logo

NJP

← Back to News

[Mobile Security] Setup SSO using Microsoft Azure Active Directory

Import · Jan 21, 2021 · article

The ServiceNow Product Documents provide an overview on multi-provider SSO but it doesn't provide instructions on how to integrate with an identity provider. In this article, you'll learn how to setup SSO using Azure Active Directory on your ServiceNow instance step-by-step.

  • Have admin role on your ServiceNow instance

Step 1 - ServiceNow Multi-Provider SSO setup

  1. On your ServiceNow instance, navigate to Plugins
  2. Search for Integration - Multiple Provider Single Sign-On Enhanced UI and activate.
    image
  3. Navigate to Multi-Provider SSO->Administration->Properties and toggle Enable multiple provider SSO to Yes
    image

Step 2 - Configure Azure Active Directory

  1. Go to https://portal.azure.com/
  2. From Azure services, click on Azure Active Directory
  3. On the side menu, click on Enterprise applications then click on New application
  4. Search and add ServiceNow
  5. Once created, go into your ServiceNow app and select Set up single sign on
    image
  6. Select SAML
  7. On ***Basic SAML Configuration,* perform the following:
  8. On User Attributes & Claims, the Unique User identifier has a default value of user.userprincipalname. Change the value to user.mail.
    image
  9. On Set up ServiceNow (step 4), click on View step-by-step instruction, provide admin credentials, and click Configure Now. Azure will create a new identity provider on your instance called Microsoft Azure Federated Single Sign-on for Default Directory.
  10. Create a new user on Azure and map it to a user from your ServiceNow instance. On Azure Active Directory, click on Users then click on New user. Create a user name David Loo. After the user is created, edit the user and add david.loo@example.com under the Contact info email.
    David Loo is a demo user in ServiceNow with email david.loo@example.com. After the user is authenticated with Azure credentials, it will use the email value to map to a ServiceNow user. This is the reason why we changed the Claim value to user.mail on Step 2.8.
    image
  11. After the user is created, go to Default Directory -> Enterprise application and select ServiceNow. On Users and groups, click Add user/group and add David Loo from user list.
    image

Step 3 - Configure ServiceNow

  1. On your instance, search for SSO and select Microsoft Azure Federated Single Sign-on for Default Directory
    image
  2. Scroll down to X.509 Certificates and click Edit
  3. Add Microsoft Azure Federated Single Sign-on for Default Directory and hit Save
    image
  4. Click on Set as Auto Redirect IdP
    image

Configuration is complete. Open your ServiceNow mobile app and point to your SSO instance. You should be prompted by a Microsoft login.

image

image

View original source

https://www.servicenow.com/community/mobile-apps-platform-articles/mobile-security-setup-sso-using-microsoft-azure-active-directory/ta-p/2303408