Is there a way to use Azure AD as an LDAP Data Source?

Go to solution
Karl Dietrich
Kilo Sage

‎03-07-2022 05:16 AM

Hello there, 

I wonder if you could configure Azure and ServiceNow in such a way that you would be able to use the Azure AD as a Data Source. I do not have much experience with Azure / Azure AD, so I do not know if that is even theoretical possible. 

Normally you define an LDAP oder LDAPS Server and then you are able to browse the Directory or import the Data, but what do you do if you only have Azure and no on-premise AD? Can you just exchange Certificates and configure the LDAPS Connection? And if so how do you do it?

Thanks in advance for your answers :).

Best regards

Karl

0 Helpfuls
  • 3,868 Views
1 ACCEPTED SOLUTION

Go to solution
Karl Dietrich
Kilo Sage
In response to Richard Hine

‎03-10-2022 02:39 AM

Hi Richard,

thank you, your answer led me to the right path for the solution. So you can add the Azure AD not directly as an LDAP Server in ServiceNow but what you can do is to do it via an Active Directory Domain Service Domain. 

This is the MS Guide on how to do it:

find_real_file.png

find_real_file.png

 

With this I could successfully configure an LDAPS Connection and read Out the Directory. 

 

Best regards,

Karl

 

View solution in original post

Preview file
12 KB
Preview file
11 KB
7 REPLIES 7

Go to solution
ersureshbe
Giga Sage
Giga Sage

‎03-07-2022 05:28 AM

Hi,

If you use, Multi Provider SSO Plugin will help you to achieve your requirement. Why you are clubbing both in one. This plugin will help you to handle you data flow using user provisioning and helping for SSO in Service Now.

 

Regards,

Suresh.

Regards,
Suresh.
0 Helpfuls

Go to solution
Karl Dietrich
Kilo Sage
In response to ersureshbe

‎03-07-2022 05:37 AM

Hi Suresh, 

yes you can import Users and Groups with the Multi provider SSO, but what about other things? As far as I understand it via this you can only write to the tables sys_user, sys_user_group and sys_user_grmember.

I want to import more things like locations, companies and possible other stuff if needed. 

Regards,

Karl

0 Helpfuls

Go to solution
stevesmith
Giga Sage
In response to Karl Dietrich

‎03-07-2022 05:50 AM

Can you derive that information from attributes on the user and group records? That's how we pull in departments and some other data.
0 Helpfuls

Go to solution
Karl Dietrich
Kilo Sage
In response to stevesmith

‎03-07-2022 06:03 AM

In the past we used a workaround like that, we created a string field and processed the string after the user provisioning, but that is not the point of my question. 

My question is if it is possible to add Azure as an LDAP Server and use it as a normal data source. This would be much more flexible because this would enable you to import things like devices, licences and possibly other useful stuff. 

0 Helpfuls