[Music] in order to subscribe to my channel please click here or click here please share comment and like my videos and channel hello guys welcome to sas with service now this session is about sso implementation in servicenow if you got a new requirement from your customer or client to implement sso in service now or you want to learn how to implement sso in service now then this is the right video for you in this session i will show you how you can implement sso that is single sign on in service now i have used a public sso provider to show you the live demo the practical demo before we talk about configuration of sso let's quickly see what is sso sso is called single sign-on which is an authentication method which allows users to use single username and password to log into different applications integrated with same sso platform like google sso oracle sso you can log in to all the applications of google like gmail youtube with the same username and the password that is called sso login which needs single login details only to login to different applications sso providers sso platform is enabled with various ways you can create your own sso platform however there are different sso providers as well in the market like adfs which is a microsoft product usually available in all the organizations at is a part of microsoft server capability but it's up to organization if they have enabled this adfs feature or not there are other cloud sso providers as well in the market like ota adaptive and log me in and there are many others as well as part of sso providers that means they provide the platform for different organizations so that they can use their platform to log into different applications enable sso in service now if you want to implement sso in service now you have to enable it first now this is the plugin which you can enable to activate single sign-on application and service now that's an application single sign-on sso now once this plug-in is enabled you will see this sso application which is called as multi-provider sso and in this application you can implement and configure sso for your servicenow instance demo sso provider in order to show you this implementation practically i will be using a public sso provider called sso circle you can also try with other public sso provider in your personal developer instance else you can use enterprise single sign-on provider in your organization and try single sign-on maybe in one of your lower environment with any existing sso provider in your organization before i proceed with the session i want to make an important point that this is just a demo in real implementation your organization should have a sso platform or provider which you can integrate with your servicenow instance prerequisite there are two major prerequisite of this implementation that means sso implementation one is details of idp that is details of your sso provider which can be in metadata format or you can also put the details manually in service now so overall you have to store the details in service now for your sso provider for your identity provider and another one is metadata from servicenow so you also need to store that information about servicenow in single sign-on provider configuration so that both the platforms can communicate and integrate with each other and they can talk to each other idp now this is idp racket which is basically identity provider like adfs octa in this record you store the details of your identity provider that's something you will get it from your identity provider and you will save over here you will store those informations in this particular record the first step is register your public sso as i mentioned earlier in order to show you this demo we have to get a public single sign-on provider so that i can show you this practical demo so what i will do the first step would be i will register for that particular public single sign-on so let me go here and i will open the website and that is sso circle.com and i will press enter when i will do that you will see this particular page now here at the top you can see sign in or register and then you can click on register if i click over here now here it will ask me to register so what i will do i will just give a random maybe username so maybe i will just do sas now sso test that's my username i'm just giving sas now ssl test and i'm just giving the random password so then i can just do sas now ss sso test and it already like it automatically taken my first name like full name from first name and last name then i can put the email address now this email address is very important that's something you will see later now because this is just a demo and if and if i talk about in real world or something that will be something quite different but logic the implementation will be quite straightforward the similar kind of implementation steps will be followed so i will just put my email address so which is my just a dummy email address i'm just using for all these demos uh so i will just put my email address and that's it now i will click on register now once i will click on register it will send an email to my inbox that means email inbox which we have mentioned over here i have to verify the account and then i can start you using it so i will click on register it says do you want to agree here i will click on agree it says welcome but i will just quickly verify my account i have verified the account now i will just log in to my ssh circle account so i will just give the username and the username i used sas now demo sas now sso test and password i can give which i used during the registration and i will click on login so you can see i have entered in my sso circle account this is my user profile right now and i have got the basically now i can use this public sso circle so that i can show you this demo get metadata from sso provider now we will get the information of single sign-on provider basically in metadata format so we will just copy it how can i get this data i will go to my this particular screen that means on the same instance we have if we which we have from sso circle i will click on manage metadata now here you can see we have this sso circle public idp metadata because this can only work with public because this is not enterprise version i can use over here it has to be public so i'm just clicking on here public idb so now you can see i have got this xml and what i will do i will just copy this i will just copy this create idp record and store those details of idp so now we will create an idp record in servicenow instance so if i go over here and i go to my instance so let me search first do i have it enabled no so you can see that it is not enabled so before i do anything or before i take any step i first have to enable it that's what we talked about so maybe i will quickly go to plugins it won't take that much of time to enable it so i can just quickly enable it this is the list of plugins we have so i will just type sso and if i will type ffo you will see that application let me quickly see yep that's the one so we have this integration multiple provider single sign-on installer so i will click on it it will ask me to activate and i will activate it now it's not that much big application i would say so it won't take much of time to install it you can see i think 49 already completed you can see it says success that means plugin has been activated successfully now i can do one thing i can just quickly reload the instance so i will just reload it now in the application navigator if i will type sso now this time you will see we have this application same application which we were talking about multi-provider sso now what i will do i will just click on identity providers over here where basically you store the information of single sign-on identity provider as of now i think this is just out of the box so basically it is just deactivated it just to show you the example that's it so i will click on this new button and i have to select this saml so i will just select the saml one now you will see this new form now if you remember i mentioned two things that you can fill this form in two ways one is manually or you can also get the metadata so in this case we have already copied the metadata which i can use over here and that is also you can use like url or xml so this pop-up will automatically come you can also close it if you want if you want to import the details that that metadata of the provider so i will select xml and i will paste the same xml which we copied from sso circle configuration so i will just paste it over here so we got from that identity provider because sso circle is our identity provider in this case and i just need to click on import and then you will see the magic if i click over here you can see that it has automatically populated the values basically the details of sso circle that is our identity provider so you can see a lot of details are automatically populated even servicenow instance because that's something it took