Dealing with redirects on an enterprise scale can be a tricky business. This article shows you how to set up user redirects in the Service Portal using the SPEntryPage script include. The script does a lot of heavy lifting in the Service Portal by interacting with multiple access control lists (ACL) and system properties.
Before you begin
Target role : Administrator Experience required: Knowledge of SSO, URL redirects, and the ServiceNow platform
Note: This article is part two of a series on configuring the Service Portal login using the SPEntryPage script include. For part one of this series, see How to make Service Portal your instance login page. |
You might be familiar with some redirect methods from earlier platform versions, like login rules and installation exits. These have been replaced in Service Portal by the SPEntryPage script include.
How the SPEntryPage script include works
In the context of redirects, this script is like the login handler of Service Portal. You can use it to:
- Direct users to the login page
- Redirect them after login
For example, this role-based redirection allows you to create different landing page experiences for employees versus contractors or different partners.
In the base system, when evaluating the redirect request, the script performs two checks:
- Does the user have any assigned roles?
- Is the user trying to go to Service Portal directly?
If both checks pass (user roles and where they are trying to go to), the system then redirects the user to the value set in the glide.login.home property or to the page they tried to access before login. If the user does not have any assigned roles, the system sends them to an equivalent page in Service Portal.
For example, users that pass the checks go directly to:
https://<instance_name>.service-now.com/nav_to.do?uri=change_request_list.do
Otherwise, non-role users are redirected to:
https://<instance_name>.service-now.com/sp/?id=list&table=change_request
Set up role-based redirection
You can configure the SPEntryPage script include to meet your business needs, but this customizes the base system code. These changes can conflict with existing redirect logic or cause unintended consequences. Customizations other than what’s discussed here are not supported by ServiceNow.
With that said, let’s look at supported customizations in lines 69 and 70 of the SPEntryPage script include, which checks for an assigned user role.
By default, if the user has assigned roles, no redirect URL exists (login_redirect), and if the user is not trying to go to Service Portal, the script performs no redirect.
To customize this:
1. Modify only the user.hasRoles check.
2. Keep the other two checks as-is to avoid breaking functionality.
For example, to redirect users with a specific role to the platform UI, use this code:
if(user.hasRole("my_cool_role") && !redirectURL && !isServicePortalURL)
Note: When you upgrade your instance, customizations are not carried forward. Modifying the SPEntryPage script include sets the sys_customer_update field to true and the sys_replace_on_upgrade field to false.
After completing these steps, your instance redirects users after authentication based on their assigned roles to the URL of your choice. If you ever need to adjust the configuration, you can revisit these steps or update the portal’s login page settings.
Get output logs for debugging
To view debug output from the SPEntryPage script include and check the session variables used:
1. Go to the glide.entry.first.page.script system property and set the value to new SPEntryPage().getFirstPageURL().
2. Open the SPEntryPage script include and set this.logVariables to True.
3. In a different browser (or incognito or inPrivate session), log in.
To find the output logs:
1. Go to System Logs > System Log > All
2. Open /syslog_list.do?sysparm_query=level%3D0%5EORDERBYDESCsys_created_on&sysparm_first_row=1&sysparm_view=
Important notes
The SPEntryPage script is not intended as a secure means to prevent users from accessing the platform UI. For example, users with the admin role will always pass a hasRole check even if they do not have a specific role being checked.
Lastly, redirection between multiple portals is not supported.
Additional resources
How to make Service Portal your instance login page
How to configure redirects in Service Portal
Redirection with Service Portal frequently asked questions
How to configure Service Portal as your instance login page
