UserLock Documentation
UserLock Documentation

Configure ServiceNow for UserLock Single-Sign On


Enable ServiceNow in UserLock SSO

In the UserLock console, Navigate to Single Sign-On → Configuration.

  1. Select Add configuration, then select ServiceNow as the provider to be configured.
  2. Enter the values listed below :

    • Custom App Domain: domain of your ServiceNow instance (https:// <yourInstance>
    • Email domain: domain of the email you want to be used to allow users to log into

NOTE: The SSO service needs to be restarted in order to use this profile

Configure ServiceNow for Single Sign-On

STEP 1: Ensure the Multi-Provider SSO plug-in is installed

  • In the Search box, type Multi-Provider SSO
  • If you cannot find it, navigate to System Definition -> Plugins

    Search for Integration - Multiple Provider Single Sign-On Installer and install/activate it

STEP 2: Configure Single Sign-On on ServiceNow

  1. Connect to your ServiceNow with an administrator account.
  2. Navigate to Multi-Provider SSO → Identity Providers → Click the New button.
  3. When prompted for the SSO type to create, Select SAML. You will be prompted to import the identity provider metadata.

  4. In the Import Identity Provider Metadata dialog box, select URL and enter the following url: https://<SSO_domain>/metadata
  5. Click Import.

    If an error occurs during import process, use the XML option:

    • Open another tab and navigate to https://<SSO_domain>/metadata. → The metadata file will be automatically downloaded.
    • Open the file with a text editor, e.g., notepad, and copy its content.
    • Returning to the ServiceNow console, select XML in the Import Identity Provider Metadata prompt, and paste the previously copied content.
  6. The following screenshot displays a completed form with the metadata that has been imported:

    Once all fields are completed, please click the Test Connection button.

  7. If the test is successful, click the Activate button.

If the activation fails, an issue occurred during the test. Please clear the Identity Provider’s SingleLogoutRequest field and restart the Test Connection / Activate process.

Once the issue has been resolved, it’s possible to re-enter the previous value: https://<SSO_domain>/connect/endsession

NOTE: The Identity Provider’s SingleLogoutRequest field is optional. In order to ease troubleshooting, ensure that the field is blank to allow errors to be displayed.

Under Related links, click on Set as Auto Redirect IDP to make ServiceNow redirect your users to UserLock Single Sign-On when they try to access the instance homepage.

Now you only need to activate SSO. To do so, navigate to Multi-Provider SSO → Administration → Properties and click "Enable multi provider SSO".

How to cancel SSO

Click the Deactivate button in the Identity Provider settings.

It is also possible to bypass SSO by connecting to https:// <yourInstance> In this case, you will be redirected to the default ServiceNow sign-in page, where you will be able to connect with your ServiceNow credentials.

Known Issues

  • If you are redirected to the Logout Successful page at the end of the logon process, this can be because the user that was used to sign-in does not exist in ServiceNow. This can be also related to an obsolete certificate.
  • If you cannot activate your configuration after what is considered a successful test, the logout screen you have been redirected to may have been caused by the use of an inexistent user.
  • In order to update a configuration after a successful connection test, you will need to carry out the following tasks:

    • deactivate the identity provider
    • update
    • test connection
    • activate