Configure ServiceNow

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 5 minutes de lecture

    • Configure ServiceNow with Azure AD details to use SSO.

    Avant de commencer

    Plugin: Integration - Multiple Provider single sign-on Installer

    Enable the Multi Provider SSO properties:

      • Select Enable multiple provider SSO.
      • Select Enable Auto Importing of users from all identity providers into the user table.
      • Select Enable debug logging for the multiple provider SSO integration.
      • Enter email, The field on the user table that.….

    Role required: admin

    Procédure

    1. Navigate to All > Multi-Provider SSO > Identity Providers.
    2. On the Identity Providers page, select New.
    3. On the Identity Providers windows, select SAML.
    4. On the Import Identity Provider Metadata, you can either:
      • URL: App Federation Metadata URL to auto-populate the details on the Identity Provider configuration page.
      • Import: Import the XML to import the details on the Identity Provider configuration page.
    5. Right click on the top of the screen, click Copy sys_id, and use this value to the Sign on URL in Basic SAML Configuration section.
    6. On the form, fill in the fields.
      Tableau 1. Multi-provider single sign-on fields
      Property Required Description
      Name Yes Name for the IdP. This IdP is the auto redirect sys id.
      Active Yes Active should be set to true for the IdP to be used for authentication.
      Remarque :
      The option to set this property only comes after a successful test connection.
      Default No Auto Redirect IdP, formerly known as the Primary IdP, automatically redirects users to access the base instance URL. This property sets this IdP configuration as the default.
      Auto Redirect IdP No IdP configuration that you can set as the Auto Redirect IdP.
      Remarque :
      If you make a new Auto Redirect IdP configuration active, the glide_sso_id cookie updates with the new Auto Redirect IdP. The glide.authenticate.sso.update.idp.cookie system property, automatically enabled, controls this feature.
      Identity Provider URL Yes URL to your IdP. Each IdP URL must be unique.
      Identity Provider's AuthnRequest Yes URL to the HTTP-Redirect binding obtained from the SingleSignOnService element.
      Identity Provider's SingleLogoutRequest No URL obtained from the SingleLogoutService element.
      ServiceNow Homepage Yes URL, including the login page, of the instance for which the IdP authenticates. For example: https://yourinstance.service-now.com/navpage.do
      Entity ID/Issuer Yes Base URL, excluding the login page of the instance for which the IdP authenticates. For example: https://yourinstance.service-now.com/
      Audience URI Yes Base URL, excluding the login page of the instance for which the IdP authenticates. For example: https://yourinstance.service-now.com/
      NameID Policy Yes Value of the NameIDFormat element the integration uses.
      External logout redirect No URL where the integration redirects users after they log out.
      Failed Requirement Redirect No URL for redirecting failed authentication requests. By default, this is the URL endpoint of an error page or logout page configured in the IdP. You can populate this value in the glide.authenticate.failed_requirement_redirect field.
    7. Facultatif : Encryption And Signing tab
      Remarque :
      Use your own certificates for the encryption and signing.

      Encryption and Signing tab
      Tableau 2. Encryption and Signing fields
      Property Description
      Signing/Encryption Key Alias Alias of the key entry stored in SAML 2.0 SP Keystore.
      Signing Key Password Password of the key entry stored in SAML 2.0 SP Keystore.
      Encrypt Assertion Check box to encrypt the assertion in the SAML response. The metadata generated for the IDP embeds the x509 certificate, which the IDP uses to encrypt the assertion in the SAML response that it generates.
      Signing Signature Algorithm URL that points to the SAML 2.0 Identity Provider AuthnRequest Consumer for eSignature Authentication.
      Sign AuthnRequest Check box to enable the IdP single-sign on service to receive a signed AuthnRequest.
      Sign LogoutRequest Check box to enable the IdP single-sign on service to receive a signed LogoutRequest.
    8. Facultatif : User Provisioning tab
      User Provisioning Tab.
      Tableau 3. User Provisioning fields
      Property Description
      Auto Provisioning User Automatic user provisioning, creates the users when user doesn't exists in the instance User Table based on the information provided by the IdP.
      Update User Record Upon Each Login Update to user information in the instance User table with the information in the IdP each time that the user logs in using SAML.
    9. Facultatif : Advanced tab
      Advanced tab
      Tableau 4. Advanced fields
      Property Description
      User Field Field on the User table that contains the value that the IdP requires to identify the user. This unique id is part of the response. For example, a user name, employee id, and so on. In the sys user table, this unique id is matched with the user details.
      NameID Attribute Field that you leave empty unless you configure a new NameID policy. If you configure a new policy, the system requires the User table it must use to identify the user logging in. The system matches the NameID token to the name of that User table field.
      Create AuthnContextClass Check box to specify a particular context class such as Password Protected Transport. If the check box is cleared, the IdP selects the most appropriate context class.
      AuthnContextClassRef Method URN of the login mechanism that you want the IdP to use to authenticate users.
      Force AuthnRequest Check box to force AuthnRequests to occur.
      Is Passive AuthnRequest Check box if the AuthnRequest is passive.
      Single Sign-On Script Single Sign-On script. The default is MultiSSOV2_SAML2_custom.
      Sign Logout Response Logout response details in this field.
      Clock Skew Nnumber of seconds between the two attributes that make up the SAMLResponse nonce. The default is 60. A valid SAMLResponse must fall between the notBefore and notOnOrAfter date-time values. See Sample SAML 2 Response with the SubjectConfirmation and SubjectConfirmationData Elements and Sample SAML 2 Response with the AudienceRestrictions and Audience Elements for a sample SAMLResponse message.
      Protocol Binding for the IDP's SingleLogoutReuqest One of the supported values listed in the Binding attribute from the SingleLogoutService element.
      Metadata URL from which IDP properties are imported IdP properties import from this URL. If set, it enables the automatic import of SAML certificate from the IdP if the previous certificate has expired.
      Remarque :
      If you upgrade from SAML2 Update 1 to Multi-Provider SSO or if you manually set up your SSO connection, the IdP Metadata URL does not automatically populate.
      Request Unique id as part of request. The id can be a user name, employee id, and so on.
      Remarque :
      Both redirect and post binding is supported for request. The option to set this field only appears after a successful test connection. For more information, see Test IdP connections.
      Response Unique id as part of response. The id can be a user name, employee id, and so on.
      Remarque :
      Both redirect and post binding is supported for response. The option to set this field only appears after a successful test connection. For more information, see Test IdP connections.
    10. Select Test Connection at the upper-right corner of the page.
    11. Enter your credentials.
      The SSO Logout Test Results are displayed.
    12. Select Activate to activate the configuration.