[Mobile Security] Setup SSO using Microsoft Azure Active Directory

• Have admin role on your ServiceNow instance
• Have a Microsoft Azure account. If not, please go to https://azure.microsoft.com/ and create a free account.

1. On your ServiceNow instance, navigate to Plugins
2. Search for Integration - Multiple Provider Single Sign-On Enhanced UI and activate. 
   
   
   
   
   
   
3. Navigate to Multi-Provider SSO->Administration->Properties and toggle Enable multiple provider SSO to Yes 
   
   
   
   
   
   

1. Go to https://portal.azure.com/
2. From Azure services, click on Azure Active Directory
3. On the side menu, click on Enterprise applications then click on New application
4. Search and add ServiceNow
5. Once created, go into your ServiceNow app and select Set up single sign on 
   
   
   
   
   
   
6. Select SAML
7. On Basic SAML Configuration, perform the following: 
   • On identifier fields, add your instance URL. Ex: https://<instancename>.service-now.com/
   • On Reply URL and Sign on URL fields, add your instance URL with /navpage.do. Ex: https://<instancename>.service-now.com/navpage.do
   • Click Save            
     
     
     
     
     
     
8. On User Attributes & Claims, the Unique User identifier has a default value of user.userprincipalname. Change the value to user.mail. 
   
   
   
   
   
   
9. On Set up ServiceNow (step 4), click on View step-by-step instruction, provide admin credentials, and click Configure Now. Azure will create a new identity provider on your instance called Microsoft Azure Federated Single Sign-on for Default Directory.
10. Create a new user on Azure and map it to a user from your ServiceNow instance. On Azure Active Directory, click on Users then click on New user. Create a user name David Loo. After the user is created, edit the user and add david.loo@example.com under the Contact info email. 

    David Loo is a demo user in ServiceNow with email david.loo@example.com. After the user is authenticated with Azure credentials, it will use the email value to map to a ServiceNow user. This is the reason why we changed the Claim value to user.mail on Step 2.8.
    
    
    

    
    
    
    
11. After the user is created, go to Default Directory -> Enterprise application and select ServiceNow. On Users and groups, click Add user/group and add David Loo from user list. 
    
    
    

1. On your instance, search for SSO and select Microsoft Azure Federated Single Sign-on for Default Directory  
   
   
   
   
   
   
2. Scroll down to X.509 Certificates and click Edit
3. Add Microsoft Azure Federated Single Sign-on for Default Directory and hit Save
   
   
   
   
   
   
4. Click on Set as Auto Redirect IdP
   
   
   
   

Configuration is complete. Open your ServiceNow mobile app and point to your SSO instance. You should be prompted by a Microsoft login.