Change the Welcome Page Login for ITIL users

Joe Taylor · ‎04-14-2022

I just implemented SSO authentication.

Now when my itil users (agents) open the welcome page, they are presented wtih this screen:

Local Login URL: https://xxxxxx.service-now.com/login_locate_sso.do#

I want them to use the "External Login" method of authenticaion as the default.

External Login URL: https://xxxxxxx.service-now.com/login_locate_sso.do

How do I swap these around so the external login screen is the default?

Vivi Brasil · ‎04-14-2022

Hello Joe Taylor,

Do you have two or more Identity Providers in the SSO?

I am asking it, because if you have only one IDP and that IDP could be used to authenticate all the users (Agent Users, ESS Users...), you could set the Auto-Redirect in the IDP, so, the ServiceNow Welcome Page will not appear to them, when the users access the URL https://instance_name.service-now.com, they will be automatic redirected to their SSO page (e.g.: MS Azure AD, MS ADFS, OKTA...).

Only if there are users which need to authenticate in other IDP, or locally, would need to access the side_door.do page (https://instance_name.service-now.com/side_door.do or https://instance_name.service-now.com/login.do).

Thank you!

Joe Taylor · ‎04-15-2022

Thanks Vivi. I actually do need both login methods. I want my internal employees to use SSO with their email as a the user id. I also have external vendors that will need to use the local login "name" for user id.

So everything is working just fine right now, I just want to swap the default login window so that "External Login" window comes up as the default.

Vivi Brasil · ‎04-15-2022

You are welcome Joe, and thank you for explaining the scenario.

I haven't applied it, but there is a KB Article that I hope could help you:

KB0758382: How to redirect users to /login_locate_sso.do page from instance URL

My concern is if those changes will replace the Auto Redirect IDP for your internal employees as well (if you could try it on a sub-production instance, to validate the behavior).

Thank you!

Joe Taylor · ‎04-15-2022

Oh thank you for this Vivi. I'm so close now.

So here is what I did BEFORE and AFTER my changes.

BEFORE CHANGES

In system properties, I have:
Entry: glide.entry.page.script
Value: new CMSEntryPage().getEntryPage()

This is the script include for CMSEntry page

var CMSEntryPage = Class.create();

CMSEntryPage.prototype = {
initialize : function() {
},

getEntryPage : function() {
var config = GlideContentConfig.get();
if (!config.getLoginPage())
return null;

return new GlideCMSPageLink().getPageLink(config.getLoginPage());
}
}

Default Screen

AFTER CHANGES

In system properties, now I have:
Entry: glide.entry.page.script
Value: new PreLoginScript().redirectToLoginLocateSSO();

This is the script include for PreLoginScript

var PreLoginScript = Class.create();
PreLoginScript.prototype = {
initialize: function() {
},

redirectToLoginLocateSSO: function() {
return "/login_locate_sso.do";
},

type: 'PreLoginScript'
};

Default Screen

So my last question is how do I make my default screen use the login_locate_sso.do script and still have the
"Forgot Login Crentials" widget? (Like in the BEFORE screeenshot).