The Problem: One Login to Rule Them All

Until now, Identity Provider configuration in ServiceNow has been instance-wide. Configure SSO with Okta or Azure AD, and every portal on the instance inherits that configuration. Every user, every portal, same redirect.

The Solution: Portal-Specific Authentication

With the Australia release, authentication settings live directly on each Service Portal record. The Login widget dynamically renders the correct options based on what you configure — no customization required.

How to Set It Up

Prerequisites

Install the Multi-Provider SSO plugin — com.snc.integration.sso.multi.installer

Enable Multi-Provider SSO by setting glide.authenticate.multisso.enabled to true

Create your Identity Provider records (e.g., Okta, Azure AD) and configure SAML or OIDC as needed

Step 1. Enable “Show as Login Option” on Your IdP Records

Open each Identity Provider record you want to make available for portal login. Check the “Show as Login option” checkbox. This makes the IdP eligible for selection on portal records.

Identity Provider record — enable “Show as Login option” to make this IdP available for portal-specific configuration.

Step 2. Configure Authentication on the Service Portal Record

Navigate to Service Portal > Portals and open the portal you want to configure. Enable “Use portal-specific authentication”, then set your local login preference and select your Identity Providers.

Service Portal record — the new authentication fields: Use portal-specific authentication, Enable local login, Portal Identity Providers, and Enable early redirection.

Step 3. Select Your Identity Providers

The Portal Identity Providers field is a GlideList — you can select multiple IdPs. Only IdPs with “Show as Login option” enabled will appear as choices.

Select one or more Identity Providers from the list to display them on this portal’s login page.

What the Login Page Looks Like

The Login widget dynamically adapts to your configuration. Here are the two most common setups:

SSO Only — No Local Login

Disable local login and configure one or more IdPs. Users see only the external login buttons — clean and direct.

Login page without local login — only external SSO options (Okta and Azure) are displayed.

Local Login + Multiple IdPs

Enable both local login and multiple IdPs. Users get the full username/password form plus external login buttons below.

Login page with local login enabled alongside two IdPs — users choose between username/password or SSO.

Single IdP with Early Redirection

When only one IdP is configured and “Enable early redirection” is checked, users are automatically redirected to that IdP’s login page — no intermediate screen at all.

Real-World Use Cases

Things to Keep in Mind

Plugin required — Install com.snc.integration.sso.multi.installer and set glide.authenticate.multisso.enabled to true.

Backward compatible — Portals without portal-specific authentication enabled continue using instance-wide settings. Nothing breaks on upgrade.

Server-side enforcement — Authentication method enforcement happens server-side. This is a security configuration, not just a UI change.

No widget customization needed — The out-of-box Login widget handles everything dynamically. If you previously customized it for authentication, you may be able to revert to base.

Ready to Try It?

Portal-Specific Authentication in the Australia release eliminates widget-level customization for different login experiences across portals. It’s a clean, admin-configurable, out-of-box solution for a long-standing pain point.

If you manage multiple portals with different user populations, this feature is worth exploring as soon as Australia lands on your instance.

Have questions or feedback? Drop a comment below — I’d love to hear how you plan to use this.