Set the audience URL for SAML

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Enable your instance to verify that it is the intended recipient of a SAML response by using the Audience property.

    Before you begin

    Role required: sso_config_admin, business_rule_admin, script_include_admin

    About this task

    The integration verifies that each SAML response contains the same URL listed in this system property as the URL listed in the Audience element. For example:
    <samlp:Responsexmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  ID="s2cdc74f37f923e26fe1aeec42b70a93d24230334f"  InResponseTo="90AA6073F01567BFB0DF194F596314E2"  Version="2.0"  IssueInstant="2010-04-29T23:21:51Z"  Destination="https://dloomac.service-now.com/navpage.do">
...
<saml:Conditions NotBefore="2012-01-30T19:57:10Z"  NotOnOrAfter="2012-01-30T20:17:10Z"><saml:AudienceRestriction><saml:Audience>https://demoi2.service-now.com</saml:Audience></saml:AudienceRestriction></saml:Conditions>
...
</samlp:Response>

    Procedure

    1. Navigate to All > SAML 2 Single Sign-on > Properties.
    2. In the property The audience uri that accepts SAML2 token. (Normally, it is your instance URI. For example: https://<instance name>.service-now.com.), enter the URL of your instance.
      For example, https://demoi2.service-now.com. This URL must match the value of the Audience element in the SAML Response.
    3. Click Update.