[Notification] We're upgrading the JumpCloud Support Center the week of September 16th.

Support Center

Single Sign On (SSO) with ServiceNow

Prerequisites:

  • A public certificate and private key pair are required to successfully connect applications with JumpCloud. After you activate an application, we automatically generate a public certificate and private key pair for you. You can use this pair or upload your own. 
  • In order to successfully complete the integration between JumpCloud and ServiceNow, you must use an administrator account in ServiceNow. Additionally, the administrator’s ServiceNow account must be running the latest SAML 2.0 plugin.

Notes:

  • After you connect an application to JumpCloud, you can connect it to user groups. Users in the groups you connect can access the application through SAML SSO. Learn how to connect user groups to applications.
  • Before configuring ServiceNow for SSO, the administrator should ensure that his or her ServiceNow account is running the latest SAML 2.0 plugin. To request a plugin upgrade to SAML 2.0 Update 1, contact Customer Support.

Configure the JumpCloud SSO Application

  1. Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
  2. Select Applications in the main navigation panel.
  3. Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, the select 'configure'.
  4. You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
  5. In the IDP Entity ID field, enter https://YOURDOMAIN.TLD (e.g., https://thebestwidgets.com).
  6. In the SP Entity ID field, enter https://SUBDOMAIN.service-now.com/ (replace SUBDOMAIN with the subdomain of your ServiceNow instance).
  7. In the ACS URL field, enter https://SUBDOMAIN.service-now.com/navpage.do (replace SUBDOMAIN with the subdomain of your ServiceNow instance).
  8. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
  9. (Optional) In the Display Label field, enter a label that will appear under the Service Provider logo within the JumpCloud User console.
  10. Select Activate.

Configure the Service Provider

  1. Log in to ServiceNow as an administrator.
  2. Type ‘saml’ into the search bar in the upper left corner to find the SAML 2 Single Sign-on application.
  3. Select Properties under SAML 2 Single Sign-on and check the box to Enable external authentication.
  4. In the Identity Provider URL field, enter https://YOURDOMAIN.com (replace YOURDOMAIN with your company’s unique domain).
  5. In the base URL to the Identity Provider’s AuthnRequest service field, enter the same IdP URL that you set in the JumpCloud console (if you did not modify the termination of this URL, then enter the default URL: https://sso.jumpcloud.com/saml2/servicenow).
  6. Leave the Sign AuthnRequest box unchecked.
  7. In the base URL to the Identity Provider’s SingleLogoutRequest service field, enter https://console.jumpcloud.com/userconsole/.
  8. In the protocol binding for the Identity Provider’s SingleLogoutRequest service field, enter urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.
  9. Leave the Sign LogoutRequest box unchecked.
  10. In the When SAML 2.0 single sign-on fails… field, enter the same IdP URL that you set in the JumpCloud console (if you did not modify the termination of this URL, then enter the default URL: https://sso.jumpcloud.com/saml2/servicenow).
  11. In the URL to redirect users to… field, enter https://console.jumpcloud.com/userconsole/.
  12. In the URL to the Service-now instance field, enter https://SUBDOMAIN.service-now.com/navpage.do (replace SUBDOMAIN with the subdomain of your ServiceNow instance).
  13. In the entity identification field AND the audience uri… field, enter https://SUBDOMAIN.service-now.com (replace SUBDOMAIN with the subdomain of your ServiceNow instance).
  14. In the User table field… field, enter ‘email’.
  15. In the *NameID policy… field, enter urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
  16. Select Save.
  17. Select Certificate under SAML 2 Single Sign-on.
  18. In the PEM Certificate field, paste the entire contents of your public certificate.
  19. Select Update and all other fields in the form should update to the appropriate values.

Validate SSO authentication workflows

IdP Initiated

  • Access the JumpCloud User Console at https://console.jumpcloud.com.
  • Select the Service Provider icon.
  • This should automatically launch and login to the application.

SP Initiated

  • Navigate to your Service Provider application URL.
  • You will be redirected to log in to the JumpCloud User Portal.
  • The browser will be redirected back to the application and be automatically logged in.
 

Last Updated: Aug 19, 2019 01:42PM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete