Skip to content
CA Identity Service
Documentation powered by DocOps

Add ServiceNow

Last update July 18, 2017

Add ServiceNow to CA Identity Service

  1. In CA Identity Service, click APPS in the left column.
  2. Click Add App.
  3. Select ServiceNow.
  4. Enter the name of the ServiceNow Instance that you are adding. The instance is part of the URL: instance-name.ServiceNow.com
  5. Enter the OAuth Client ID and Client Secret.
  6. Enter a username and password for a ServiceNow Administrator.
  7. Click Connect to give the app access to CA Identity Service.
  8. Click Import.
  9. When the import completes, click CONFIGURE to perform basic configuration.

Perform Advanced Configuration for ServiceNow

As a business owner of this app or an administrator, you can perform advanced configuration steps.

  1. In the left column, click APPS.
  2. On the row with your app, select the configure symbol.
  3. Perform the following steps and click Save after each step.
  4. Make any changes needed under Basics.
    You can change the app name or owner. The administrator can view all the applications and Business owner can only view applications that he or she owns. If you change the ownership, you could lose access to the app.
  5. Set the values under Account Settings.
    1. Discovery - Set the appropriate action to correlate accounts in the app with a person in CA Identity Service.
    2. Attributes - Set the attributes to assign for when an account is created.
    3. Termination - Determine what happens to an account in this app when a person is terminated.

Configure Single Sign-On for ServiceNow

You configure Single Sign-On by having simultaneous access to the Single Sign-On page in CA Identity Service and  administrator access to ServiceNow.

  1. In CA Identity Service, click APPS and select ServiceNow.
    1. Click Configure.
    2. Under Single Sign-On, click Setup.
    3. Select Enable Single Sign-On.
    4. Download the Verification Certificate and save it as a text file.
  2. Log in to ServiceNow as an administrator.
  3. Go to the Multi-Provider SSO menu and select x509 Certificate.
    1. Click the blue New button.
    2. On the certificate form, fill out the Name field.
    3. Paste the contents of the certificate file you downloaded into the PEM Certificate field.
    4. Click Submit.
  4. Go to the Multi-Provider SSO menu on the left and select Identity Providers.
    1. Select the New button. 
      A heading appears, asking "What kind of SSO are you trying to create?"
    2. Select SAML 2 Update 1.
      A dialog appears, asking if you want to import metadata.
    3. Select Cancel to enter the data manually.
    4. The SAML 2 Update 1 Properties form is available for entry.
  5. Provide the following information to configure the Identity Provider in ServiceNow.
    1. Enter a Name to make it easy to find this configuration in the future.
    2. Select Active. Verify that no other Identity Provider is marked Active for your company. 
    3. Enter the Identity Provider URL: https://security.com
  6. Return to CA Identity Service and the Single Sign-On page.
  7. Copy the following fields to the ServiceNow SSO configuration:
    • Identity Provider's AuthnRequest
    • Identity Provider's SingleLogoutRequest
  8. In the ServiceNow administration site, configure these fields on the SAML 2 Update 1 Properties form:
    • ServiceNow Homepage
    • Entity ID/Issuer
    • Audience URI

    ServiceNow provides default values for these three fields. Replace the sub-domain "yourinstance" with the instance name you entered as your ServiceNow Instance in CA Identity Service. The ServiceNow Homepage is similar to the URL of the administrator page on ServiceNow.

  9. On the right half of the form, enter the Single Sign-On Script field. Use the Search magnifying glass to find "MultiSSO_SAML2_Update1."
  10. Click the Submit button at the top of the form.
    A list of Identity Providers appears.
  11. Select the Name of the Identity Provider you created.
    SAML2 Update Properties for your Identity Provider appear.
  12. At the bottom of the form, select the Edit button next to X.509 Certificates.
    The Edit Members page appears.
  13. From the left column, select the name of the x509 Certificate that you created earlier. Use the arrow to move the certificate name to the right column. Click Save.
    The certificate that you selected appears at the bottom of the Identity Provider Properties page. 
  14. Click the Update button at the top of the form.
    ServiceNow is configured for use with CA Identity Service.
Was this helpful?

Please log in to post comments.