The Strivacity Fusion and ServiceNow integration supports OpenID Connect based SP-initiated Single-Sign-On and SP-initiated Single-Sign-Out workflows with ServiceNow.
This integration provides the following benefits to your ServiceNow implementation
Adaptive Multi-factor Authentication workflows in front of your ServiceNow portal experiences based around OpenID Connect
Self-Service Registration, Account Recovery and Account Management
Leverage the Strivacity Identity Store for the storage of all of your customer or partner accounts
Easy rebranding and customization of your customer facing experiences
They're three steps required to setup a your ServiceNow instance with Strivacity Fusion, along with a third optional step:
Once configured, they're two ways in which you may wish to provide access to ServiceNow to your customers:
To create an Application, follow these simple steps.
1) Start by logging into the Admin Console using an admin account.
2) From the left-hand menu, select Applications.
3) If you're just getting started with Fusion then the applications list will be empty. If any existing applications have been configured then they will be listed here.
4) Create a new application, click + Create Application button from the top right hand corner as shown below:
5) The table below provides guidance on the purpose/required values for the fields on this page.
Once you have filled out all of the fields, click the Save button at the bottom of the page.
Define a name for this application. This name is displayed in the Applications listing and used to refer to this Application throughout Fusion.
You can use this field to add any description or useful information that you may need for your Application.
The Client ID is automatically generated by Fusion when you save the Application at the end of this process. You will use the ClientID in step 2 of this process when configuring ServiceNow.
The Client ID is automatically generated by Fusion when you save the Application at the end of this process.You will also use the Client Secret in step 2 of this process when configuring ServiceNow.
Token Endpoint Authentication Method
Set this value to Post - so that Fusion will understand that ServiceNow will be posting to it during authentication.
You can choose to leave this as default. Here is where you can choose which Identity Store you would like to use with this application.
Adaptive MFA Policy
You can choose to leave this as default. Here is where you can choose which Adaptive MFA Policy you would like to use with this application.
You can choose to leave this as default. Here is where you can choose which Self-Service Policy you would like to use with this application.
JWT Signing Policy
This should remain at the default of RS256
This should be https://[FQDN of your Fusion instance]/login
Allowed Callback URLs
The following Callback URLs should be configured: https://[Service Now Instance FQDN]/navpage.do and https://[Service Now Instance FQDN]/sp
Prior to configuring the integration, you will need the ServiceNow prerequisite 'Integration - Multiple Single Sign-On Installer' installed - the process for this is covered in steps 1 through 7 below.
1) Log into your ServiceNow instance using a Systems Administrator role.
2) Next, go to Filter navigator in the top left hand corner and search for plugins and then search for SSO on the plugins page as shown below:
3) Next, locate Integration - Multiple Provider Single Sign-On Installer from the search results and click the Install button as shown below:
4) You will be prompted to Activate Plugin as shown below. Click the Activate button to continue.
5) The Plugin Activation progress bar will be displayed as ServiceNow activates the plugin, as shown below:
6) Next, click the Close and Reload Form button on the Plugin Activation window as shown below:
7) Once the form has reloaded from step number 6 above, go back to the Filter navigator and type SSO. From the search results click Properties under Multi-provider SSO - Federations then click Administration.
The Customization Properties for Multiple Provider SSO page will now be displayed as shown below:
8) Select Yes under Enable multiple provider SSO and click the Save button in the top right hand corner.
9) Next, click Identity Providers from the left hand menu. All Identity Providers within your ServiceNow instance will be listed as shown below:
10) Now, click on the New button from the top left menu to create a new Identity Provider
11) Under the What kind of SSO are you trying to create? click OpenID Connect as shown below:
12) The Import OpenID Connect Well Known Configuration page will be displayed as shown below. The table below shows all of the values that are required. Once you've filled these in, click the Import button.
Here you can enter the friendly name of Strivacity
Here you will need to copy the Client ID from the Application that you created in Step 1 in the Strivacity Fusion admin console and paste it into this field
Here you will need to copy the Client Secret from the Application that you created in Step 1 in the Strivacity Fusion admin console and paste it into this field
Well Known Configuration URL
Here you will need to specify the following URL where you will need the fully qualified domain name for your Strivacity Fusion instance.
https://[FQDN for the Fusion tenant]/.well-known/openid-configuration
Note: This URL has to be reachable from your ServiceNow instance
13) Your ServiceNow instance is now going to use the well known configuration URL (along with the Client ID and Client Secret) to communicate with Strivacity Fusion and setup the OIDC relationship between the two systems. Upon successfully doing this, the OIDC Identity Provider page will now be displayed as shown below:
15) Next, change the ServiceNow Homepage URL to https://[FQDN to your ServiceNow Instance]/sp, as shown below:
16) Next, click Show as Login option. In the SSO Label field you can type 'Strivacity Fusion' and if desired you can use the Strivacity Icon URL which is: https://strivacity.com/icons/favicon.png. The configuration should look like the screenshot below:
Once complete, you can click the Update button from the top right hand menu.
17) Next, on the OIDC Provider Configuration Tab, click the Strivacity named OIDC Provider that you named in step 12. This is shown in the screenshot below:
18) Within the OIDC Provider Configuration for your Strivacity named OIDC Provider, the following settings should be made per the table below. Once these changes have been made, click the Update button.
19) This completes the integration of Strivacity Fusion with ServiceNow. You now have two options available for login depending on how you would like your customers/users to login.
Your customers or employees can directly log in via Fusions log in component by simply linking to the following (persistent) URL. For instance if you were providing a link on your website or portal to ServiceNow secured by Fusion, this is the URL that you would use.
https://[service now instance FQDN]/login_with_sso.do?glide_sso_id=[ClientID]
Where the ClientID is the Fusion Client ID used
Since Fusion is setup as a login provider with ServiceNow, you will see the Log in with Strivacity Fusion button on the login screen if for any reason you need any customer or employees to log in this way.
You can access this through directly navigating to the URL of the service now instance via your browser.
Adding Self-Service Account Management to ServiceNow's Service Portal provides all of Fusions self-service to ServiceNow accounts, including:
Ability to update any profile/account information
Add account verification email addresses and phone numbers
Enroll and Manage Multi-Factor Authentication
Follow these steps within ServiceNow to setup this integration:
1) Log in to Service Management as a System Administrator
2) Using the filter navigator, search for service portal, and then on the left hand menu under Service Portal Configuration click on Menus on as shown in the screenshot below:
3) Next, looking at the Package column, click on Service Portal for Enterprise Service Management. A file listing will be shown per the screenshot below:
4) Now locate and click the index page from the file listing. You will now be shown a page editor like in the screenshot below:
5) For simplicity, we're going to edit the Get Help icon and link, however here you can use the extensibility that is ServiceNow and create your own new menu item if you wish.
6) To edit the existing Get Help icon and use this for self-service, click Get Help. The edit page will now be displayed as shown below:
7) Next, locate the following fields and modify their values per the table below:
Self-Service My Account
https://[Fusion FQDN]/myaccount/oauth2/authorization/[Client ID]
8) Now, click the Update button in the top right hand corner. You will now be returned to the page edit as shown in the screenshot below. Click Update again from the top right hand corner.
9) If you now log-in using a customer account the Self-Service My Account link will now be displayed in the ServiceNow Service Portal Portal page, as shown in the screenshot below.
10) This completes the integration of the Fusion Self-Service Account Management component with ServiceNow.