Registering PingFederate as an identity provider in ServiceNow
To allow PingFederate to coordinate authentication for ServiceNow, configure the SAML 2.0 properties.
About this task
For official documentation, see External single sign-on (SSO) in the ServiceNow documentation.
Steps
-
In your ServiceNow instance, go to SAML 2 Single Sign-on > Properties.
-
On the SAML 2.0 Single Sign-on properties screen, select Enable external authentication.
-
In the Identity Provider properties section, in the Identity Provider URL field, enter your PingFederate URL based on the following:
https://pf_host:pf_port
-
In the base URL to the Identity Provider’s AuthnRequest service field, enter your PingFederate SSO endpoint based on the following:
https://pf_host:pf_port/idp/SSO.saml2
-
Optional: Select Sign AuthnRequest.
-
In the base URL to the Identity Provider’s SingleLogOutRequest service field, enter your PingFederate SSO endpoint based on the following:
https://pf_host:pf_port/idp/SLO.saml2
-
In the protocol binding for the Identity Provider’s SIngleLogoutRequest service field, enter
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
. -
Select Sign LogoutRequest.
-
In the Service Provider (ServiceNow) properties section, update the instance homepage, entity identification, and audience uri fields to point your ServiceNow instance.
-
In the User table field, enter
user_name
. -
In the NameID policy field, enter
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
. -
Click Save.