Multiple provider single sign-on The multiple provider single sign-on (multi-SSO) feature allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication. The integration supports any combination of local and external authentication methods on a single instance: SAML 2.0 Digest Authentication LDAP Local database authentication For example, a globally dispersed corporation might require one SSO provider for their employees, a different one for their vendors, and local database authentication for their administrators. Alternatively, a company might implement SAML 2.0 and a digest token authentication solutions on the same instance. Changes to SAML 2.0 and digest token configuration Multiple provider single sign-on allows administrators to configure SAML 2.0 Update 1 and digest token as authentication methods. Multiple provider single sign-on should be activated before you configure your SAML 2.0 Update 1 and digest token properties. After you activate multi-provider SSO, you must then set it up. After setting up multi-provider SSO, you can create or update the SAML 2.0 Update 1 and digest token configurations. You can use either or both authentication solutions with multi-provider SSO. Note: The Integration - Multiple Provider Single Sign-On Installer plugin removes the SAML application from the navigator. The necessary SAML settings are migrated to the Multi-Provider SSO application into the SAML2 Migrated table. You can still modify items like the x509 certificate, IdP details, and so on through the Multi-Provider SSO application. Use E-Signature with Multi-Provider SSO When approval with e-signature is active, approving a request, like a change or a service catalog order, usually requires the approver to enter their credentials. After you configure multi-provider SSO, approvers enter their IdP login credentials instead. When Multi-Provider SSO is enabled, make sure to configure the Identity Provider form and add the Assertion Consumer URL for eSignature authentication field. In most cases, this URL will be: https://YOURINSTANCE.service-now.com/consumer.do. However, if you employ a customized method of handling the SAML authentication for eSignature, you can set up your own consumer URL. If you are only using SAML 2.0 Update 1 and not using Multi-Provider Single Sign-on, configure the assertion consumer URL with E-signature SAML properties. Local database authentication with Multi-Provider SSO If you still want to use local database authentication when Multi-SSO is active, you must set the glide.authentication.external.disable_local_login property to false. See Redirection Properties. Installed with multi-provider SSOThe following items are installed with the Integration - Multiple Provider Single Sign-On Installer plugin.Activate multiple provider single sign-onThis integration requires the Integration - Multiple Provider Single Sign-On Installer plugin.Set up multi-provider SSOYou must perform several steps to set up Multi-SSO, including configuring properties, creating identity providers (IdPs), and configuring users to use Multi-SSO.Changes to SAML 2.0 and digest token configurationMultiple provider single sign-on allows administrators to configure SAML 2.0 Update 1 and digest token as authentication methods.