Monday, March 9, 2020

INTEGRATING SERVICENOW WITH OKTA FOR SINGLE SIGN ON (SSO)

Today’s blog features a tutorial detailing everything you need to know in order to provision users from Okta to ServiceNow and Federated ServiceNow Application using SAML 2.0 (Security Assertion Markup Language).
Okta is a cloud-based identity management product that helps companies manage and secure user authentication and build identity controls into applications.Through this blog, we will show user provisioning from Okta to ServiceNow and configuration of Single Sign-On using Identity Provider and Service Provider Initiated Mechanism through SAML.
Prerequisites:
  • Administrative ServiceNow Account
  • Application Administrative Okta Account
Configuration Steps at Okta:

  1. Login to your OKTA console & click on Applications --> Add Application Button. 
  2. Search for serviceNow UD as shown below. 



  1. Click on the ADD Button on the Left Pane. Provide the Application URL of your ServiceNow Instance under the Base URL field. In this demo, we have used a dev instance as shown below.
  2. Under the Provisioning tab, Enable API Credentials using ServiceNow admin account as shown below. 

  1. After successful API Integration, we can create, update and deactivate users from Okta to ServiceNow by defining the Provisioning Rule as shown below. 

    5. Under the Assignments Tab, assign the application to a user or a group. In this demo we have assigned the application to a user for testing as shown below. 



    6. Under the Sign On Tab, download the Identity Provider Metadata as shown below. 


    Save the above IDP URL. 

Configuration Steps to be Done at ServiceNow:

1. Log in to ServiceNow as the administrator as shown below. 

   2. Search for plugins in the Filter navigator (left pane window) & Click on Plugins. 

   3. Search for com.snc.integration.sso.multi in the ID field from the search bar at the top of the Plugins           page. 
   4.  Install the Integration-Multiple Provider Single Sign-On Enhanced UI Plugin as shown below. 
Note: Plugins are automatically activated post installation. 
   5. Search for Multi-Provider SSO in the Filter navigator (top left input field). Click on Properties Button. 

    6.  Select Yes for Enable Multiple provider SSO, as shown below & Click Save. 
    7. Search again for Multi-Provider SSO in the Filter navigator (top left pane). Select Identity                                Providers.

     8. Click New and select SAML for SSO Configuration provider. 
     9. Import the Identity Provider Metadata from Okta. 

     10. After Importing the metadata, automated SAML settings are populated. Check Default for Default                   SAML Settings.

    11. Under the Encryption & Signing Tab, Set the Signing/Encryption Key Alias as “saml2sp”.

    12. Select the User Provisioning Tab and Uncheck Auto Provisioning User and Update User Record Upon         Each Login checkboxes. 
    13. Select the Advanced Tab, In the user field, specify the ServiceNow user attributes that you will be                 matching against Okta with SAML. We are using email as the user field. 
    14. Check Create AuthnContextClass box as shown below. 

      15. Scroll Up and click Test Connection button. You are all set. 
   16. Activate the partnership 

       Thanks a lot !!!








































































at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Okta - Salesforce Single Sign On Integration

 Hi We will be integrating the OKTA SSO with Salesforce application for Single Sign On & MFA solution.  Create your Salesforce free trai...