Configuring SAML for ServiceNow


This topic describes how to configure OneLogin to provide SSO for ServiceNow using SAML. 

If you want to set up SSO for ServiceNow with form-based authentication, see Adding a Form-Based Application.

Setting Up SSO in OneLogin, Part 1

  1. Go to to Apps > Add Apps.
  2. Search for ServiceNow Multi Tenant and select it.

  3. On the Add App page - Configuration tab, select SAML2.0 - user provisioning under Connectors.

    You can change the Display Name

    Click Save to display additional configuration tabs.

  4. Select the Parameters tab map 
    Default mappings for SSO are as follows:
    Password -> - No Default - 
    Role -> - No Value -
    Username -> Email
  5. On the SSO tab, copy the SAML Issuer URL which you will provide to ServiceNow.

Setting up SSO in ServiceNow

  1. Log in to the ServiceNow admin dashboard.

  2. Activate the Integration - Multiple Provider Single Sign-On plugin.

    1. Go to System Definition > Plugins.

    2. Search for Integration - Multiple Provider Single Sign-On Installer.

      You can manually scroll through the list of plugins or use the Show/Hide Filter icon and search using a keyword, like Multi.

    3. Select the plugin.

    4. Click the Activate/Upgrade link.

    5. Click the Activate button.

      This adds the plugin, labeled as Multi-Provider SSO, as an option on your sidebar.

  3. Set up Multi-Provider SSO.

    For ServiceNow product documentation, see http://wiki.servicenow.com/index.php?title=Multiple_Provider_Single_Sign-On

    1. Go to Multi-Provider SSO > Administration in the sidebar.
    2. Select Properties.

    3. On the Multiple Provider SSO Properties page, set Enable multiple provider SSO to Yes.

    4. If you want to enable debug messages, set Enable debug logging for multiple provider SSO integration to Yes.

      This will slow down performance and use disk space.

    5. In The field on the user table that identifies a user..., enter email.
    6. Click Save.
  4. Create the OneLogin identity provider.
    1. Go to Multi-Provider SSO > Identity Providers in the sidebar.
    2. Click New.
    3. Select SAML2 Update1.

    4. When prompted to Import Identity Provider Metadata, provide your Issuer URL.

    5. Click Import.
    6. Select Active.
    7. Select Default.
    8. Click Update.

    9. Right-click on your newly created Identity Provider and select Copy sys_id.

      You will provide the copied Identity Provider Sys ID value when you complete the SSO configuration in OneLogin.

Setting Up SSO in OneLogin, Part 2

  1. In the OneLogin portal, go to to Apps > Company Apps > ServiceNow Multi Tenant (or whatever you named it).
  2. On the Configuration tab, enter your ServiceNow SSO connection information.
    1. In the URL field, enter the URL for your ServiceNow account.

    2. In the Login URL field, enter your ServiceNow login URL, including the sys_id string that you copied in ServiceNow.

      Use the syntax https://subdomain.service-now.com/login_with_sso.do?glide_sso_id=your_sys_id

  3. Click Save.

OneLogin and ServiceNow should now be connected through SAML.

Troubleshooting Email Mismatch

In some cases, the ServiceNow admin email may not match the OneLogin admin email. This can be remedied by doing the following:

  1. Go to Users > Account_Owner.
  2. Select the Applications tab.
  3. Select ServiceNow to open the Edit Login pane.
  4. Overwrite the default ServiceNow login fields with the correct credentials.

Setting Up Deep Linking into ServiceNow

ServiceNow supports deep linking into the application itself, but this function is not available through self-service. Please contact your ServiceNow support team to enable this feature.