automatically from here and then information about um this this identity provider we have and then uh let me show you one important thing this one user field now one of the important factor i would say in order to identify the user how system will come to know whether this user is present or not that's something you have to mention so which user field you have to mention that's something you have to provide over here you can see the field is email that means system will match the email address of the user whatever users you have in the system because as of now or maybe i can i would say till now both the systems were not talking to each other so they don't have any information or whatever whatever uh i whatever username i selected it is not available in service now right now so how system will know so that will be email so if so that means you have to configure same email whatever emails you have in your identity provider i think in this demo perspective i definitely have to mention but when once once you will implement in your organization you will definitely have email addresses for your employees and you will have the same information in your identity provider as well that's what you do because user system should be matching all the user data should be matching that's how then you can authenticate users in your identity provider the next step is generate metadata in service now on same idp so basically whatever identity provider racket we have created we have to generate the metadata from servicenow so that we can copy it and paste it on identity provider configuration so i will just go to my instance i have to click on this generate meta data if i will click on it this will basically open this page you can see it says service provider metadata we have to copy this and install it in the identity provider so i will just copy this then we will store servicenow metadata in single sign-on provider that is sso circle so i will go to my instance over here and i will go to here now here you can see in manage metadata you have to click on add new service provider so i will just click on add a new service provider and i will paste it now here you have to provide the url which url you can just put this one till here you don't have to put http so i will just paste it and now i will just click on submit you can see it says metadata was successfully imported so if i ever click on manage data again you can see my url is being showing here perform a quick test now i will show you that how exactly you can test it once you are done with the configuration at both the sites that means in the both the platforms now you can do testing just to check whether both are connected or not how can we do that let's take a look so we will go to over here now here i will click on this test connection if i will click on this test connection it will show a pop-up over here you can see it is showing me the sso circle login page that means at least it is routing to the right url however it is asking me to authenticate first so what i will do i will just give my username and password which we just created i will do sso test and then i will give the password and i will click on login let's see what it says it is asking me to provide some more details like i'm not a robot so i will select here and i will select like crosswalks okay and yeah i think we should be good i will click on verify and i will click on continue saml and let's see what happens you can see it it tried to test the results and it tick marked all the validations but this one got failed the reason behind it because user name that means the user email address is not present and if you remember the only identification field was user email address that's the basically email address you you mentioned during the registration so that is not available in servicenow instance what exactly we need to do that and that's our next step then we will update the user with registered email address that is that email address should also be available in your single sign on provider that means in your idp so if i come over here i will open the user table and what we will do because we want to log in via single sign-on and we want to use the same account which we are using right now so i will update basically the same username which we have here that is system administrator so i will just mention admin i will search for admin i have over here now here i can provide the email address and that is sas with service now at gmail dot com you're done just save it now you will do a quick test you will see a difference so if i go to over here and open this racket which we created as of now it is still not active and i will click on test connection because you can only make it active once the test is successful so i will just provide the username says now sso test and then i can put um password i will click on login i will check this box it will ask me for some images traffic light and then i can click on verify it's done continue let's see what happens absolutely you can see that this time test got successful the reason behind it because this application was able to find same email in the system that means for one of the user email address was the same that's how you can configure so now test is successful and if i will go if i will go little bit bottom you can see it says activate so that means i can activate this idp racket and if i click on it it is activated and i can also make it default because it is single sign on it has to be default and then i can just save it then we have enable redirection now as of now users will not be routed to sso page when they try to access your service now instance how exactly they can route you have to enable it that the idp which you have installed which you have stored basically users will be automatically routed with that to that idp how can we do that let me do that so i come over here if you go a little bit bottom here you have this related link you just need to click on this and what exactly it does that's something it is very important you to know so the important part here is if i click it it will basically mention at the top as a message that this is this has been set to redirect the url so you will see the message you can see auto redirect idp is set that means whomsoever user will basically come to your instance access your instance they will automatically be routed to this particular url and then if i show you the property for this so let me show you the property so if i go to properties this properties press enter we have a redirect property so i will just do redirect and you can see over here it says authenticate dot sso redirect idp now this society which i'm talking about this society is of your society of your idp record you can see it starts with five four five four i have if i come over here and click on it you will see similar cis id of this record and maybe i can see it from here you can see it says five four five four five that means it's the same society which is mentioned in the redirection now the last step is to enable sso so for that you have to go to the properties which is under over here under administration you have this properties i will click on this and here you have this property you just need to check this box and click on save that means your sso is done all the configurations are done once you are done with all the configurations which we just did that means sso is implemented now you can test this so if you're implementing in your lower environment you can just do a quick test maybe with your id maybe you can ask some other users to test it so let's test this whether we are able to route to directly to access a page rather than servicenow login page so if i come over here and if i let's say i will just log out so i will just maybe log out and then i will try to access the same url so i will remove it from here and i will press enter let's see if you can see the magic it is trying to log in and you can see now i'm not getting my instance login page this is my sso login page the page which is from service provider which is from sso provider identity provider that's what so without putting user name in the password i cannot enter to my instance that means if you will implement sso in your organization none of the user can log into your instance without authenticating via this page so if i enter so let's say i have sas now sso test i will give the password and i click on login because my email address is already there so i will be able to log in with the same account so i just select the traffic lights yeah here as well maybe click on verify and i will click on continue saml you can see that now i can access servicenow instance so that means i was able to implement single sign-on in my personal developer instance successfully and i'm sure similarly if you will follow the same steps you will be able to implement single sign-on for your customers and clients so please like comment and share my channel and videos and do not forget to subscribe to my channel have a great day