Preface




This document describes the configurations required for SAML2.0 integration between the Octopus Authenticator and ServiceNow.

Environment

.

Environment

The integration environment that was used in this document is based on the following software versions:

  • Octopus Authentication Server – Version 2.7.7

  • ServiceNow – Kingston build


 

Configure Octopus Authentication Server


Octopus Authentication Server needs to be configured with ServiceNow as a SAML service so it can receive SAML authentication requests from ServiceNow. 


To add ServiceNow as a Service Provider in Octopus Authentication Server:



Create ServiceNow Service in Octopus Authentication Server


Perform the following steps to add ServiceNow as a Service Provider in Octopus Authentication Server:

  1. Log in to Octopus Authenticator management console.

  2. Select Services from the left pane.

  3. In the right pane, select the ADD SERVICE tab.

  4. Click Generic SAML template.






5. In the GENERAL INFO tab, complete the following fields:


Field name

 

Service name

Enter a display name to identify the Service Provider (e.g., ServiceNow) 

 

Issuer 

Enter the issuer of the service (e.g., ServiceNow)

 

Description 

 Enter a description for the service. 

 

Enabled 

Toggle as enabled

 

Display icon

Click on the icon and upload an icon for the service that will be displayed on the login page

 


 

 



  • 6. In the right pane, select the PARAMETERS tab.


  • 7. Complete the following fields:


Field name

Field value

Login

Login method for Octopus Authentication Server 

Name ID

ServiceNow login parameter (default – email)

Method

GET

ACS URL

https://<ServiceNow Instance FQDN>/navpage.do

Audience

ServiceNow Instance URL




  • 8. In the right pane, select the SIGN ON tab.




  • 9. The message for the mobile device can be customized in the Customize message field.


    • 10. Right-click SAML METADATA to copy the link URL (the link URL will be used in the ServiceNow configuration).

    • 11. Click on SAVE SETTINGS.



  • Assign Users to ServiceNow Service

    After configuring the service, users should be assigned to the service to use it for authentication.

  1. Select Services from the left pane
  2. Click on the action bar of the service that was previously created and select Edit service.


  • 3. In the right pane, select the USERS tab.




      • 4. Select and enable users either from Local Users” or LDAP Users lists.
            The selection can be either of:

  • A group of users, by clicking on the dot next to one of the folders
  • An individual user, by clicking on the dot next to that user
    • 5. Click Save Settings.


Configure ServiceNow

 

To work with ServiceNow as a Service Provider and Octopus Authentication Server as the 3rd party IdP, ServiceNow has to be set as a Service Provider and the Octopus Authentication Server has to be set as an Identity Provider in ServiceNow. 

To Add Octopus Authentication Server as an Identity Provider in ServiceNow:

Install the Multi-Provider Single Sign-On Plugin

By default, ServiceNow doesn`t have any support for SAML. To enable the support, a plugin must be installed in the instance.

 

  1. Open ServiceNow Service Management.
  2. In the left pane, Navigate to System Definition > Plugins. 
  3. In the right pane, a list of plug-ins appears. Select Integration - Multiple Provider Single Sign-On Enhanced UI.
  4. In the System Plugin form, review the plugin details and then click the Activate/Upgrade Related Link.



5. Click Activate.








Add an Identity Provider

  1. Open ServiceNow Service Management.
  2. In the left pane, navigate to Multi-Provider SSO> Administration> Properties.
  3. Click and enable the Enable multiple provider SSO.




  • 4. Click Save.


  • 5. In the left pane, navigate to Multi-Provider SSO > Identity Providers.


  • 6. In the right pane, click New.