How can you force a certain SSO on a specific Sevice Portal

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-28-2017 06:55 AM
We are implementing multiple service portals and we need to force a specific SSO on each portal. So the end result would be when a user goes to portal A he will login using SSO A and when user goes to portal B he will login using SSO B.
Any ideas on how we can do this? We can see in service portal configuration that you can define a login page, but how can this be set to a specific SSO provider instead?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-28-2017 07:39 PM
Hi Jimboy,
Once you enabled Multiple-Provider SSO plugin system will add a link "Use external login" on the login page. So if you have multiple Identity Provider records configured when you click on the link to login it will display a list of IdPs for you to choose. System could not know which IdP you will use before you login so the choice needs to be made by yourself.
Alternatively you can use below URL to specify the sys_id of the IdP you will use to login.
/login_with_sso.do?glide_sso_id=<sys_id of the sso configuration>
This is documented in below wiki page.
Cheers
Henry

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-28-2017 08:01 PM
Hi Henry, we've already done that and know that you can directly access the SSO page using that URL method.
What we want to achieve is to make it very seamless for our users when logging in, that's why we want to force a specific SSO on a specific Service Portal. There should be no need to click external login because we already know that when you go to service portal A then the system should show SSO A.
Again, the end result would be when a user goes to portal A he will login using SSO A and when user goes to portal B he will login using SSO B.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-29-2017 09:54 AM
We are thinking creating a new service portal page and set is as the login page for Service Portal A for example, then make a clone of the login widget and in the widget's code do the redirection to the specific SSO login page. Do you think this approach can work?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-31-2017 06:52 PM
Hi Jimboy,
AFAIK there is no OOB function can achieve this. The link [Use external login] is the default link for SSO login.
Your request could only be realized by customization. It seems the direction you mentioned is the correct one.
You can make new login widget for each login page of the Service Portal and inside the widget compulsorily redirect user to the specific IdP for authentication.
If you need any more help regarding the customization I recommend you contact ServiceNow Professional Service team.
Cheers
Henry