Hello there!

Need Help? We are right here!

support
miniOrange Support

Thanks for your inquiry.
One of our representatives will get in touch with you shortly via email.

Single Sign On (SSO) for Servicenow
miniOrange provides a ready to use solution for Servicenow. This solution ensures that you are ready to roll out secure access to Servicenow to your employees within minutes.

Servicenow

miniOrange provides secure access to Servicenow for enterprises and full control over access of its applications. Single Sign On (SSO) into your Servicenow account with one set of login credentials.

  • Servicenow supports only IdP(Identity Provider) initiated Single Sign On(SSO)

      In IdP Initiated Login, SAML request is initiated from miniOrange IdP.

      • Enduser first authenticates through miniOrange Idp by login to miniOrange Self Service Console.
      • On User Dashboard , there is a Servicenow icon, when the enduser clicks on the icon he will be redirected to his Servicenow Account - there is no need to log in again.

    Follow the Step-by-Step Guide given below for Servicenow Single Sign On (SSO)

    Step 1: Configure Servicenow in miniOrange

    1. Login to miniOrange Admin Console.
    2. Go to Apps >> Manage Apps. Click Configure Apps button.
    3. Click on SAML tab. Select Servicenow and click Add App button.
    4. servicenow sso configuration steps

    5. Get the SP Entity ID or Issuer from the metadata. You will find the value in the first line against entityID.
    6. Make sure the ACS URL is in the format: https://[yourdomain].my.servicenow.com/?so=[organization_id]. .
    7. Click on Show Advanced Settings. Against Relay State select Custom Attribute Value & enter https://www.servicenow.com/
    8. Enable Override RelayState.
    9. You can set another value for relay state depending on where you want to redirect the user after SSO.
    10. Add a new policy for Servicenow.
      1. Select a Group Name from the dropdown - the group for which you want to add Servicenow policy.
      2. Give a policy name for Servicenow in the Policy Name field.
      3. Select the First Factor Type for authentication.
      4. Enable Second Factor for authentication if required.
      5. Click on Save button to add policy for Servicenow Single Sign On (SSO).
      servicenow sso add policy

    11. Click on Save to configure Servicenow.

    Step 2: Setting SAML in Servicenow

    • Login to ServiceNow as the system administrator.
    • Activate the Integration - Multiple Provider Single Sign-On Installer plugin by doing the following:
      • Search for plugins in the Filter navigator (top left input field).
      • Search for Integration - Multiple Provider Single Sign-On Installer from the search bar at the top of the Plugins page:
      • Right-click on the correct plugin, then select Activate/Upgrade:
      • servicenow sso admin login

      • This completes the installation of the Multiple Provider Single Sign-On plugin, allowing you to now configure Single Sign-On settings within ServiceNow.
    • Search for Multi-Provider SSO in the Filter navigator (top left input field). Select Identity Providers.
    • Click the SAML2 Update1 > Name. Select Configure > Form Design from the Additional actions menu.
    • servicenow sso configuration

    • The new Form Design tab should appear. Set the Sign LogoutRequest field after Sign AuthnRequest.
    • Click Save (top right). Close the Form Design tab.

    Step 3: Configure Provider in Servicenow

    • Go back to the Identity providers menu. Click New.
    • servicenow sso configure provider steps

    • Select the SAML2 Update1 option.
    • service now sso saml 2 update1

    • An Import Identity Provider Metadata pop-up dialogue appears.
    • Enter the following Metadata URL: Sign into the miniOrange Admin dashboard to generate this value. Click Import.
    • servicenow sso enter metadata url

    • Check Active. Check Default (if you want this SAML configuration to be the default).
    • In the user field, specify the ServiceNow user attributes that you will be matching against miniOrange with SAML. By default, this is user_name, but can be configured to match other attributes such as email, depending on your use-case.
    • Enter the following Identity Provider's SingleLogoutRequest URL: Sign into the miniOrange Admin Dashboard to generate this variable.
    • Change the Protocol Binding for the IDP's SingleLogoutRequest to the following: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
    • Check Create AuthnContextClass.
    • Signing/Encryption Key Alias: Enter the alias name you created for the SAML 2.0 Keystore. By default, the integration looks for the alias saml2sp.
    • Signing/Encryption Key Password: Enter the password to your SAML 2.0 Keystore. By default, the password is the same as the default alias name.
    • Check Force AuthnRequest if you want to enable Force AuthnRequest.
    • Check Sign LogoutRequest and Uncheck Auto Provisioning User.
    • Uncheck Update User Record Upon Each Login. Your settings should look like this: servicenow sso update user record
    • Click Update. Click Generate Metadata: The new metadata tab appears.
    • Save the X509Certificate value.
    • servicenow sso save certificate value

    • Create a file in a text editor in the following format:
      -----BEGIN CERTIFICATE-----
      [your X509Certificate value]
      -----END CERTIFICATE-----
            
    • Save the text file as servicenow_slo.cert: and close the metadata tab.
    • Select Properties under Administration from the Multi-Provider SSO sidebar on the left.
    • Check Enable multiple provider SSO.
    • Uncheck Enable Auto Importing of users from all identity providers into the user table. Click Save.
    • servicenow sso Uncheck Enable Auto Importing of users

    Step 4: Onboard users into our system.

    • Click on Users >> Add User.
    • servicenow sso add user

    • Here, fill the user details without the password and then click on the Create User button.
    • servicenow sso add user details

    • Click on On Boarding Status tab. Check the email, with the registered e-mail id and select action Send Activation Mail with Password Reset Link from Select Action dropdown list and then click on Apply button.
    • servicenow sso click on email link

    • Now, Open your email id. Open the mail you get from miniOrange and then click on the link to set your account password.
    • On the next screen, enter the password and confirm password and then click on the Reset Password button.
    • servicenow sso reset password

    • Now, you can log in into miniOrange account by entering your credentials.

    Step 5: Login to miniOrange Account

    • Go to miniOrange dashboard and select the User Dashboard from the right side menu.
    • servicenow single sign on user dashboard


    • Click on Servicenow application which you added, to verify your sso configuration.
    • servicenow verify sso configuration

    Using Two Factor Authentication for Servicenow

    The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.

    Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, tracks who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.


  • We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.
    Please call us at +1978 658 9387 or email us at info@xecurify.com

    We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

    Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com