Use Multi-Provider SSO to set up an SSO approval for a SAML 2.0 authentication

  • Rversion finale: Australia
  • Mis à jour 13 mars 2026
  • 1 minute de lecture

    • An SSO approval with e-signature requires configuration on the SAML IdP and the ServiceNow instance.

    Avant de commencer

    Role required: sso_config_admin, business_rule_admin, script_include_admin

    Pourquoi et quand exécuter cette tâche

    The SAML IdP must support and honor the forceAuthn attribute in SAML assertion requests. E-signature doesn’t function without this IdP setting. Set up an approval with e-signature using credentials from a SAML 2.0 authentication.

    Procédure

    1. Activate or upgrade to SAML 2.0 with the Activate Multi-Provider SSO plugin.
    2. Activate the Approval with E-Signature plugin.
    3. Navigate to Multi-Provider SSO > Identity Providers and verify your 2.0 SAML IdP configuration Advanced tab shows the Force AuthnRequest attribute checked.
      Your SAML 2.0 IdP must support the Force AuthnRequest attribute, or e-signature isn’t supported.
    4. On the eSignature Approval tab, enter the following e-signature SAML properties.
      OptionDescription
      Assertion Consumer URL for eSignature authentication This property defaults to the appropriate URL. To configure this property, select the lock icon to make this field editable. After edits, select the icon to lock the field.
      Assertion Consumer Index for eSignature authentication

      If your Service Provider has more than one URL set for the AssertionConsumerURL, you can set the index to use for eSignature, starting with index 1 or more.
      AuthnRequest URL for eSignature Authentication You can enter the URL that points to the SAML 2.0 IdP AuthnRequest URL for eSignature authentication. If the URL is the same as the Assertion Consumer URL, you can leave this setting empty.
      Authentication pop-up Dialog Width When a user approves a request using eSignature, a dialog opens and a user can enter credentials. This setting controls the width of that dialog box. The default is 500.
      Authentication pop-up Dialog Height When a user approves a request using eSignature, a dialog opens and a user can enter credentials. This setting controls the height of that dialog box. The default is 300.

      eSignature Approval Tab
    5. Select the Generate Metadata button underneath the tabs to regenerate the service provider metadata.
    6. Copy the service provider metadata, and update it on the SAML IdP.