• Home
• App Integrations
• Single Sign-On Integrations
• ServiceNow Single Sign-On (SSO)

ServiceNow SAML Single Sign-On (SSO) Configuration

---

miniOrange's ServiceNow Single Sign-On (SSO) solution enables seamless access to your ServiceNow application using a single set of credentials, simplifying the login process across multiple applications. With ServiceNow SSO integration by miniOrange, you can leverage federated identity and connect all your applications, including ServiceNow CRM, using a unified set of credentials. In addition to SSO, miniOrange provides robust IAM features for ServiceNow, empowering organizations to secure access to their ServiceNow instance and efficiently manage user access. Benefit from enhanced security, streamlined user management, and a seamless login experience by implementing miniOrange's ServiceNow SSO solutions and best practices.

With miniOrange ServiceNow SSO, you can:

• Enhance the user experience by enabling seamless login to ServiceNow without the need for multiple credentials.
• Effortlessly manage user access through centralized control
• Integrate smoothly with external identity sources such as Azure AD, ADFS, Cognito, and more

Supported SSO Features

miniOrange ServiceNow SAML integration supports the following features:

• SP Initiated SSO Login: Users can access their ServiceNow account via a URL or bookmark. They will automatically be redirected to the miniOrange portal for login. Once they've signed on, they'll be automatically redirected and logged into ServiceNow.
• IdP Initiated SSO Login: Users need to login to the miniOrange first , and then click on the ServiceNow icon on the applications dashboard to access ServiceNow.(If you have set up any more Identity Sources, you will log in to that platform).
• JIT Provisioning: Enables the automatic creation of user accounts in ServiceNow when a person logs in for the first time via Desktop SSO, IDP, or Active Directory (AD) authentication.
• Single Logout: With this feature, you will be automatically logged out of all the applications that are connected with Identity provider (IdP) when you log out from ServiceNow org or any other app.
• Mandate users to Login using SSO: Single Sign-on can make it mandatory for all users to log in using SSO. This will prevent any person from login using any other source and bypassing the login system. No person will be able to have direct login making it a streamline and secure process.

Prerequisites

• Only Workspace Owners can configure SSO
• It’s only supported in Business+ and Enterprise Grid

Follow the Step-by-Step Guide given below for ServiceNow Single Sign-On (SSO)

1. Configure ServiceNow in miniOrange

• Login into miniOrange Admin Console.
• Go to Apps and click on Add Application button.



• In Choose Application, select SAML/WS-FED from the application type dropdown.



• Search for ServiceNow in the list, if you don't find ServiceNow in the list then, search for custom and you can set up your application in Custom SAML App.

• Get the SP Entity ID or Issuer from the metadata. You will find the value in the first line against entityID.
• Make sure the ACS URL is in the format: https://[yourdomain].my.servicenow.com/?so=[organization_id].
• Click on Next to proceed further.



• In the Attribute Mapping tab to configure the following attributes as shown in the image below.



• Click on Save to configure Servicenow.

To get miniOrange metadata details in order to configure ServiceNow :

• Go to Apps >> Applications.
• Search for your app and click on the icon ' ' in Actions menu against your app.
• Click on Metadata to get metadata details, which will be required later. Click on Show SSO Link to see the IDP initiated SSO link for ServiceNow.



• Here you will see 2 options, if you are setting up miniOrange as IDP copy the metadata details related to miniOrange, if you required to be authenticated via external IDP's (Okta, Microsoft Entra ID, Active Directory, ADFS, OneLogin, Google Workspace) you can get metadata from the 2nd Section as shown below.



• Click on Show Metadata Details >> Download Metadata and keep the file handy. You will require this in Step 3 .

2. Configure SAML in Servicenow

• Login to ServiceNow as the system administrator.
• Activate the Integration - Multiple Provider Single Sign-On Installer plugin by doing the following:
  • Search for plugins in the Filter navigator (top left input field).
  • Search for Integration - Multiple Provider Single Sign-On Installer from the search bar at the top of the Plugins page:
  • Right-click on the correct plugin, then select Activate/Upgrade:
  
  
  
  • This completes the installation of the Multiple Provider Single Sign-On plugin, allowing you to now configure Single Sign-On settings within ServiceNow.
• Search for Multi-Provider SSO in the Filter navigator (top left input field). Select Identity Providers.
• Click the SAML2 Update1 > Name. Select Configure > Form Design from the Additional actions menu.



• The new Form Design tab should appear. Set the Sign LogoutRequest field after Sign AuthnRequest.
• Click Save (top right). Close the Form Design tab.

3. Configure Provider in Servicenow

• Go back to the Identity providers menu. Click New.



• Select the SAML2 Update1 option.



• An Import Identity Provider Metadata pop-up dialogue appears.
• Enter the following Metadata URL : Sign into the miniOrange Admin dashboard to generate this value. Click Import.



• Check Active. Check Default (if you want this SAML configuration to be the default).
• In the user field, specify the ServiceNow user attributes that you will be matching against miniOrange with SAML. By default, this is user_name, but can be configured to match other attributes such as email, depending on your use-case.
• Enter the following Identity Provider's SingleLogoutRequest URL: Sign into the miniOrange Admin Dashboard to generate this variable.
• Change the Protocol Binding for the IDP's SingleLogoutRequest to the following: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
• Check Create AuthnContextClass.
• Signing/Encryption Key Alias: Enter the alias name you created for the SAML 2.0 Keystore. By default, the integration looks for the alias saml2sp.
• Signing/Encryption Key Password: Enter the password to your SAML 2.0 Keystore. By default, the password is the same as the default alias name.
• Check Force AuthnRequest if you want to enable Force AuthnRequest.
• Check Sign LogoutRequest and Uncheck Auto Provisioning User.
• Uncheck Update User Record Upon Each Login. Your settings should look like this:



• Click Update. Click Generate Metadata: The new metadata tab appears.
• Save the X509Certificate value.



• Create a file in a text editor in the following format:

                -----BEGIN CERTIFICATE-----
                  [your X509Certificate value]
                -----END CERTIFICATE-----
                

• Save the text file as servicenow_slo.cert: and close the metadata tab.
• Click the Test Connection button in the IDP form above to open a new window.



• Now, enter your miniOrange login credential and click on Login.



• When SSO Test Connection is successful, you see a screen like below.

  Note : It may requires removing Identity Provider's SingleLogoutRequest field value on IdP record for a successful Test Connection like below:




• Click on Activate to activate above IdP.
• Select Properties under Administration from the Multi-Provider SSO sidebar on the left.
• Check Enable multiple provider SSO.
• Uncheck Enable Auto Importing of users from all identity providers into the user table. Click Save.

4. Test SSO Configuration

Test SSO login to your ServiceNow account with miniOrange IdP:

Using SP Initiated Login

• Go to your ServiceNow URL, here you will be either asked to enter the username or click on the SSO link which will redirect you to miniOrange IdP Sign On Page.



• Enter your miniOrange login credential and click on Login. You will be automatically logged in to your ServiceNow account.

Using IDP Initiated Login

• Login to miniOrange IdP using your credentials.



• On the Dashboard, click on ServiceNow application which you have added, to verify SSO configuration.





Not able to configure or test SSO?


Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.

External References

• Integrate Servicenow with miniOrange
  
• Enable MFA for ServiceNow
  
• Checkout miniOrange app integrations for SSO and MFA
  
• Learn more about Workforce Identity Solution?
  
• What is Single Sign-on SSO? Know more about SSO