ServiceNow

Learn how to enhance your ServiceNow implementation using Adaptive Multi-Factor Authentication, Consent Management, Social Login, and Self-Service Account Management.

The Strivacity and ServiceNow integration supports OpenID Connect based SP-initiated Single-Sign-On and SP-initiated Single-Sign-Out workflows with ServiceNow.

This integration provides the following benefits to your ServiceNow implementation

  • Adaptive Multi-factor Authentication workflows in front of your ServiceNow portal experiences based around OpenID Connect
  • Self-Service Registration, Account Recovery and Account Management
  • Leverage the Strivacity Identity Store for the storage of all of your customer or partner accounts
  • Easy rebranding and customization of your customer facing experiences

They're three steps required to setup a your ServiceNow instance with Strivacity, along with a third optional step:

Once configured, they're two ways in which you may wish to provide access to ServiceNow to your customers:

Step 1) Setup an Application within Strivacity

To create an Application, follow these simple steps.

1) Start by logging into the Admin Console using an admin account.

2) From the left-hand menu, select Applications.

3) If you're just getting started with Strivacity then the applications list will be empty. If any existing applications have been configured then they will be listed here.

4) Create a new application, click + Create Application button from the top right hand corner as shown below:

5) The table below provides guidance on the purpose/required values for the fields on this page.

Once you have filled out all of the fields, click the Save button at the bottom of the page.

Basic Information

Field NameDescription
NameDefine a name for this application. This name is displayed in the Applications listing and used to refer to this Application throughout Strivacity
DescriptionYou can use this field to add any description or useful information that you may need for your Application.
ClientIDThe Client ID is automatically generated when you save the Application at the end of this process. You will use the ClientID in step 2 of this process when configuring ServiceNow.
Client SecretThe Client ID is automatically generated when you save the Application at the end of this process.You will also use the Client Secret in step 2 of this process when configuring ServiceNow.
Token Endpoint Authentication MethodSet this value to Post - so that Strivacity will understand that ServiceNow will be posting to it during authentication.

Application Properties

Field NameDescription
Identity StoreYou can choose to leave this as default. Here is where you can choose which Identity Store you would like to use with this application.
Adaptive MFA PolicyYou can choose to leave this as default. Here is where you can choose which Adaptive MFA Policy you would like to use with this application.
Self-Service PolicyYou can choose to leave this as default. Here is where you can choose which Self-Service Policy you would like to use with this application.
JWT Signing PolicyThis should remain at the default of RS256
Login URLThis should be https://[FQDN of your Strivacity instance]/login
Allowed Callback URLsThe following Callback URLs should be configured: https://[ServiceNow instance FQDN]/navpage.do and https://[ServiceNow instance FQDN]/sp

Step 2) Configuring your ServiceNow instance

You will need the ServiceNow Paris release on your ServiceNow instance to take advantage of the OpenID Connect integration

Prior to configuring the integration, you will need the ServiceNow prerequisite 'Integration - Multiple Single Sign-On Installer' installed - the process for this is covered in steps 1 through 7 below.

1) Log into your ServiceNow instance using a Systems Administrator role.

2) Next, go to Filter navigator in the top left hand corner and search for plugins and then search for SSO on the plugins page as shown below:

Click to EnlargeClick to Enlarge

3) Next, locate Integration - Multiple Provider Single Sign-On Installer from the search results and click the Install button as shown below:

Click to EnlargeClick to Enlarge

4) You will be prompted to Activate Plugin as shown below. Click the Activate button to continue.

Click to EnlargeClick to Enlarge

5) The Plugin Activation progress bar will be displayed as ServiceNow activates the plugin, as shown below:

Click to EnlargeClick to Enlarge

6) Next, click the Close and Reload Form button on the Plugin Activation window as shown below:

Click to EnlargeClick to Enlarge

7) Once the form has reloaded from step number 6 above, go back to the Filter navigator and type SSO. From the search results click Properties under Multi-provider SSO - Federations then click Administration.

The Customization Properties for Multiple Provider SSO page will now be displayed as shown below:

Click to EnlargeClick to Enlarge

8) Select Yes under Enable multiple provider SSO and click the Save button in the top right hand corner.

9) Next, click Identity Providers from the left hand menu. All Identity Providers within your ServiceNow instance will be listed as shown below:

Click to EnlargeClick to Enlarge

10) Now, click on the New button from the top left menu to create a new Identity Provider

11) Under the What kind of SSO are you trying to create? click OpenID Connect as shown below:

Click to EnlargeClick to Enlarge

12) The Import OpenID Connect Well Known Configuration page will be displayed as shown below. The table below shows all of the values that are required. Once you've filled these in, click the Import button.

