Skip to main content
McAfee MVISION Cloud

Configure Azure AD SSO with ServiceNow

This topic describes the steps to configure Azure AD Single Sign-On (SSO) with ServiceNow.

Prerequisites

Before you begin, make sure you have met the following prerequisites:

  • An Azure AD subscription. Activate the subscription from Azure free account.
  • A ServiceNow Single Sign-On (SSO) enabled subscription.
  • For ServiceNow, an instance or tenant of ServiceNow, Calgary version, or later.
  • For ServiceNow Express, an instance of ServiceNow Express, Helsinki version, or later.
  • Submit a Service Request to get the Multiple Provider Single Sign-On Plugin for the ServiceNow tenant.
  • For automatic configuration, enable the multi-provider plugin for ServiceNow.
  • Install the ServiceNow Classic (Mobile) application. To download the application, go to the appropriate store, and search for the ServiceNow Classic application, then download it.

NOTE: The integration of Azure AD with ServiceNow supports both Azure AD public cloud and Azure AD US government cloud environment. Find the US Government cloud application in the Azure AD US government cloud application gallery, and configure the application similarly to Azure AD public cloud.

Configure Azure AD SSO

Perform the following activities to configure the Azure AD SSO:

Step 1: Add a New User using Azure AD

  1. Log in to the Azure AD portal (https://portal.azure.com/) with your Azure subscription credentials.
  2. Click Azure Active Directory or search for Azure Active Directory in the Search bar.
    clipboard_e3cf75213234fffff158c97e7ab977a53.png
  3. Go to Users > All Users, and then select New user.
    clipboard_efba474c9ac38a21ca88f31b46eed3494.png
  4. Enter the required information of the user and click Create.
    clipboard_eee0a591979fcdfa9ef975281ee28c9cb.png

NOTE: Make sure to copy the User name and Password for later use. For example, User name: SNOWSSO@skyhighdemo71.onmicrosoft.com and Password: Tumu8226.

The user is created and added to your Azure AD.

Step 2: Configure ServiceNow SSO in Azure AD

  1. Log in to the Azure AD portal (https://portal.azure.com/).
  2. Click Azure Active Directory > Enterprise Application and search for ServiceNow in the Search bar.
  3. Select the ServiceNow application and click Create.
    clipboard_ed59a4b0c4af97c9c86a5bbf2dd214fe9.png
    You are redirected to the ServiceNow application page.
  4. Under Manage, click Single Sign-On.
    clipboard_e89b7fe85039e954a5d3dd859394ff754.png
  5. Under Select a Single Sign-On method, select SAML.
  6. Under Set up Single Sign-On with SAML, click Edit.
    clipboard_e9fc0c9b726a8dfaa52dcd3e11c16b79d.png
  7. Under Basic SAML Configuration, configure the following fields.
    1. Identifier (Entity ID). Enter the URL in the following format: https://<instance-name> service-now.com.
    2. Reply URL (Assertion Consumer Service URL). Enter the URL in the following format: https://instancename.service-now.com/navpage.do.
    3. Sign on URL. Enter the URL in the following format: https://instance.servicenow.com/logi...?glide_sso_id=<sys_id of the SSO configuration>
  8. Click Save
  9. Under User Attributes & Claims and SAML Signing Certificate, click Edit. Configure the required fields and Save the configuration.
    clipboard_e6a806f451d591b1696433b40a44b9a95.png
  10. To configure ServiceNow for SAML-based authentication automatically from Azure AD, enable the following service:
    • Under Set up ServiceNow, click View step-by-step instructions to open the Configure sign-on window.
      • In the Configure sign-on form, enter your ServiceNow instance name, admin user name, and admin password and click Configure Now.
        clipboard_ebfbdcf0c087e73f16f1a507be0b54934.png

NOTE: Once you have saved the SSO configuration, an Identifier is created automatically in ServiceNow Identity Provider.

Step 3: Configure ServiceNow SSO

  1. Log in to ServiceNow as an admin.
  2. Find the plugin Integration Multiple Provider Single Sign-On in the Search bar. To activate the plugin, click Activate.
  3. Select the Microsoft Azure ServiceNow instance and click the right arrow icon to add to the Certificates List. 
  4. Click Save.
    clipboard_ea7842829c91f4f088e77ce4911cf3138.png
  5. At the upper-right corner of the page, click Test Connection.
    clipboard_e2e404f2a672ed0c9086089436dd815f4.png
  6. If the Test Connection fails to activate the connection, ServiceNow provides the override switch and configure the following details:
    • Enter Sys_properties.LIST in the search bar and you are redirected to the System Properties page.
    • Create a property and enter a name as glide.authenticate.multisso.test.connection.mandatory. Set the data type as True/False and set the value as False.
    • If prompted for credentials, enter the credentials and you are redirected to the following page. 
      clipboard_e50975122c3b20ff6310c6081d91a08f0.png
    • The SSO Logout Test Results displays an error. Ignore the error and click Activate.
  7. Log in to the ServiceNow instance using the external login. You are redirected to the Office 365 page to provide user credentials of Azure AD.

Step 4: Configure Proxy for ServiceNow

Before configuring a proxy for ServiceNow, integrate ServiceNow with Azure AD using the ServiceNow Active Directory tutorial.

To configure a proxy for ServiceNow:

  1. Log in to the Azure AD portal.
  2. Go to Enterprise applications > All applications > ServiceNow > Single Sign-On > SAML-based sign-on.
  3. Under Basic SAML Configuration, replace the Reply URL (ACS URL) and Sign on URL with https://www<proxy url>/navpage.do?shnsaml. Click Save.
    clipboard_eeb4ab9b432899dca5b0d159d3b1bb536.png
  4.  Log in to ServiceNow instance as an admin. To log in, use the ServiceNow instance integrated with Azure AD. For example, https://<instance-id>.service-now.com/side_door.do.
  5. Go to Multi-Provider SSO > Identity Provider and select the configured IdP created earlier.
  6. Replace the ServiceNow Homepage URL with https://www<proxy url>/navpage.do?shnsaml and click Update.
    clipboard_ea277384cb77c70f06cabe87c79aa53de.png
  7. Validate both IdP initiated login and SP initiated login.
    • For IdP initiated login, install My Apps Secure Sign-in extension in your browser or go to https://myapps.microsoft.com for authentication and select ServiceNow application in the application list.
    • For SP initiated login, use external login with Azure user credentials.
  • Was this article helpful?