ServiceNow Provisioner

Creating a single sign-on connection

To allow PingFederate to handle single sign-on (SSO) to ServiceNow, create a service provider (SP) connection.

About this task

You can follow these steps to create a new SP connection, or you can modify your provisioning connection.

Steps

  1. In the PingFederate administrator console, configure an SP connection.

    1. On the Identity Provider tab, in the SP Connections area, click Create new.

    2. On the Connection Template tab, select Use a template for this connection.

    3. In the Connection Template list, select ServiceNow Connector.

    4. Click Choose File, select the sn-metadata.xml file that you exported in Exchanging signing certificates, and then click Open. Click Next.

  2. On the Connection Type tab, select Browser SSO Profiles. If you don’t want provisioning, clear Outbound Provisioning. Click Next.

  3. On the Connection Options tab, click Next.

  4. On the General Info tab, in the Partner’s Entity ID, Connection Name, and Base URL fields, change yourinstance to your ServiceNow instance name. Click Next.

  5. On the Browser SSO tab, configure browser SSO.

    For a complete guide, see Configure IdP Browser SSO in the PingFederate documentation.

    1. On the Browser SSO → SAML Profiles tab, select only IdP-Initiated SSO and SP-Initiated SSO.

    2. On the Browser SSO → Protocol Settings → Allowable SAML Bindings tab, select only POST and Redirect.

  6. On the Credentials tab, configure the connection credentials.

    For a complete guide, see Configuring credentials in the PingFederate documentation.

    1. On the Credentials → Digital Signature Settings tab, from the Signing Certificate list, select the certificate that you want to use with ServiceNow.

    2. Select Include the certificate in the signature <KEYINFO> element. Click Done.

  7. On the Activation and Summary tab, above the Summary section, click the toggle button to enable the connection. Click Save.