As part of your SSO configuration, you can generate the instance SP metadata to provide to the IdP.

Before you begin

Role required: admin

About this task

The IdP needs the instance SP metadata to authenticate and forward requests.

Procedure

  1. Choose your installed SSO plugin:
    OptionDescription
    Multi-Provider SSO Navigate to Multi-Provider SSO > Identity Providers. Choose an IdP and click the Generate Metadata button. The integration automatically generates the instance's SP metadata from the system property settings.
    SAML 2 SSO Navigate to SAML 2 Single Sign-on > Metadata. The integration automatically generates the instance's SP metadata from the system property settings.
  2. Copy the SP metadata in the text box.

    For example:

    <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://yourinstance.service-now.com">
     	<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    		<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://yourinstance.service-now.com/navpage.do" />
    		<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
    		<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yourinstance.service-now.com/navpage.do" />
    		<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yourinstance.service-now.com/consumer.do"/>
    	</SPSSODescriptor>
    </EntityDescriptor>
  3. Provide the instance SP metadata to the IdP.
    For example, SSOCircle allows a user to provide the SP metadata online.