How to implement single sign-on (SSO) for ServiceNow, without a cloud identity provider

For IT departments, the days of spreadsheets and emails are long gone. Today, apps like Microsoft Teams, Slack, Zoom, and helpdesk platforms are essential for getting the job done.

IT originally adopted most of these tools for convenience. But sometimes, the opposite happens: specialized IT applications get picked up across the whole organization. A great example of that trend is ServiceNow.

Today, teams across the business — from customer support to HR, legal, and finance — use ServiceNow, not just IT. That’s great for productivity, but it also makes securing employee access more complex. Now, hundreds of users, not just a handful of IT staff, need secure access.

ServiceNow is just one example of how SaaS usage has exploded. With every new tool, employees juggle more credentials, and IT teams feel the pressure. Single sign-on (SSO) helps by consolidating multiple logins under one credential.

But traditional SSO has a downside: it usually depends on a cloud identity provider (IdP). That means added cost, reduced data sovereignty, and potential compliance headaches for organizations that prefer to keep their authentication infrastructure on-premises.

While it’s possible to keep using on-prem Active Directory (AD) as the authentication database, integrating it with SaaS apps often means stitching together multiple tools, like Microsoft Entra Connect with Entra ID, just to enable multi-factor authentication (MFA).

That last control is critical.

The “bottom of the iceberg” risk of SSO is that it can become a single point of failure. If compromised, it can give attackers access to multiple systems through one credential. That’s why organizations adopting SSO must also implement additional security layers, such as strong password policies and MFA, to reduce the risk of compromise.

UserLock SSO gives organizations a way to implement SSO using their existing on-prem infrastructure. No need to rely on, or pay for, an external IdP.

Admins configure SSO using UserLock’s built-in tools and wizards, turning a potentially complex setup into a manageable project. Importantly, UserLock includes essential security layers, such as granular MFA, user access control, and cloud synchronization, at no extra cost.

Here’s how to set up ServiceNow with UserLock SSO:

1. In the UserLock console, select ServiceNow as a SaaS provider and add your ServiceNow instance (e.g., https://yourInstance.service-now.com). Restart the SSO service.

2. In ServiceNow, go to Multi-Provider SSO → Identity Providers and click New. When prompted for the SSO type to create, select SAML. You’ll then be prompted to import metadata from: https://<SSO_domain>/metadata.

3. Before activating, click Test Connection to ensure the setup is working properly.

👉 You’ll find detailed configuration instructions in the UserLock SSO documentation.