Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Blog - NOW Mobile Agent + Custom URL + Multi-Source SSO

Casey F
Tera Contributor

‎05-26-2023 06:57 AM - edited ‎05-26-2023 07:06 AM

Multi-Source SSO Configuration + Custom URL + Mobile Agent

 

Summary: Configuring platform to support more than 1 SSO source in Mobile Agent for Multi-tenant and/or multi-SSO environments via Custom URLs. 

 

Scenario: 

  • Internal organizational Fulfiller users (yourcompany.com) leveraging Mobile Agent in a high level domain via SSO source (ex. Azure AD)
  • External Fulfiller users (bestcustomer.biz) wish to leverage Mobile Agent in a lower level domain via a different SSO source (ex. Okta) 
  • Mobile agent only supports "instance URL" thus yourcompany.com/customer portals and other pre-login methods would not work

 

Pre-Requisites:

  • multi-source SSO enabled
  • Identity Provider built for SSO and tested/working
  • user in related SSO Match (i.e. email) with proper roles

Step 1: [Off-Platform] On DNS Registrar for domain Create Custom URL | Ex. servicenow.yourcompany.com

 

Step 2: [Off-Platform] Create CNAME record on DNS for URL pointing to instance URL 

 

Step 3: Create Custom URL for request (LINK) and ensure to associate the proper SSO Provider (i.e. not default) to the Custom URL via Identity Provider related list and Test

 

Step 4: Wait for Custom URL to be active (4-6hrs after testing) 

Custom URL job runs in background to assign this URL a related SSO Certificate

 

Step 5: [Off-Platform] Configure SSO Provider for custom domain [Off-Platform] (LINK) | Note, if already configured, a second SSO SAML profile is potentially necessary depending on SSO provider to support multiple source domains. 

 

Step 6: Test logging in via Web and SSO (non-mobile agent) to ensure functionality

 

Step 7: In NOW Mobile, create additional instance and test logging in with associated secondary SSO test user 

 

Possible Issues:

Custom URL not triggering Activation and/or Custom URL job not triggering

  • Check other Custom URLs and “Test CNAME”
    • For those failing and not in use – delete
  • If unable to delete or remove, export XML of legacy custom URL and import, switching
    • OLD: <custom_url action="INSERT_OR_UPDATE">
    • NEW: <custom_url action="DELETE">

 

 

Error in Mobile Agent stating: Now Mobile - error unauthorized_client: The client credentials provided (those of the service you are using) are either not valid or not trusted

  1. Fix: LINK
  2. Steps
    1. Create update set
    2. Back up oauth_entity table (Application Registries) xml file From current instance (flat file/history) and store for reference
    3. Export oauth_entity table (Application Registries) xml file from OOB instance
    4. import XML from OOB (‘clean’ file) into instance

 

  • 1,116 Views
0 REPLIES 0