1. Enable Plugin 'Integration - Multiple Provider Single Sign-On Installer'
2. Under 'Multiple Provider SSO' Application
   
   1. Go to Properties > Enable multiple provider SSO & Enable debug logging for the multiple provider SSO integration
3. Install ADFS Certificate in PEM format under 'MultiProvSSO' app

(Issuer , Subject will autopopulate if correctly installed)

1. Go to 'Identity Providers' under ‘Multiple Provider SSO’ applicationa. Click New
   
   b. Click SAML
   
   c. Give URL ox XML of the ADFS Server in pop-up Window
   

d. Click Import – It will import all the ADFS properties from the URL like NAME, Identity Provider URL, Identity Provider’s AuthnRequest etce. Set NameIDPolicyaccording to the requirement

OOB it is “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress” if you are not using email address for authentication change it to “urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”

f. Under Advanced tab

• Give ‘User field’ OOB it is email if you are not using email address for authentication change it to relevant field example “user_name”.
• Uncheck ‘Create AuthnContextClass’ checkbox
• Set ‘AuthContextClassRef Method’ to urn:federation:authentication:windows

For more details about AuthnContextClass go to https://docs.servicenow.com/bundle/kingston-platform-administration/page/integrate/saml/task/t_Enabl... and https://docs.servicenow.com/bundle/kingston-platform-administration/page/integrate/saml/task/t_Suppo...

• Set ‘Protocol Binding for the IDP's SingleLogoutRequest’ to ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’

1. Finally Test Connection
2. Only after successful connection test you will be able to make authentication Active
3. After activation of identity provider set ‘Auto redirect IDP’ to true.

Labels:

• Instance Configuration
• Integrations