Multi-Provider single sign-on (SSO)

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Multi-Provider Single Sign-On (SSO)

    Multi-Provider Single Sign-On (SSO) allows organizations to authenticate users across multiple applications using a single set of credentials. ServiceNow acts as a service provider, relying on external Identity Providers (IdPs) to validate user identities. To implement this feature, the Multi-Provider Single Sign-On Installer plugin must be activated in ServiceNow.

    Show full answer Show less

    Key Features

    • Support for Multiple IdPs: ServiceNow can integrate with various SSO methods including OpenID Connect, SAML 2.0, and Digest Authentication.
    • Configuration Steps: Set up involves configuring properties, creating IdPs, and managing user access.
    • IdP Listing: A maximum of 10 IdPs can be displayed on the login page, enhancing user choice.
    • Zurich Release Enhancements: Features include listing SAML IdPs, allowing group selection for auto-provisioning, and streamlined OIDC configuration.
    • Error Handling and Notifications: Enhanced error messages and notifications for certificate expiry help maintain secure configurations.

    Key Outcomes

    By implementing Multi-Provider SSO, organizations can provide seamless access for users across different roles, such as employees, vendors, and administrators, ensuring a secure and efficient authentication process. This flexibility allows for tailored authentication solutions depending on user needs, enhancing overall user experience and security.

    External SSO allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication.

    Multi-Provider Single sign-on (SSO) is an authentication method that enables users to access multiple applications with one login and one set of credentials.

    For using SSO, you must understand the following:

    • Service Providers: When users trying to access the ServiceNow instance are redirected to an Identity Providers (IdP) to validate their credentials after successful validation users are allowed to access the instance. Here, ServiceNow acts as a service provider and relies on an Identity Provider (IdP) for handling user authentication and granting access to the instance.
    • Identity Providers: IdPs are external systems that validates the users identity and credentials to access a system.

    To establish an SSO with to access ServiceNow, you must activate Multi-Provider Single sing-on (SSO) you must install the Integration - Multiple Provider Single Sign-On Installer (com.snc.integration.sso.multi.installer) plugin. For more information, see Activate Multi-Provider SSO plugin.

    After successful installation of the plugin, you can customize the SSO properties, access tables and scripts that are shipped along with the plugin. For more information, see Multi-Provider SSO properties, tables, and scripts.

    ServiceNow supports the following SSO methods:

    Choose the SSO method based on your requirement and learn more about how you need to prepare for configuring SSO. You must perform several steps to set up Multi-Provider SSO, including configuring properties, creating identity providers (IdPs), and configuring users to use SSO. For more information, see Multi-Provider SSO configurations.

    After a successful configuration, the active IdPs in the instance are listed on the ServiceNow. You can list various SAML or OIDC Identity Providers (IdPs).
    Note:
    A maximum of 10 IdPs can be listed on the login page. The IdP options won't be visible if the instance has Domain Support - Domain Extensions Installer (com.glide.domain.msp_extensions.installer) plugin installed and enabled.
    The Zurich release of ServiceNow include the following enhancements on SSO:
    • List SAML IdPs on login page: Log in using SAML and OIDC IdPs that are listed on the login experience on both the platform and portal login pages, making it easier for users to select their preferred IdP. Earlier only OIDC IdPs were listed.
    • Select group for Auto-Provisioning: Select specific groups during the auto-provisioning configuration for SAML and OIDC, ensuring users are assigned to the correct groups automatically.
    • Configure multiple OIDC record using the same well-known URL: Simplify OIDC setup by allowing the creation of OIDC records using the same well-known URL, streamlining the configuration process.
    • Enhanced External logout complete page: Display of login failure reason to the user. Provision to log in again to ServiceNow on the external logout complete page in case of successful logout.
    • Enhanced error message: Display of generic error message when Single Logout (SLO) is unsuccessful, ensuring consistent and secure communication.
    • Notification enhancements for SAML Certificate and Encryption Keystore: Receive timely notifications to the admins for SAML certificate and Encryption Keystore updates expiry, ensuring that your SSO configurations remain secure and up-to-date.

    Why organization needs SSO

    A globally dispersed corporation might require one SSO provider for their employees, a different one for their vendors, and local database authentication for their administrators. Alternatively, a company might implement SAML 2.0 and a digest token authentication solutions on the same instance.