Pricing  Get Quote
 
 

ServiceNow

How to configure single sign-on for ServiceNow

ADSelfService Plus supports Active Directory (AD)-based single sign-on (SSO) for ServiceNow and any other SAML-enabled application. Upon enabling SSO for ServiceNow in ADSelfService Plus, all users have to do is simply log in to their Windows machines using their AD domain credentials. Once logged in, users can securely access ServiceNow in one click without having to enter their username and password again.

ADSelfService Plus supports both Identity Provider (IdP) and Service Provider (SP)-initiated SSO for ServiceNow.

IdP-initiated SSO for ServiceNow: Users need to log in to the ADSelfService Plus self-service portal first, and then click on the ServiceNow icon on the Applications dashboard to access ServiceNow.

SP-initiated SSO for ServiceNow: Users can access their ServiceNow domain via a URL or bookmark. They will automatically be redirected to the ADSelfService Plus portal for login. Once they've signed on, they'll be automatically redirected and logged into the ServiceNow portal.

Follow the step-by-step guide given below for ServiceNow SSO

Before you begin

Download and install ADSelfService Plus if you haven’t already.

Configuring your Active Directory domain in ADSelfService Plus

With ADSelfService Plus, you can use the existing AD domain credentials of users for authentication during SSO. So, first you need to configure an AD domain in ADSelfService Plus to enable SSO for ServiceNow.

ADSelfService Plus will try to automatically add all the domains that it can discover in your network. If your domains are automatically added, skip to Step 9; otherwise, follow Steps 1-8 to add them manually.

  1. Launch the ADSelfService Plus web console and log in using admin credentials.
  2. Click the Domain Settings link available on the top-right corner of the application.
  3. An Add Domain Details window will appear.
  4. In the Domain Name field, enter the name of the domain you want to add.
  5. In the Add Domain Controllers field, click Discover. ADSelfService Plus will try to automatically discover the domain controllers associated with the domain.
  6. If the domains are not auto-discovered, then enter the domain controller name in the field provided, and click Add.
  7. You can leave the authentication fields empty if you're not going to use the end user self-service features of ADSelfService Plus.
  8. Back in the Add Domain Details window, click Add to complete adding the Active Directory domain in ADSelfService Plus.
  9. Getting the SAML details from ADSelfService Plus

  10. Navigate to Configuration → Self-service → Password Sync/Single Sign On.
  11. Click ServiceNow in the list of applications provided.
  12. Click Download SSO Certificate in the top-right corner of the screen.
  13. In the pop-up that appears, click Download metadata file and save the XML file. Open the file in a text editor and copy its content.
  14. Configuring SSO settings in ServiceNow.

  15. Log in to ServiceNow with administrator credentials.
  16. Navigate to Manage → Instance.

    ServiceNow-sso-configuration

  17. In the My Instance page, click on the instance URL. Also, note down this value. We will need it while configuring ServiceNow with ADSelfService Plus.

    ServiceNow-instance-url

  18. In the left pane, navigate to Multi-Provider SSO → Identity Providers and then click New.

    Note: If Multi-Provider SSO plugin is activated in your instance, Please follow this steps.

    multi-provider-sso-plugin-activation

  19. In the What kind of SSO are you trying to create? section, select SAML

    servicenow-saml-configuration

  20. In the Import Identity Provider Metadata pop up that appears, select XML and paste the XML file content you had copied in Step 12.

    identity-provider-xml-metadata

  21. Click Import.

    identity-provider-import

  22. All the required fields will be auto-filled. Scroll down and click Advanced tab. Make sure in the User Field, the value “email” is entered.

    identity-provider-field-settings

  23. Click Test Connection. You will be asked to log into ADSelfService Plus.
  24. One the connection is successful, click Activate.
  25. Now click on the Additional Actions icon at the top near the identity provider title and select Copy sys_id. Paste the value in a note and keep it safe.

    servicenow-self-service-connection

  26. In the left pane, navigate to Multi-Provider SSO → Administration → Properties.
  27. Make sure that Enable multiple provider SSO in enabled.
  28. In the field for user identification, change ‘user_name’ to email as the value.

    multi-provider-sso-username-setting

  29. Click Save.
  30. In the left pane, navigate to User Administration → Users.

    servicenow-users-administration

  31. Select a user for whom you want to enable SSO and click his/her username.
  32. Now click the Additional Actions icon and select Configure → Form Design.

    servicenow-design-configuration

  33. Drag and drop the SSO source field from the left pane into the user’s form and click Save.

    servicenow-sso-source-configuration

  34. Close the form design tab and go back to the user configuration page. You can notice the SSO source field added to the user’s form
  35. In the SSO source field, paste the sys_id you had copied in step 23. Append “sso:” before the sys_id value.

    servicenow-sso-update

  36. Click Update.
  37. Repeat steps 29-34 for other users to whom you want to enable SSO.
  38. Adding your ServiceNow domain in ADSelfService Plus and enabling SSO.

  39. Now, switch to ADSelfService Plus’ ServiceNow configuration page.
  40. Choose Single sign-on under Modules.
  41. In the SAML Redirect URL field, enter the instance URL from Step 15.
  42. In the Domain Name field, enter the domain name for which you just enabled SSO.  For example, if you use johndoe@thinktodaytech.com to log in to ServiceNow, then thinktodaytech.com is the domain name.
  43. In the Display Name field, provide an appropriate display name.
  44. In the Available Policies field, click the drop-down box and select the policies for which you wish to enable SSO. The policy you select will determine which users have the SSO feature enabled.

    Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.

  45. Click Save.
  46. Your users can now log into their ServiceNow accounts automatically using single sign-on.

    Highlights

    Password self-service

    Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

    One identity with Single sign-on

    Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

    Password/Account Expiry Notification

    Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

    Password Synchronizer

    Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

    Password Policy Enforcer

    Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

    Directory Self-UpdateCorporate Search

    Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

     

ADSelfService Plus trusted by

 
×
Yes I'm Interested No, I'd rather pay more.