Blog - NOW Mobile Agent + Custom URL + Multi-Source SSO

Casey F
Tera Contributor

‎05-26-2023 06:57 AM - edited ‎05-26-2023 07:06 AM

Multi-Source SSO Configuration + Custom URL + Mobile Agent

 

Summary: Configuring platform to support more than 1 SSO source in Mobile Agent for Multi-tenant and/or multi-SSO environments via Custom URLs. 

 

Scenario: 

  • Internal organizational Fulfiller users (yourcompany.com) leveraging Mobile Agent in a high level domain via SSO source (ex. Azure AD)
  • External Fulfiller users (bestcustomer.biz) wish to leverage Mobile Agent in a lower level domain via a different SSO source (ex. Okta) 
  • Mobile agent only supports "instance URL" thus yourcompany.com/customer portals and other pre-login methods would not work

 

Pre-Requisites:

  • multi-source SSO enabled
  • Identity Provider built for SSO and tested/working
  • user in related SSO Match (i.e. email) with proper roles

Step 1: [Off-Platform] On DNS Registrar for domain Create Custom URL | Ex. servicenow.yourcompany.com

 

Step 2: [Off-Platform] Create CNAME record on DNS for URL pointing to instance URL 

 

Step 3: Create Custom URL for request (LINK) and ensure to associate the proper SSO Provider (i.e. not default) to the Custom URL via Identity Provider related list and Test

 

Step 4: Wait for Custom URL to be active (4-6hrs after testing) 

Custom URL job runs in background to assign this URL a related SSO Certificate

 

Step 5: [Off-Platform] Configure SSO Provider for custom domain [Off-Platform] (LINK) | Note, if already configured, a second SSO SAML profile is potentially necessary depending on SSO provider to support multiple source domains. 

 

Step 6: Test logging in via Web and SSO (non-mobile agent) to ensure functionality

 

Step 7: In NOW Mobile, create additional instance and test logging in with associated secondary SSO test user 

 

Possible Issues:

Custom URL not triggering Activation and/or Custom URL job not triggering

  • Check other Custom URLs and “Test CNAME”
    • For those failing and not in use – delete
  • If unable to delete or remove, export XML of legacy custom URL and import, switching
    • OLD: <custom_url action="INSERT_OR_UPDATE">
    • NEW: <custom_url action="DELETE">

 

 

Error in Mobile Agent stating: Now Mobile - error unauthorized_client: The client credentials provided (those of the service you are using) are either not valid or not trusted

  1. Fix: LINK
  2. Steps
    1. Create update set
    2. Back up oauth_entity table (Application Registries) xml file From current instance (flat file/history) and store for reference
    3. Export oauth_entity table (Application Registries) xml file from OOB instance
    4. import XML from OOB (‘clean’ file) into instance

 

  • 628 Views
0 REPLIES 0