Regarding SSO login using an M365 account

bonsai · 2 weeks ago

I plan to implement SSO login using M365 users, following the instructions in the article below.

If I configure it according to this article, will I be automatically logged in when I access the ServiceNow instance URL as an M365 user?

https://learn.microsoft.com/en-us/entra/identity/saas-apps/servicenow-tutorial

John72Anderson · 2 weeks ago

In which case you should check that "glide.sso.acr.enabled" is set to "false".

View solution in original post

Tanushree Maiti · 2 weeks ago

Hi @bonsai

It will work.

Refer this blog: ServiceNow SSO Integration | SSO Implementation in ServiceNow with ease | Servicenow single sign-on

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

John72Anderson · 2 weeks ago

It works well but be aware that not all attributes that have been traditionally available in AD and consumed via LDPA are not available in Entra either at all or not without using some of the extension attributes. A good example would be SAMAccountName.

Also, it's worth giving some thought to the use of ACR (Account Recovery). Typically, once SSO is enabled the best practice is to use ACR which disables all other local accounts and then uses a single recovery account to troubleshoot SSO issues. This account does not give you Admin access to the platform. You might not want to do this if you want to retain the ability for Admins to login locally.

bonsai · 2 weeks ago

I want to allow users to log in via SSO and local login to coexist.

The requester will log in via SSO, and the filler will log in locally.

John72Anderson · 2 weeks ago

In which case you should check that "glide.sso.acr.enabled" is set to "false".