the process of solving this by engaging a third-party to provide the single token. We were reviewing SecureAuth for two factor authentication and found it was a good fit for this as well.
Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2014 03:14 AM
Hi Katie,
I would like to highlight some issues with the CMS/ADFS part.
I have recently implemented a CMS with ADFS as an SSO product and ran into several issues around login rules and redirection to the homepage.
I found this article extremely helpful http://www.john-james-andersen.com/blog/service-now/add-role-based-home-pages-with-saml-2-0-in-servi...
However, users without a role were no longer redirected to the CMS and instead taken to the standard view of the CMS. As a workaround we gave all non process users the 'public' role and this has worked for now, however i am seeking a better solution on this.
Hope this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2016 02:16 AM
Hi Robert,
Integration between ServiceNow and LDAP is possible using Informatica Cloud. For more info on ServiceNow Connector, please visit- http://www.servicenowconnector.com
For any further query, please reach at info(at)mansasys(dot)com
Thanks,
Ankit