Fellow community members,

  I have a customer that has an interesting scenario we have been trying to solve with new users being added into ServiceNow. There are three types of users this instance will have; an employee, a customer and a consumer. The employees have their own unique SSO, and their accounts are all loaded into SN via LDAP jobs, so no issue there. Where it gets tricky is with the customers and consumers. Both use the same SSO client, and the accounts need to be auto-provisioned when the user first attempts to log in to the instance. The auto provisioning is working well, but unfortunately the SSO provider cannot tell us what type of user is logging in (customer or consumer). A REST API call has to be placed after authentication to another system to figure out if this user is a customer or consumer, and after that REST API call, we set the roles for the user to be consumer or customer and also set the class of the user to the proper one. This is being done in a business rule after the auto provisioning has competed. For the end user, there is 5-10 seconds of being in state with no roles, so where do we redirect this user to after they authenticate? What I have done so far, is configure the SPEntryPage script include to take the user to a temporary portal page that says, we are setting up your account, please wait for a few moments until you are redirected. A timeout widget is on this portal page, and after 8 seconds, the user is logged out of ServiceNow, and the original page they were on, has been reloaded. Now they can navigate around the portal page they are on, and access catalog items, etc. This is working well, but here is the caveat we have not solved; Let's say the user went to xyz.servicenow.com/csm and after clicking on a catalog item or the log in link, they get prompted for SSO, and they authenticate. If it is the first time they have authenticated, they should go to the temporary landing page I created. Since this user came from  xyz.servicenow.com/csm (customer portal), I need to send them to a specific branded page. If the user came from xyz.servicenow.com/csp (consumer portal) I need to send them to a differently branded temporary landing page. That is where I am stuck...how can I configure the SPEntryPage script to figure out where the end user came from? This is a view of the script and how it is configured right now based on roles and directing to the proper portals:

SPEntryPage.prototype = {

initialize: function() {
this.logVariables = false; // for debugging
//Setting csm or csp portal based on your roles
// This is where we need to figure out what URL the end user came from. Was it /csm or was it /csp? The else at the end would need to direct the user to a csm or csp first login page b/c the verbiage will be different.
var usr = gs.getUser();
var csm = usr.hasRole("sn_customerservice.customer");
var csp = usr.hasRole("sn_customerservice.consumer");
var emp = usr.hasRole('snc_internal');
if (csm || usr.hasRole('snc_external')) {
this.portal = "/csm";
} else if (csp) {
this.portal = "/csp";
} else if (emp){
this.portal = "/sp/"; // The URL suffix specified in the sp_portal record
} else {
this.portal = "csm?id=first_login_csm";//custom page for new users with no roles yet
//the other first login page is csp?id=first_login_csp
}
},

Does anyone have any thoughts on the script or doing something better/more efficient than what I have configured?

Thank you!

Mike