Unfortunately, we still have an issue with our OKTA SSO that we cannot resolve so would like your help please.

Our scenario:

• We have two different OKTA’s that need to sign into our servicenow instance. This is dependent on company.

• We have both set up as identity providers on our instance. I have checked all the steps in creating an identity provider and this is all correct.

• I have entered in the correct info in the sso source field on the companies table eg. sso:12345678901234567890123456 (Also tried entering this onto a user record direct and still doesn’t work)

• When you select one as ‘auto redirect idp’ they work – the user gets redirected to the correct OKTA.

• As soon as I turn auto redirect off neither work and SNOW just bypasses to its own login screen.

• I have checked all before query business rules on the system in case any were impacting the system’s ability to pull the SSO information. Even turning them all off and logging in made no impact.

• I have double checked these steps as well that I’ve seen in a potentially related KB:

Use the right plugin and the correct Script include and Installation exits.

1. glide.authenticate.multissov2_feature.enabled = true
2. In the Identity Provider record , Go to Advance Tab à Single Sign On Script : MultiSSOv2_SAML2_custom
3. Following installation exits and Script include are set to true.

4. Make sure the installation exits for SAML2 plugin is disabled ( Active to false) 

https://instance.service-now.com/sys_installation_exit_list.do?sysparm_query=nameLIKESAML2&sysparm_v...

SAML2Logout
SAML2Logout_update1
SAML2SingleSignon
SAML2SingleSignon_update1

These are all correct in the system.

• Whenever I turn the auto redirect idp back on I get a lot of system log messages with source SAML2, but that script include is deactivated?

Is anyone able to help me with any further troubleshooting guidance? I know I’ve seen somewhere that I may need to add something to the ‘MultiSSOv2_SAML2_custom’ script but I’m unsure as to what?