Set up ServiceNow as the SP and EAA as the IdP
This procedure describes how to set up the ServiceNow application as a service provider (SP) and EAA as the identity provider (IdP).
Access ServiceNow Developer portal.
You have created a developer account on ServiceNow application.
- Click REGISTER and enter the information.
- After you register, check your mail for an activation message.
Access your personalized
site with your log in information.
Note: If you have a trial account, it lasts for 24 hours only and then goes into hibernation. If the trail account is not used within 5 days, it is decommissioned.
Create a ServiceNow developer
You have created a developer instance of ServiceNow application.
Click Request an
Instance. Choose Latest
Release from the available options.
Release from the available options and close the
After the instance is
created, save the instance specific URL and admin credentials.
- Click Request an Instance. Choose Latest Release from the available options.
- In a new browser window access the customized URL, with your user name and password, to make sure it works. (A password reset is required)
- Configure EAA as the IdP for a custom SaaS application for ServiceNow but do not deploy the application at this stage. Configure the general settings of the application, set the application URL to ServiceNow instance-specific URL ( for example, https://devxxxxx.service-now.com/), choose application icon and category. Click Assign identity provider and choose the identity provider. Then, click Assign Directory and choose the directory with users. Click Save and go to SAML settings. Click Download to download the pre-populated metadata. Save the information as saml_idp_data.txt using any text editor.
Configure ServiceNow as a
Service Provider (SP).
- Login in to your ServiceNow developer instance you created in Step 2.
- Search for “Plugins” in the search bar, on the left panel. Navigate to Plugins.
On the search box, on the right pane,search for “Integration - Multiple
Provider Single Sign-On Installer” and install it.
- Click Activate/Upgrade link and confirm activation.
“Multi-Provider SSO” in the search bar, on the left panel. The plugin
should be installed. Add it to your favorites. You will need to access
this again in step h and step n later.
Reset the filter. Go
back to the instance Homepage by clicking ServiceNow logo. Then click
Create a new user. Click Users icon,
New button and user set up window appears.
Confirm that the email matches the directory integrated with IdP in
Go back to the
“Multi-Provider SSO” from step e which you added as favorites. Navigate
to Administration. Click Properties. Enable all the 3 options and Save.
Create a new SAML identity provider in ServiceNow. Navigate to
Identity providers, click
New and choose
Next, there will be a pop-up window for “Identity Provider Metadata”,
select XML. Copy the contents from saml_idp_data.txt from step 4 b and
paste it in the “Enter the XML” section. Click the
Check the EAA IdP URL as the Default
Update the * NameID Policy to email address. Modify it from
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.Then click, Save and Update.
Since the “Test
Connection” feature in ServiceNow is not currently compatible with EAA,
you will need to disable it. Perform these steps: You will need to set
property to false. In the search box on the left panel, type sys_properties.list
and hit enter, to see all properties. Check if the glide.authenticate.multisso.test.connection.mandatory is
there and set to false.
If it is missing, click New, add the property and set the type to False. The click Submit.
Go back to the
“Multi-Provider SSO” from step e which you added as favorites. Click on
the Identity provider you created and activate it.
The ServiceNow application is configured as a Service Provider (SP).
Go back to your EAA application
that you were configuring in step 4. Go to SAML Settings tab, SAML Settings
section. Check that the following match ServiceNow configurations.
- Entity ID should match value of Entity ID /Issuer in ServiceNow identity provider config (e.g. https://devxxxx.service-now.com)
- SSO (ACS) URL should match value of ServiceNow Homepage in ServiceNow identity provider config (e.g https://devxxxx.service-now.com/navpage.do)
- Ensure that you are using the same SHA algorithm in EAA and ServiceNow. If you are using SHA-1 algorithm in ServiceNow, set Response signature algorithm to SHA1 in EAA. Alternatively, if you're using SHA-256 algorithm in ServiceNow (See ServiceNow documentation SHA-256 support for Single Sign On) set Response signature algorithm to SHA256 in EAA.
And Single logout URL to the same value as
SSO (ACS) URL (e.g
In https://devxxxx.service-now.com xxxx is a random number generated when you created an instance.
- Click Save and go to Deployment.
- On the deployment tab, click Deploy application.
Verify that EAA as IdP and ServiceNow as SP work seamlessly authenticate
accredited users associated with the IdP to use the ServiceNow SP:
Navigate to your ServiceNow instance URL on a web browser and click
“Use external login”
- Login as admin with your customized password, as in step 3.
- You will be redirected to the EAA IdP login url. You should enter the user credentials matching AD or Cloud Directory for the user.
You are allowed to your ServiceNow account landing page:
With EAA configured as a IdP, ServiceNow configured as a SP, and both implementing SAML, they can seamlessly authenticate accredited users associated with the IdP to use the ServiceNow SP.
- Navigate to your ServiceNow instance URL on a web browser and click “Use external login”