As part of your SSO configuration, you can generate the instance SP metadata to
provide to the IdP.
Avant de commencer
Role required: sso_config_admin, business_rule_admin, script_include_admin
Pourquoi et quand exécuter cette tâche
The IdP needs the instance SP metadata to authenticate and forward requests.
Procédure
-
Choose your installed SSO plugin:
-
Copy the SP metadata in the text box.
For example:
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://yourinstance.service-now.com">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://yourinstance.service-now.com/navpage.do" />
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yourinstance.service-now.com/navpage.do" />
<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yourinstance.service-now.com/consumer.do"/>
</SPSSODescriptor>
</EntityDescriptor>
-
Provide the instance SP metadata to the IdP.
For example, SSOCircle allows a user to provide the SP metadata online.