ServiceNow
Learn how to enhance your ServiceNow implementation using Adaptive Multi-Factor Authentication, Consent Management, Social Login, and Self-Service Account Management.
The Strivacity Fusion and ServiceNow integration supports OpenID Connect based SP-initiated Single-Sign-On and SP-initiated Single-Sign-Out workflows with ServiceNow.
This integration provides the following benefits to your ServiceNow implementation
    Adaptive Multi-factor Authentication workflows in front of your ServiceNow portal experiences based around OpenID Connect
    Self-Service Registration, Account Recovery and Account Management
    Leverage the Strivacity Identity Store for the storage of all of your customer or partner accounts
    Easy rebranding and customization of your customer facing experiences
They're three steps required to setup a your ServiceNow instance with Strivacity Fusion, along with a third optional step:
Once configured, they're two ways in which you may wish to provide access to ServiceNow to your customers:

Step 1) Setup an Application within Fusion

To create an Application, follow these simple steps.
1) Start by logging into the Admin Console using an admin account.
2) From the left-hand menu, select Applications.
3) If you're just getting started with Fusion then the applications list will be empty. If any existing applications have been configured then they will be listed here.
4) Create a new application, click + Create Application button from the top right hand corner as shown below:
5) The table below provides guidance on the purpose/required values for the fields on this page.
Once you have filled out all of the fields, click the Save button at the bottom of the page.

Basic Information

Field Name
Description
Name
Define a name for this application. This name is displayed in the Applications listing and used to refer to this Application throughout Fusion.
Description
You can use this field to add any description or useful information that you may need for your Application.
ClientID
The Client ID is automatically generated by Fusion when you save the Application at the end of this process. You will use the ClientID in step 2 of this process when configuring ServiceNow.
Client Secret
The Client ID is automatically generated by Fusion when you save the Application at the end of this process.You will also use the Client Secret in step 2 of this process when configuring ServiceNow.
Token Endpoint Authentication Method
Set this value to Post - so that Fusion will understand that ServiceNow will be posting to it during authentication.

Application Properties

Field Name
Description
Identity Store
You can choose to leave this as default. Here is where you can choose which Identity Store you would like to use with this application.
Adaptive MFA Policy
You can choose to leave this as default. Here is where you can choose which Adaptive MFA Policy you would like to use with this application.
Self-Service Policy
You can choose to leave this as default. Here is where you can choose which Self-Service Policy you would like to use with this application.
JWT Signing Policy
This should remain at the default of RS256
Login URL
This should be https://[FQDN of your Fusion instance]/login
Allowed Callback URLs
The following Callback URLs should be configured: https://[Service Now Instance FQDN]/navpage.do and https://[Service Now Instance FQDN]/sp