Click to EnlargeClick to Enlarge

Field NameValue
NameHere you can enter the friendly name of Strivacity
Client IDHere you will need to copy the Client ID from the Application that you created in Step 1 in the Strivacity Fusion admin console and paste it into this field
Client SecretHere you will need to copy the Client Secret from the Application that you created in Step 1 in the Strivacity Fusion admin console and paste it into this field
Well Known Configuration URLHere you will need to specify the following URL where you will need the fully qualified domain name for your Strivacity Fusion instance.

https://[FDQN for Strivacity tenant]/.well-known/openid-configuration

Note: This URL has to be reachable from your ServiceNow instance

13) Your ServiceNow instance is now going to use the well known configuration URL (along with the Client ID and Client Secret) to communicate with Strivacity and setup the OIDC relationship between the two systems. Upon successfully doing this, the OIDC Identity Provider page will now be displayed as shown below:

Click to EnlargeClick to Enlarge

15) Next, change the ServiceNow Homepage URL to https://[FDQN to your SErvieNow instance]/sp, as shown below:

Click to EnlargeClick to Enlarge

16) Next, click Show as Login option. In the SSO Label field you can type 'Strivacity' and if desired you can use the Strivacity Icon URL which is: https://strivacity.com/icons/favicon.png. The configuration should look like the screenshot below:

Click to EnlargeClick to Enlarge

Once complete, you can click the Update button from the top right hand menu.

17) Next, on the OIDC Provider Configuration Tab, click the Strivacity named OIDC Provider that you named in step 12. This is shown in the screenshot below:

Click to EnlargeClick to Enlarge

18) Within the OIDC Provider Configuration for your Strivacity named OIDC Provider, the following settings should be made per the table below. Once these changes have been made, click the Update button.

Field NameValue
User Claimusername
User FieldUser ID

Click to EnlargeClick to Enlarge

19) This completes the integration of Strivacity with ServiceNow. You now have two options available for login depending on how you would like your customers/users to login.

1) Logging in directly using Strivacity's Log in Component

Your customers or employees can directly log in via Strivacity's log in component by simply linking to the following (persistent) URL. For instance if you were providing a link on your website or portal to ServiceNow secured by Strivacity, this is the URL that you would use.

https://[ServiceNow instance FQDN]/login_with_sso.do?glide_sso_id=[ClientID]

Where the ClientID is the Strivacity Client ID used

2) Logging in via the ServiceNow Service Management Login Screen

Since Strivacity is setup as a login provider with ServiceNow, you will see the Log in with Strivacity button on the login screen if for any reason you need any customer or employees to log in this way.

You can access this through directly navigating to the URL of the service now instance via your browser.

Click to EnlargeClick to Enlarge

Step 3) Adding Self-Service Account Management to ServiceNow's Service Portal (optional)

Adding Self-Service Account Management to ServiceNow's Service Portal provides all of Strivacity's self-service to ServiceNow accounts, including:

  • Ability to update any profile/account information
  • Add account verification email addresses and phone numbers
  • Enroll and Manage Multi-Factor Authentication
  • Change Password

Follow these steps within ServiceNow to setup this integration:

1) Log in to Service Management as a System Administrator

2) Using the filter navigator, search for service portal, and then on the left hand menu under Service Portal Configuration click on Menus on as shown in the screenshot below:

Click to EnlargeClick to Enlarge

3) Next, looking at the Package column, click on Service Portal for Enterprise Service Management. A file listing will be shown per the screenshot below:

Click to EnlargeClick to Enlarge

4) Now locate and click the index page from the file listing. You will now be shown a page editor like in the screenshot below:

Click to EnlargeClick to Enlarge

5) For simplicity, we're going to edit the Get Help icon and link, however here you can use the extensibility that is ServiceNow and create your own new menu item if you wish.

6) To edit the existing Get Help icon and use this for self-service, click Get Help. The edit page will now be displayed as shown below:

Click to EnlargeClick to Enlarge

7) Next, locate the following fields and modify their values per the table below:

Field NameValue
TitleSelf-Service My Account
TypeURL
HREF/URLhttps://[Strivacity FDQN]/myaccount/oauth2/authorization/[ClientID]

8) Now, click the Update button in the top right hand corner. You will now be returned to the page edit as shown in the screenshot below. Click Update again from the top right hand corner.

Click to EnlargeClick to Enlarge

9) If you now log-in using a customer account the Self-Service My Account link will now be displayed in the ServiceNow Service Portal Portal page, as shown in the screenshot below.

10) This completes the integration of the Strivacity Self-Service Account Management component with ServiceNow.