Contents ServiceNow Platform Previous Topic Next Topic Save as PDF Save selected topic Save selected topic and subtopics >Save all topics in Contents SAML user provisioning SAML user provisioning If users exist in your IdP but are not in your instance, SAML user provisioning can automatically create the users in your instance's User [sys_user] table. SAML user provisioning is supported for SAML 2.0 Update 1 when Multi-SSO is enabled. How SAML user provisioning works When SAML user provisioning is enabled and the system encounters a new user that is not in the instance, the instance automatically creates a record in a temporary table with the name u_import_saml_user_<suffix>, where <suffix> is an automatically generated text identifier. The system also creates transform map that specifies the data relationships between the import table and the User table. Each IdP in identified in the system has its own transform map. The transform map is created once for each IdP. Administrators can update it as necessary. When the user logs in, they access an IdP to log in. The system presents a list of all IdPs that are able to use SAML user provisioning. If there is only one IdP that can use SAML user provisioning, that one is used automatically. If none of the above conditions are true, the system uses the default IdP. Administer SAML user provisioningTo update the User table with the users in your IdP, you must first set up field mapping and then enable user provisioning through Multi-SSO IdP settings.Related TasksUpdate existing SAML 2.0 integrationRelated ConceptsSAML conceptsIntegrating SAML 2.0 with other featuresMigrating an existing SAML 1.1 integration to SAML 2.0Clone an instance with a SAML integrationSAML 2.0 troubleshootingRelated ReferenceSAML 2.0 Single Sign-On - Update 1Related TopicsSAML setup Last updated on 163 Products > Now Platform > Platform Security; Versions > Geneva Previous Topic Next Topic Save as PDF Save selected topic Save selected topic and subtopics >Save all topics in Contents Send Feedback Share On this page
SAML user provisioning If users exist in your IdP but are not in your instance, SAML user provisioning can automatically create the users in your instance's User [sys_user] table. SAML user provisioning is supported for SAML 2.0 Update 1 when Multi-SSO is enabled. How SAML user provisioning works When SAML user provisioning is enabled and the system encounters a new user that is not in the instance, the instance automatically creates a record in a temporary table with the name u_import_saml_user_<suffix>, where <suffix> is an automatically generated text identifier. The system also creates transform map that specifies the data relationships between the import table and the User table. Each IdP in identified in the system has its own transform map. The transform map is created once for each IdP. Administrators can update it as necessary. When the user logs in, they access an IdP to log in. The system presents a list of all IdPs that are able to use SAML user provisioning. If there is only one IdP that can use SAML user provisioning, that one is used automatically. If none of the above conditions are true, the system uses the default IdP. Administer SAML user provisioningTo update the User table with the users in your IdP, you must first set up field mapping and then enable user provisioning through Multi-SSO IdP settings.Related TasksUpdate existing SAML 2.0 integrationRelated ConceptsSAML conceptsIntegrating SAML 2.0 with other featuresMigrating an existing SAML 1.1 integration to SAML 2.0Clone an instance with a SAML integrationSAML 2.0 troubleshootingRelated ReferenceSAML 2.0 Single Sign-On - Update 1Related TopicsSAML setup
SAML user provisioning If users exist in your IdP but are not in your instance, SAML user provisioning can automatically create the users in your instance's User [sys_user] table. SAML user provisioning is supported for SAML 2.0 Update 1 when Multi-SSO is enabled. How SAML user provisioning works When SAML user provisioning is enabled and the system encounters a new user that is not in the instance, the instance automatically creates a record in a temporary table with the name u_import_saml_user_<suffix>, where <suffix> is an automatically generated text identifier. The system also creates transform map that specifies the data relationships between the import table and the User table. Each IdP in identified in the system has its own transform map. The transform map is created once for each IdP. Administrators can update it as necessary. When the user logs in, they access an IdP to log in. The system presents a list of all IdPs that are able to use SAML user provisioning. If there is only one IdP that can use SAML user provisioning, that one is used automatically. If none of the above conditions are true, the system uses the default IdP. Administer SAML user provisioningTo update the User table with the users in your IdP, you must first set up field mapping and then enable user provisioning through Multi-SSO IdP settings.Related TasksUpdate existing SAML 2.0 integrationRelated ConceptsSAML conceptsIntegrating SAML 2.0 with other featuresMigrating an existing SAML 1.1 integration to SAML 2.0Clone an instance with a SAML integrationSAML 2.0 troubleshootingRelated ReferenceSAML 2.0 Single Sign-On - Update 1Related TopicsSAML setup
