MID Server, Integration with AD for users and groups

Go to solution
skylarbarth
Kilo Expert

‎07-28-2017 01:12 PM

I am very curious as to some lower level and best practice info around integration w/ LDAP for the purpose of importing users, auth-ing them, importing group/structures.

I am familiar with transform maps once the data is at the import set ... but getting it in, that's what I'm curious about.

I want to use the KISS simplest way to get this done.

I was reading that a MID server w/ hardware or on a VM and then install/config and point to xyz ... why?

Is this because there is a security risk with going form SN -> LDAP through a traditional ldap integration?

We are spinning up internal it on SN ticketing system from remedy and I'd like to "do it right" or at least with some design/higher plan in mind.

In terms of config once I'm in the system, I'm comfortable with, but this is hardware and more IA and as a SaaS I'm a bit confused as to those elements ...

Perhaps I can explain my question better ... but I am looking for a way to get users and groups into the system. from AD. and then use AD to auth those users when they try to login ...

shouldn't be that hard?

0 Helpfuls
  • 4,844 Views
1 ACCEPTED SOLUTION

Go to solution
danpatino
Tera Expert
In response to skylarbarth

‎07-28-2017 02:24 PM

Customers will typically engage SN professional services or a partner for this kind of thing.   However, it seems like you may have something similar before.



Here are some documentation resources:


http://wiki.servicenow.com/index.php?title=LDAP_Integration_Setup#gsc.tab=0


LDAP integration setup



Basically you'll need to ask your network or security team to make a firewall rule to allow communication over port 636 from your ServiceNow instance (you can get your instance IP address through HI support).   They will probably create a virtual IP and NAT rule to point to your domain controller.   Then configure the LDAP server in servicenow using the VIP and SSL cert (included in documentation).  



You can of course avoid some complexity by using plain LDAP or putting your DC in the DMZ but I don't think they'll get on board with that.   Also that approach isn't recommended.   Although there are several steps, in my opinion it is straight forward and not many options for variation if you're following best practice.   Of course someone else on the community may have their own opinion


View solution in original post

7 REPLIES 7

Go to solution
danpatino
Tera Expert
In response to skylarbarth

‎07-28-2017 02:24 PM

Customers will typically engage SN professional services or a partner for this kind of thing.   However, it seems like you may have something similar before.



Here are some documentation resources:


http://wiki.servicenow.com/index.php?title=LDAP_Integration_Setup#gsc.tab=0


LDAP integration setup



Basically you'll need to ask your network or security team to make a firewall rule to allow communication over port 636 from your ServiceNow instance (you can get your instance IP address through HI support).   They will probably create a virtual IP and NAT rule to point to your domain controller.   Then configure the LDAP server in servicenow using the VIP and SSL cert (included in documentation).  



You can of course avoid some complexity by using plain LDAP or putting your DC in the DMZ but I don't think they'll get on board with that.   Also that approach isn't recommended.   Although there are several steps, in my opinion it is straight forward and not many options for variation if you're following best practice.   Of course someone else on the community may have their own opinion


Go to solution
skylarbarth
Kilo Expert
In response to danpatino

‎07-28-2017 02:28 PM

Thank you very very very much for this detailed exchange.


I really appreciate it. If you're ever in the Ottawa area let me buy you a beer! (if you drink)


0 Helpfuls

Go to solution
danpatino
Tera Expert
In response to skylarbarth

‎07-31-2017 07:58 AM

Happy to help Skylar.   If I'm up there catching a Lightning/Senators game I'll take you up on that!


0 Helpfuls