To allow PingFederate to handle single sign-on (SSO) to ServiceNow, create a service provider (SP) connection.
Note: You can follow these steps to create a new
SP connection, or you can modify your provisioning connection.
-
In the PingFederate administrator console, configure an SP connection.
- On the Identity Provider tab, in the SP Connections area, click Create new.
- On the Connection Template tab, select Use a template for this connection.
- In the Connection Template list, select ServiceNow Connector.
- Click Choose File, select the sn-metadata.xml file that you exported in Exchanging signing certificates, and then click Open. Click Next.
- On the Connection Type tab, select Browser SSO Profiles. If you don't want provisioning, clear Outbound Provisioning. Click Next.
- On the Connection Options tab, click Next.
- On the General Info tab, in the Partner's Entity ID, Connection Name, and Base URL fields, change yourinstance to your ServiceNow instance name. Click Next.
-
On the Browser SSO tab, configure browser SSO.
For a complete guide, see Configure IdP Browser SSO in the PingFederate documentation.
- On the Browser SSO > SAML Profiles tab, select only IdP-Initiated SSO and SP-Initiated SSO.
- On the Browser SSO > Protocol Settings > Allowable SAML Bindings tab, select only POST and Redirect.
-
On the Credentials tab, configure the connection
credentials.
For a complete guide, see Configuring credentials in the PingFederate documentation.
- On the Credentials > Digital Signature Settings tab, from the Signing Certificate list, select the certificate that you want to use with ServiceNow.
- Select Include the certificate in the signature <KEYINFO> element. Click Done.
- On the Activation and Summary tab, above the Summary section, click the toggle button to enable the connection. Click Save.