ServiceNow External single sign-on (SSO)

External SSO allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication.

The integration supports any combination of local and external authentication methods on a single instance:

  •  LDAP
  • SAML 2.0
  • Digest Authentication
  • Local database authentication

For example, a globally dispersed corporation might require one SSO provider for their employees, a different one for their vendors, and local database authentication for their administrators. Alternatively, a company might implement SAML 2.0 and a digest token authentication solutions on the same instance. Learn more skills from Servicenow Certification

Single sign-on, logins, and URL redirects:

Service Portal uses a combination of system properties and script includes determining how the system handles URL redirects for users logging in to the portal.

Only users who understand SSO, URL redirects, and the ServiceNow platform should make any changes.

Single sign-on and Service Portal

To use single sign-on with Service Portal, you must enable the Integration - Multiple Provider Single Sign-On Installer plugin (com.snc.integration.sso.multi.installer).

If you are using the system property to automatically redirect to your primary IdP, then Service Portal automatically redirects to that IdP. If you have multiple identity providers, Service Portal shows a link on the login page to Use external login

Require authentication for a Service Portal page

If you want to require authentication for a Service Portal page, ensure that the Public flag on the page record is not selected. If a user navigates to a non-public page, they are redirected to the login page for the requested portal.

Because every page request is routed through the $sp page, this page must be public. The following values in the Public Pages sys_public table define the page as public:

Configure the Service Portal login page

Administrators can configure a login page URL redirect for a portal.

  1. Add a system property with the following settings:
  • Name:
  • Type: string
  • Value:
new SPEntryPage().getLoginURL()

2.   To customize the actual entry page, from the Script Includes table, search for SPEntryPage.

Note: If you make changes to the script include, it won't be upgraded with future updates.

3.   Edit the script on the SPEntryPage to change the assigned portal to the portal_suffix you want. SPEntryPage uses /sp/ as the portal path to redirect to. Enter your own portal_suffix in place of sp.

Configure page security by role

Set up pages to be public or filter them by role.

Before you begin

Role required: admin or sp_admin

About this task

Public pages won't require a user login; anyone can access them. All other options require user authentication.


1.   In the Service Portal configuration page (Service Portal > Service Portal Configuration), open the Page Editor.

2.   In the Select Page list, search for the page to apply page security to.

3.   Select the highest level node in the tree view.

4.   Configure page security.

  • To make a page public, select the Public check box. All users can access pages marked as Public.
  • To limit access to a certain role, add roles in a comma separated list. Users without the role listed can see links to the page if they appear in the portal. Trying to open the page results in a "page not found" error.

Note: If you select Public and add a list of roles, the page is still accessible by any user.

  • To create a draft page that only administrators can see while the page is still in development, select Draft. Users must have the admin role to see any pages in draft. Everyone else sees a "page not found" error.

5.   Click Save.