Single Sign On (SSO) for Servicenow
miniOrange provides a ready to use solution for Servicenow. This solution ensures that you are ready to roll out secure access to Servicenow to your employees within minutes.

Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.

Servicenow

miniOrange provides secure access to Servicenow for enterprises and full control over access of its applications. Single Sign On (SSO) into your Servicenow account with one set of login credentials.

  • Servicenow supports only IdP(Identity Provider) initiated Single Sign On(SSO)

      In IdP Initiated Login, SAML request is initiated from miniOrange IdP.

      • Enduser first authenticates through miniOrange Idp by login to miniOrange Self Service Console.
      • On User Dashboard , there is a Servicenow icon, when the enduser clicks on the icon he will be redirected to his Servicenow Account - there is no need to login again.

    Follow the Step-by-Step Guide given below for Servicenow Single Sign On (SSO).

    Step 1: Configure Servicenow in miniOrange

    1. Login to miniOrange Admin Console.
    2. Go to Apps >> Manage Apps . Click Configure Apps button.
    3. Click on SAML tab. Select Servicenow and click Add App button.


    4. Get the SP Entity ID or Issuer from the metadata. You will find the value in the first line against entityID.
    5. Make sure the ACS URL is in the format: https://[yourdomain].my.servicenow.com/?so=[organization_id]. .
    6. Click on Show Advanced Settings. Against Relay State select Custom Attribute Value & enter https://www.servicenow.com/
    7. Enable Override RelayState.
    8. You can set another value for relay state depending on where you want to redirect user after SSO.
    9. Add a new policy for Servicenow.
      1. Select a Group Name from dropdown - the group for which you want to add Servicenow policy.
      2. Give a policy name for Servicenow in Policy Name field.
      3. Select the First Factor Type for authentication.
      4. Enable Second Factor for authentication if required.
      5. Click on Save button to add policy for Servicenow Single Sign On (SSO).


    10. Click on Save to configure Servicenow.

    Step 2: Setting SAML in Servicenow

    • Login to ServiceNow as the system administrator.
    • Activate the Integration - Multiple Provider Single Sign-On Installer plugin by doing the following:
      • Search for plugins in the Filter navigator (top left input field).
      • Search for Integration - Multiple Provider Single Sign-On Installer from the search bar at the top of the Plugins page:
      • Right-click on the correct plugin, then select Activate/Upgrade:


      • This completes the installation of the Multiple Provider Single Sign-On plugin, allowing you to now configure Single Sign-On settings within ServiceNow.
    • Search for Multi-Provider SSO in the Filter navigator (top left input field). Select Identity Providers.
    • Click the SAML2 Update1 > Name. Select Configure > Form Design from the Additional actions menu.


    • The new Form Design tab should appear. Set the Sign LogoutRequest field after Sign AuthnRequest.
    • Click Save (top right). Close the Form Design tab.

    Step 3: Configure Provider in Servicenow

    • Go back to the Identity providers menu. Click New.


    • Select the SAML2 Update1 option.


    • An Import Identity Provider Metadata pop-up dialog appears.
    • Enter the following Metadata URL : Sign into the miniOrange Admin dashboard to generate this value. Click Import.


    • Check Active. Check Default (if you want this SAML configuration to be the default).
    • In the user field, specify the ServiceNow user attributes that you will be matching against miniOrange with SAML. By default, this is user_name, but can be configured to match other attributes such as email, depending on your use-case.
    • Enter the following Identity Provider's SingleLogoutRequest URL: Sign into the miniOrange Admin Dashboard to generate this variable.
    • Change the Protocol Binding for the IDP's SingleLogoutRequest to the following: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
    • Check Create AuthnContextClass.
    • Signing/Encryption Key Alias: Enter the alias name you created for the SAML 2.0 Keystore. By default, the integration looks for the alias saml2sp.
    • Signing/Encryption Key Password: Enter the password to your SAML 2.0 Keystore. By default, the password is the same as the default alias name.
    • Check Force AuthnRequest if you want to enable Force AuthnRequest.
    • Check Sign LogoutRequest and Uncheck Auto Provisioning User.
    • Uncheck Update User Record Upon Each Login. Your settings should look like this:
    • Click Update. Click Generate Metadata : The new metadata tab appears.
    • Save the X509Certificate value.


    • Create a file in a text editor in the following format:
      -----BEGIN CERTIFICATE-----
      [your X509Certificate value]
      -----END CERTIFICATE-----
      			
    • Save the text file as servicenow_slo.cert: and close the metadata tab.
    • Select Properties under Administration from the Multi-Provider SSO sidebar on the left.
    • Check Enable multiple provider SSO.
    • Uncheck Enable Auto Importing of users from all identity providers into the user table. Click Sav.


    Step 4: Onboard users into our system.

    1. Download sample csv format from our console and create a CSV file containing your users in this format.


    2. Upload your CSV in our console via Bulk Upload.
    3. After uploading the CSV file successfully, you will see a success message.
    4. From Users/Groups menu, select Manage Users/Groups and go to On Boarding Status. Select users to send activation mail and click on send activation mail. An activation mail will be sent to the selected users.



    Step 5: Register users into our system (End Users)

    1. Sign In to your mail and click on registration link that is valid only for 5 days. You will be redirected to our registration page.
    2. Configure your basic details.


    3. Configure any strong authentication method.


    4. Configure KBA (Security Questions) as your fallback method, in case you lost your phone this will get invoked and save your details.


    5. After successful registration, you will see a registration successful message.

    Step 6: Login to Servicenow using miniOrange

    • Login to your miniOrange Self Service Console as an End User and click on the Servicenow icon on your Dashboard to login to your Account.


    Using Two Factor Authentication for Servicenow

    The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.

    Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, track who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.


    Your choice of second factor

    miniOrange authentication service has 15+ authentication methods.

    You can choose from any of the above authentication methods to augment your password based authentication. miniOrange authentication service works with all phone types, from landlines to smart-phone platforms. In the simplest case, users just answer a phone call and press a button to authenticate. miniOrange authentication service works internationally, and has customers authenticating from many countries around the world.


    Business trial for free

    If you don't find what you are looking for, please contact us at info@miniorange.com or call us at +1 978 658 9387 to find an answer to your question about Servicenow Single Sign On (SSO).


  • Watch the videos to learn more. Watch Demo