Use Multi-Provider SSO to set up an SSO approval for a SAML 2.0 authentication

An SSO approval with e-signature requires configuration on the SAML IdP and the ServiceNow instance.

About this task

The SAML IdP must support and honor the forceAuthn attribute in SAML assertion requests. E-signature does not function without this IdP setting. To set up an approval with e-signature using credentials from a SAML 2.0 authentication:

Procedure

  1. Activate or upgrade to SAML 2.0 with the Integration - Multiple Provider Single Sign-On Installer plugin.
  2. Activate the Approval with E-Signature plugin.
  3. Navigate to Multi-Provider SSO > Identity Providers and verify your 2.0 SAML IdP configuration Advanced tab shows the Force AuthnRequest attribute checked.
    Your SAML 2.0 IdP must support the Force AuthnRequest attribute, or e-signature is not supported.
  4. On the eSignature Approval tab, enter the following e-signature SAML properties:
    OptionDescription
    Assertion Consumer URL for eSignature authentication This property defaults to the appropriate URL. To configure this property, click the lock icon to make this field editable. After edits, click the icon to lock the field.
    Assertion Consumer Index for eSignature authentication

    If your Service Provider has more than one URL set for the AssertionConsumerURL, you can set the index to use for eSignature, starting with index 1 or more.

    AuthnRequest URL for eSignature Authentication You can enter the URL that points to the SAML 2.0 IdP AuthnRequest URL for eSignature authentication. If the URL is the same as the Assertion Consumer URL, you can leave this setting blank.
    Authentication Pop-up Dialog Width When a user approves a request using eSignature, a dialog opens and a user can enter credentials. This setting controls the width of that dialog box. The default is 500.
    Authentication Pop-up Dialog Height When a user approves a request using eSignature, a dialog opens and a user can enter credentials. This setting controls the height of that dialog box. The default is 300.


  5. Click the Generate Metadata button underneath the tabs to regenerate the service provider metadata. Copy this data and update it on the SAML IdP.