Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
How to clone to a target instance that is using SSO and LDAP integration - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • How to clone to a target instance that is using SSO and LDAP integration
KB0717367

How to clone to a target instance that is using SSO and LDAP integration


7541 Views Last updated : Jun 20, 2023 public Copy Permalink
KB Summary by Now Assist

Issue

Unable to request a clone if the target instance has an SSO solution or LDAP integration enabled. The user account used to authenticate to the target instance for the clone is receiving an error indicating the account cannot authenticate, despite the credentials used being valid login credentials for that target instance.

Note that in many cases, a Clone Target can successfully be created using those credentials, however, when attempting to create the actual clone request, a message appears indicating that the User name or password is incorrect.

Cause

Commonly, the account used for authentication of the clone request is an account configured on the target instance to use SSO login credentials.  However, because the current cloning system is unable to pass along the necessary additional information with those credentials when attempting to submit the actual clone request, authentication fails and the clone request cannot be successfully submitted.

Authentication error with valid account

Resolution

Create a dedicated user account (which is not linked to SSO or LDAP) on the target instance, and then create the clone request using this new account, as explained below.

1) Create a new, dedicated account on the target instance. Since this account (and its corresponding password and authentication information) must be created on the target instance, it will be overwritten upon completion of the clone so this account is, in effect, a one-use account.

  • The account should be provided a Name and User ID that is descriptive of its purpose (i.e. clone_admin).  Ensure the account is not locked out and is set as active. Also ensure that none of the information to link the account to LDAP or SSO is configured, as this should be a stand-alone account that is not associated with the LDAP or SSO system in any way. The password used in this password field will be needed when creating the clone request which will use this account. For optimal security, this password should not be written down or used in any other location or passed to any individuals or processes that will not be part of this cloning process.

  • It should also be noted that as this account is created in the target instance, and usually this user account will not be preserved during the clone, this password, and account will not be a potential vulnerability for the target instance once the clone has completed as the account will no longer exist upon that clone completion.

 

2) After the account has been created, the account should be associated with either or both the admin and the clone_admin user roles.

3) Once the account has been successfully created and added to the appropriate groups, the clone request can then be created on the source instance, using this new account at the dialog box that appears requesting credentials for the target instance.

Clone Request authentication form

  • Note that in order to prevent having to recreate this account each time the target is cloned over, this account could be created on the source instance and ensured to not be excluded during the cloning process.  Alternatively, a data preserver could be created on the source instance to ensure that this account is not overwritten during the cloning procedure.  In either of those cases, the password should be randomized or scrambled after the clone request has completed, so as to ensure this account is not a potential access point for unauthorized users of the system.

 

Related Links

Administrator-assisted multi-factor authentication reset

System clone

Request a clone


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.