Generate instance service provider (SP) metadata for SAML

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • As part of your SSO configuration, you can generate the instance SP metadata to provide to the IdP.

    시작하기 전에

    Role required: sso_config_admin, business_rule_admin, script_include_admin

    이 태스크 정보

    The IdP needs the instance SP metadata to authenticate and forward requests.

    프로시저

    1. Choose your installed SSO plugin:
      옵션설명
      Multi-Provider SSO Navigate to Multi-Provider SSO > Identity Providers. Choose an IdP and click the Generate Metadata button. The integration automatically generates the instance's SP metadata from the system property settings.
      SAML 2 SSO Navigate to SAML 2 Single Sign-on > Metadata. The integration automatically generates the instance's SP metadata from the system property settings.
    2. Copy the SP metadata in the text box.

      For example:

      <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://yourinstance.service-now.com">
 	<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
		<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://yourinstance.service-now.com/navpage.do" />
		<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
		<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yourinstance.service-now.com/navpage.do" />
		<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yourinstance.service-now.com/consumer.do"/>
	</SPSSODescriptor>
</EntityDescriptor>
    3. Provide the instance SP metadata to the IdP.
      For example, SSOCircle allows a user to provide the SP metadata online.