334 views

Converting from "SSO provided by OKTA" plugin to "Multiple Provider SSO" plugin 

Problem
The SSO Provided by Okta, Inc. plugin and the Multiple Provider SSO plugin have different configuration steps.
 
Additionally, you won't be able to use the existing "Servicenow - Eureka and later releases" application in OKTA (generated by the SSO Provided by Okta, Inc. plugin) with the Multiple Provider SSO plugin without a slight modification.

 

 

Symptoms
When customers activate the Multiple Provider SSO plugin, there is no indication that the "Servicenow - Eureka and later releases" application, which was created from the SSO Provided by Okta, Inc. plugin, needs to be altered

  

Cause
The "Servicenow - Eureka and later releases" OKTA application, created from the SSO Provided by Okta, Inc. plugin, sets the the login URL with the following value:
https://<instance_name>.service-now.com/login.do?sys_action=sysverb_login&user_name=guest

Note that "/login.do?sys_action=sysverb_login&user_name=guest" is compatible only with the SSO Provided by Okta, Inc. plugin.

 


Resolution
 
If planning to move to the Multiple Provider SSO plugin:
 
In OKTA:
  1. Log in as admin..

  2. Navigate to the associated "Servicenow - Eureka and later releases" application.

  3. Go to the General tab and click Edit.

  4. Change the Login URL value to https://<instance_name>.service-now.com.

  5. Save the change.

  6. Go to the Sign On tab and click the Identity Provider metadata link.

    This action saves a metadata.xml file that you will need later.

In the ServiceNow instance:

  1. Login as admin/maint.

  2. Navigate to Multi-Provider SSO > Identity Providers.

  3. Click New and click SAML2 Update 1.

  4. In the dialog prompt, select XML and paste the content from the previously downloaded metadata.xml file.

  5. Ensure the respective properties have the correct values (that is, any URLs need to updated if they show yourinstance.service-now.com).

  6. Click the Active checkbox.

  7. Click the Default checkbox if this will be the only IdP for this instance.

  8. Click Save.

  9. Navigate to Multi-Provider SSO > Properties.

  10. Check the Enable multiple provider SSO checkbox and click Save.

  11. Navigate to SSO Provided OKTA, Inc., uncheck Enable Okta external authentication, and click Save.

Refer to KB0623385, "If Multi-SSO is installed, check whether SAML installations exits are inactive," to find out how to ensure that the correct installation exits are active for the Multi-Provider SSO plugin.

Article Information

Last Updated:2018-01-09 11:30:49
Published:2017-05-15