Step 2) Configuring your ServiceNow instance

You will need the ServiceNow Paris release on your ServiceNow instance to take advantage of the OpenID Connect integration
Prior to configuring the integration, you will need the ServiceNow prerequisite 'Integration - Multiple Single Sign-On Installer' installed - the process for this is covered in steps 1 through 7 below.
1) Log into your ServiceNow instance using a Systems Administrator role.
2) Next, go to Filter navigator in the top left hand corner and search for plugins and then search for SSO on the plugins page as shown below:
Click to Enlarge
3) Next, locate Integration - Multiple Provider Single Sign-On Installer from the search results and click the Install button as shown below:
Click to Enlarge
4) You will be prompted to Activate Plugin as shown below. Click the Activate button to continue.
Click to Enlarge
5) The Plugin Activation progress bar will be displayed as ServiceNow activates the plugin, as shown below:
Click to Enlarge
6) Next, click the Close and Reload Form button on the Plugin Activation window as shown below:
Click to Enlarge
7) Once the form has reloaded from step number 6 above, go back to the Filter navigator and type SSO. From the search results click Properties under Multi-provider SSO - Federations then click Administration.
The Customization Properties for Multiple Provider SSO page will now be displayed as shown below:
Click to Enlarge
8) Select Yes under Enable multiple provider SSO and click the Save button in the top right hand corner.
9) Next, click Identity Providers from the left hand menu. All Identity Providers within your ServiceNow instance will be listed as shown below:
Click to Enlarge
10) Now, click on the New button from the top left menu to create a new Identity Provider
11) Under the What kind of SSO are you trying to create? click OpenID Connect as shown below:
Click to Enlarge
12) The Import OpenID Connect Well Known Configuration page will be displayed as shown below. The table below shows all of the values that are required. Once you've filled these in, click the Import button.
Click to Enlarge
Field Name
Value
Name
Here you can enter the friendly name of Strivacity
Client ID
Here you will need to copy the Client ID from the Application that you created in Step 1 in the Strivacity Fusion admin console and paste it into this field
Client Secret
Here you will need to copy the Client Secret from the Application that you created in Step 1 in the Strivacity Fusion admin console and paste it into this field
Well Known Configuration URL
Here you will need to specify the following URL where you will need the fully qualified domain name for your Strivacity Fusion instance.
https://[FQDN for the Fusion tenant]/.well-known/openid-configuration
Note: This URL has to be reachable from your ServiceNow instance
13) Your ServiceNow instance is now going to use the well known configuration URL (along with the Client ID and Client Secret) to communicate with Strivacity Fusion and setup the OIDC relationship between the two systems. Upon successfully doing this, the OIDC Identity Provider page will now be displayed as shown below:
Click to Enlarge
15) Next, change the ServiceNow Homepage URL to https://[FQDN to your ServiceNow Instance]/sp, as shown below:
Click to Enlarge
16) Next, click Show as Login option. In the SSO Label field you can type 'Strivacity Fusion' and if desired you can use the Strivacity Icon URL which is: https://strivacity.com/icons/favicon.png. The configuration should look like the screenshot below:
Click to Enlarge
Once complete, you can click the Update button from the top right hand menu.
17) Next, on the OIDC Provider Configuration Tab, click the Strivacity named OIDC Provider that you named in step 12. This is shown in the screenshot below:
Click to Enlarge
18) Within the OIDC Provider Configuration for your Strivacity named OIDC Provider, the following settings should be made per the table below. Once these changes have been made, click the Update button.
Field Name
Value
User Claim
username
User Field
User ID
Click to Enlarge
19) This completes the integration of Strivacity Fusion with ServiceNow. You now have two options available for login depending on how you would like your customers/users to login.

1) Logging in directly using Fusions Log in Component

Your customers or employees can directly log in via Fusions log in component by simply linking to the following (persistent) URL. For instance if you were providing a link on your website or portal to ServiceNow secured by Fusion, this is the URL that you would use.
https://[service now instance FQDN]/login_with_sso.do?glide_sso_id=[ClientID]
Where the ClientID is the Fusion Client ID used

2) Logging in via the ServiceNow Service Management Login Screen

Since Fusion is setup as a login provider with ServiceNow, you will see the Log in with Strivacity Fusion button on the login screen if for any reason you need any customer or employees to log in this way.
You can access this through directly navigating to the URL of the service now instance via your browser.
Click to Enlarge

Step 3) Adding Self-Service Account Management to ServiceNow's Service Portal (optional)

Adding Self-Service Account Management to ServiceNow's Service Portal provides all of Fusions self-service to ServiceNow accounts, including:
    Ability to update any profile/account information
    Add account verification email addresses and phone numbers
    Enroll and Manage Multi-Factor Authentication
    Change Password
Follow these steps within ServiceNow to setup this integration:
1) Log in to Service Management as a System Administrator
2) Using the filter navigator, search for service portal, and then on the left hand menu under Service Portal Configuration click on Menus on as shown in the screenshot below:
Click to Enlarge
3) Next, looking at the Package column, click on Service Portal for Enterprise Service Management. A file listing will be shown per the screenshot below:
Click to Enlarge
4) Now locate and click the index page from the file listing. You will now be shown a page editor like in the screenshot below:
Click to Enlarge
5) For simplicity, we're going to edit the Get Help icon and link, however here you can use the extensibility that is ServiceNow and create your own new menu item if you wish.
6) To edit the existing Get Help icon and use this for self-service, click Get Help. The edit page will now be displayed as shown below:
Click to Enlarge
7) Next, locate the following fields and modify their values per the table below:
Field Name
Value
Title
Self-Service My Account
Type
URL
HREF/URL
https://[Fusion FQDN]/myaccount/oauth2/authorization/[Client ID]
8) Now, click the Update button in the top right hand corner. You will now be returned to the page edit as shown in the screenshot below. Click Update again from the top right hand corner.
Click to Enlarge
9) If you now log-in using a customer account the Self-Service My Account link will now be displayed in the ServiceNow Service Portal Portal page, as shown in the screenshot below.
10) This completes the integration of the Fusion Self-Service Account Management component with ServiceNow.
Last modified 7d ago