Removing the default login prompt for all users - Multi-Provider SSO

wil421 · ‎09-10-2014

Hey all,

Currently we are trying to get multi-provider SSO working for internal employees as well as customers. We have the customer portion working correctly, they simply use the link we provide to the CMS site which passes the correct authentication sysID and redirects them to our portal for authentication and then back to SN with a SAML token.

For internal employees we would like them to do the same. The only issue is that we are not using a CMS site, so if they go to instance.service-now.com they are brought to the SN login page. Its a requirement that they not have to login again, or click on "Use External Login", or a custom link we put on this landing page.

How can we modify the default landing page to automatically pass the correct sysID for authentication. I understand that after the first successful login SN will remember which certification method to use, but we need a method to make this happen the first time they access the system after turning on MPSSO.

Thank you!

wil421 · ‎09-19-2014

For anyone who is curious, we found a solution by creating a UI Page with the title "welcome" (Welcome with a capital W didnt work for us). This page overrides the default welcome page.

Source: Redirect to a custom landing/login page

There is one unintentional side effect that we have discovered. side_door.do will now longer work if you override the default welcome page. Our solution to this was to make another side door using a public UI Page. I copied the jelly script from the default login page for the ESS site and it seems to work just fine.

View solution in original post

JohnG3 · ‎09-12-2014

Hi Steve,

I am not sure if you already populated the SSO Source value for the internal users' Company (NCR) to see if that will automatically redirect them to the SAML IdP; should be section 3.3 of the wiki: Multiple Provider Single Sign-On - ServiceNow Wiki

I missed that step when I first configured MSSO. If that is already in place, you may need to modify the MultiSSO_ClientHelper script include to redirect by default to your internal IdP.

Cheers,

John

wil421 · ‎09-16-2014

Thanks for the reply John!

We already have the Multi-SSO set up in place.

Your solution assumes we already know who the user is. If they are accessing instance.service-now.com directly then we know they are an internal employee and we would like a script to redirect them to our IdP (no clicking or logging in on the SN login page even though it should only happen on the first login).

On a CMS site for one of our customers we are using a window.location script to direct them to their IdP. We would like a automatic redirect for anyone landing on the default SN login page.

wil421 · ‎09-19-2014