Issue
Description
CASB is a product sits between user and cloud application.When user access instance with CASB application url, user request will go through CASB and then the request will be redirected to ServiceNow. If user is not authenticated, ServiceNow will issue a SAML request to the configured IDP and then the SAML response will be returned to the CASB.CASB will then forward the SAML response to ServiceNow for authentication.
This guide explains the steps involved to configure SAML with ServiceNow,IDP & CASB Product.
Procedure
SSO Setup involves 3 steps.
1.Configure forward rules in the CASB for instance url.Engage your CASB vendor to complete setup.Note down CASB url for ServiceNow Instance.
ex:If your instance url is https://empabc.service-now.com, then CASB url to access instance would be https://casbabc.net
2.Configure SAML configuration for ServiceNow instance in the IDP.Engage your IDP vendor to complete setup.Your are expected to use CASB url for assertion consumer service and entity ID.
3.Configure SAML configuration in the ServiceNow for IDP.Details about configuring SAML setup is available in the doc site.You are expected to use CASB url for instance homepage, Audience and Entity ID.
a)Goto https://docs.servicenow.com/
b)Search "Set up Multi-Provider SSO".
| SAML Property | Value |
| Assertion Consumer Service URL | https://<casb_url>/navpage.do |
| Audience | https://<casb_url> |
| Entity ID / Issuer | https://<casb_url> |
Applicable Versions
Jakarta and Higher release.This Integration was tested in the Jakarta Release.
Additional Information
1)CASB Integration with ServiceNow
https://www.skyhighnetworks.com/product/servicenow-security/
