2. Home
  4. Docs
  6. PureAUTH SAML Integration...
  8. ServiceNow SAML Integration Using PureAUTH

ServiceNow SAML Integration Using PureAUTH

Introduction 

This document explains how to configure and manage the ServiceNow SAML integration with the PureAUTH Identity Platform and make ServiceNow authentication Passwordless.

Prerequisites

Role Required : Administrator

Setup Multi-provider sso plugin (Optional)

If the Multi-provider SSO feature is not enabled, please follow the below steps.

  1. Login to ServiceNow console.
  2. Navigate to All > System definition > Plugins.
  3. Search SSO and search for IntegrationMultiple Provider Single Sign-On Enhanced UI and Install.

4. Successfully Installed.

Setup ServiceNow Application on PureAUTH

In this step we will add a new ServiceNow application on the N4cer portal. Please follow the steps given below:

  • Click on “Add Application”.
  • Select “Custom app” application.
  • Enter any application name. Ex. ServiceNow
  • Select “Primary (Corporate email)” in the dataset for the email field.
  • In the “SAML Response Endpoint (ACS URL)” field, enter the following URL for now (It will change according to SP Metadata).
https://yourinstance.service-now.com/navpage.do
  • In the “Audience (Entity ID)” field, enter the following URL for now (It will change according to SP Metadata).
https://yourinstance.service-now.com
  • In the “SAML Logout Response Endpoint (SLO URL)” field, enter the following URL for now (It will change according to SP Metadata).
https://yourinstance.service-now.com/navpage.do
  • Checked “Signed Assertion
  • Click “Add

Create identity provider IDP metadata

  1. Go to https://www.samltool.com/idp_metadata.php
  2. Copy the IDP “Entity ID” from PureAUTH under the SAML Settings and paste it into the Entity ID field.
  3. Paste the same into the Single Sign On Service Endpoint (HTTP-REDIRECT) field.
  4. Copy the IDP “SAML Logout URL” from PureAUTH under the SAML Settings and paste it into the Single Logout Service Endpoint (HTTP-REDIRECT) field.
  5. Copy the IDP “X.509 CERTIFICATE” from PureAUTH under the SAML Settings and paste it into the SP X.509 cert (same cert for sign/encrypt) field.

Note: Copy the X.509 certificate from  – – – – begin certificate – – – to – – – – end certificate – – – – .

  1. Scroll down and click on the “BUILD IDP METADATA” button.
  2. Copy the IdP metadata and paste it into Notepad.
  3. In the IdP metadata, change the year in the “ValidUntil = ” field from 2023 to 2033.
  4. In the IdP metadata, change the “nameid-format: ” field from unspecified to emailAddress.
  5. Copy the whole IdP metadata, it will be required for the next configuration.

ServiceNow SAML Configuration

  1. Login to ServiceNow Admin console.
  2. Navigate to All > Multi-Provider SSO > Identity Providers.
  3. To create a new configuration, Click New > SAML.
  4. In the Import Identity Provider Metadata pop up that appears, select XML and paste the XML file content you had copied in Step 10 
  1. Click Import.
  2. All the required fields will be auto-filled. Scroll down and click the Advanced tab. Make sure in the User Field that the value “email” is entered.
  1. Click Test Connection. It will open a pop-up window and ask for authentication using the AuthVR5 application.
  2. Once the connection is successful, click Activate.
  3. Now click on the Additional Actions icon from the identity provider title menu, select Copy sys_id. Paste the value in a note and keep it safe.
  1. In the left pane, navigate to Multi-Provider SSO > Administration > Properties
  2. Make sure that Enable multiple provider SSO and Enable debug logging for the multiple provider SSO Integration is enabled.
  3. In the field for user identification, change “user_name” to email as the value.
  1. Click Save.
  2. In the left pane, navigate to User Administration > Users.
  1. Select a user for whom you want to enable SSO and click his/her username.
  2. Now click the Additional Actions icon and select Configure → Form Design.
  1. Drag and drop the SSO source field from the left pane into the user’s form and click Save.
  1. In the SSO source field, paste the sys_id you had copied in step 22. Append “sso:” before the sys_id value. For example, if the sys_id copied is “c72cd16b47680210a5aceb02d16d4362“, after appending sso the new value to be updated in SSO source field will be “sso:c72cd16b47680210a5aceb02d16d4362“.
  1. Click Update.
  2. Repeat steps for other users to whom you want to enable SSO.

Congratulations! Now you are using ServiceNow Passwordless.

Test SAML Authentication

  1. Login to your ServiceNow Endpoint.
  2. Click on Login with SSO.
  1. Enter your corporate Email address, Click Submit.
  2. The browser redirects you to the PureAUTH sign-in Page.
  1. From Mobile : Open the AuthVR5 Authenticator application and Scan the QR using the swift login button
  2. From Desktop : Click the button below the QR code, and enter your PIN.

Disable SAML Authentication

  1. Login to ServiceNow Admin console.
  2. Navigate to All > Multi-Provider SSO > Identity Providers.
  3. Click on PureID IdP.
  4. Click on Deactivate.

Further Support

For further information or assistance, please contact PureID support team support@pureid.io.

Was this article helpful to you? No Yes

How can we help?