Configure a Facebook-based Single Sign-On (SSO)

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Configure a Facebook-based SSO to your ServiceNow instance.

    Before you begin

    Have a valid Client ID that is configured as an IdP from Facebook.

    Enable the following properties:
    • Enable multiple provider SSO.
    • Enable debug logging for the multiple provider SSO integrations.

    Role required: admin

    Procedure

    1. Navigate to All > Multi-Provider SSO > Identity Providers.
    2. To create a new Facebook identity provider, click New.
    3. Click OpenID Connect.
    4. On the form, fill in the fields.
      Table 1. Import OpenID Connect Well Known Configuration form
      Fields Description
      Name Unique name for the OIDC identity provider configuration.
      Client ID The client ID of the application registered in the third-party OIDC identity provider.
      Client Secret The client secret of the application registered in the third-party OIDC identity provider.
      Well known Configuration URL The URL that contains metadata about the third-party OIDC identity provider.
      Import OpenID Connect Well Known Configuration fields
    5. Click Import.
      The Facebook-based IdP is created.
      Facebook-based IdP
    6. Select the Facebook IdP.
    7. In the Facebook idP, do the following:
      1. Validate all the fields such as Name, OIDC Entity Profile, External logout redirect, and ServiceNow Homepage.
      2. Provide your SSO label.
    8. In the User Provisioning tab, specify the fields that you need to configure users to specific user provisioning and roles.

      Only the mandatory fields are required. You can specify the remaining fields depending on what you need.


      User Provisioning
    9. In the OIDC Entity tab, do the following:
      1. Click the entity.
      2. Set the Redirect URL field to your Facebook redirect URL.

      OIDC Entity - Redirect URL
    10. In the OAuth Entity Profiles tab, do the following:
      1. In the profile details, click a profile.
      2. Select a scope and verify the details.
        For example, select scope-1

      Profile Scope
    11. In the OAuth Entity Scopes tab, click the scope-1 link and add the scope as email.

      Entity Scopes
    12. To save the configuration, right-click the header and click Save.
    13. To set the configuration as active, select Active.

    Result

    Users are displayed with the Facebook SSO option on the login form.
    Login with Facebook