To allow PingFederate to coordinate authentication for ServiceNow, configure the SAML 2.0 properties.
For official documentation, see External single sign-on (SSO) in the ServiceNow documentation.
- In your ServiceNow instance, go to SAML 2 Single Sign-on > Properties.
- On the SAML 2.0 Single Sign-on properties screen, select Enable external authentication.
-
In the Identity Provider properties section, in
the Identity Provider URL field, enter your
PingFederate URL based on the following:
https://pf_host:pf_port
-
In the base URL to the Identity Provider's AuthnRequest
service field, enter your PingFederate SSO endpoint
based on the following:
https://pf_host:pf_port/idp/SSO.saml2
- Optional: Select Sign AuthnRequest.
-
In the base URL to the Identity Provider's
SingleLogOutRequest service field, enter your
PingFederate SSO endpoint based on the following:
https://pf_host:pf_port/idp/SLO.saml2
- In the protocol binding for the Identity Provider's SIngleLogoutRequest service field, enter urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST.
- Select Sign LogoutRequest.
- In the Service Provider (ServiceNow) properties section, update the instance homepage, entity identification, and audience uri fields to point your ServiceNow instance.
- In the User table field, enter user_name.
- In the NameID policy field, enter urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
- Click Save.