Okta App Integration Catalog - ServiceNow

Prerequisites:

Access to Okta Admin Console:

• An active Okta tenant with admin privileges to configure applications, manage user attributes, and enable Single Sign-On (SSO).

ServiceNow Instance:

• Access to a ServiceNow instance (https://<instance_name>.service-now.com) with admin permissions to configure identity providers, SAML settings, and user management.

Step 1: Add ServiceNow to Okta

1. Log in to Okta Admin Dashboard:

   • Go to your Okta admin panel.

2. Add Application:

   • Navigate to Applications > Applications > Browse App Catalog.

   • Search for ServiceNow UD.

   • Click Add Integration.

Note: For steps 3-4, you may enter placeholder information until you’ve requested an instance in ServiceNow.

3. Application Settings:

   • Instance Name: Enter your ServiceNow instance URL, typically in the format:
     https://<instance_name>.service-now.com

   • Click Next.

4. SAML Settings:

   • Select Configure SAML for Single Sign-On (SSO).

   • Okta will pre-fill many fields based on ServiceNow's requirements:

     • Single Sign-On URL:
       https://<instance_name>.service-now.com/navpage.do

     • Audience URI:
       https://<instance_name>.service-now.com

   • Click Next.

5. Attribute Mapping:
   Ensure the following attribute mappings are set up:

   • Name ID Format: EmailAddress

   • Application Username: Choose the preferred format (e.g., Okta Username or Email).

   • Optionally add custom attribute statements for first_name, last_name, etc.

6. Save Configuration:

   • Click Finish.

Step 2: Configure ServiceNow

1. Log in to ServiceNow:
   Navigate to your ServiceNow instance at https://<instance_name>.service-now.com.

   • If you do not have an instance available, ‘Request Instance’.

   • Access instance and Start Building.

2. Activate SSO Plugins:

   • Locate All and Search.

   • Go to System Definition > Plugins.

   • Install Integration - Multiple Provider Single Sign-On com.snc.integration.sso.multi). This will take some time to install and activate.

3. Enable Multiple Provider SSO:

   • Go to Multi-Provider SSO > Properties.

   • Check the option to enable Enable multiple provider SSO and save.

4. Create Identity Provider (IdP):

   • Navigate to Multi-Provider SSO > Identity Providers > New.

   • Select SAML 2.0.

   • Import the SAML Metadata URL or Metadata File provided by Okta during app setup.

Step 3: Assign Users in Okta

1. Go to the ServiceNow UD app in Okta.

2. Click Assignments > Assign and select People or Groups who need access.

3. Ensure the user profiles in Okta match ServiceNow usernames (e.g., emails must match).

Step 4: Test SSO Connection

1. Select Test Connection Button

2. You should be redirected to Okta for login.

3. Authenticate using Okta credentials and verify successful access to ServiceNow. If successful select Activate.

Note: A logout url is not needed.

Step 5: Launch ServiceNow from Okta User Dashboard

1.  Select Dashboard button you should automatically be signed into ServiceNow.

Additional Troubleshooting (if ServiceNow fails to launch from Dashboard):

1. If logged in under App Instance Studio Designer Open account > select instance actions > change user role to Admin.

2. In the Identify Provider Configuration locate Related Links near the bottom of the page. Set Auto Redirect IDP. If you see Unset Auto Redirect IDP you have already done this correctly.

3. In the Identify Provider Configuration, select the Advanced tab mid page. Ensure that your IDP metadata URL is correct.

   1. • You should be able to locate the Metadata URL on the Okta application setup page, on the Sign-on tab

4. Ensure your ServiceNow profile has the same user (email) information that you are using for testing.

   1. • In your ServiceNow dev instance select the administrator profile to the upper right, then select profile. The email in ServiceNow should be the same email you provisioned in Okta.

5. To enable multiple provider SSO, you first need to enable SSO Account Recovery (ACR), navigate to the Account Recovery page and follow the steps provided. This is because at least one administrator account will need to have the ability to bypass single sign-on (SSO) login to perform eventual SSO configuration tasks.

Key Learning Objectives:

Understanding SAML 2.0 Authentication Framework:

• Learn how SAML (Security Assertion Markup Language) facilitates secure communication between an Identity Provider (Okta) and a Service Provider (ServiceNow).

• Gain insights into the configuration and management of SAML assertions, audience URIs, and NameID formats.

Okta Application Integration and Configuration:

• Develop skills in setting up and managing Okta App Integrations using the App Integration Wizard.

• Configure advanced settings such as attribute mapping, role assignment, and user authentication methods for ServiceNow.

ServiceNow Identity and SSO Management:

• Learn to enable and configure multi-provider SSO in ServiceNow to support external IdPs.

• Understand how to map identity provider attributes to ServiceNow user fields for seamless profile synchronization.