Use Facebook-based Single Sign-On (SSO)
- UpdatedAug 1, 2024
- 4 minutes to read
- Xanadu
- Platform Security
Log in to your ServiceNow instance by using your Facebook credentials on the Facebook-based SSO.
Before you begin
The Facebook-based SSO is shipped along with your ServiceNow instance.
You can define the Identity Provider (Idp) configurations to the OIDC_Facebook IdP as your Identity Providers. For more information about Idp configurations, see Configure a Facebook-based Single Sign-On (SSO).
Role required: admin
Procedure
- Navigate to All > Multi-Provider SSO > Identity Providers.
- Select OIDC_Facebook.
-
On the OIDC_Facebook page, specify the following fields:
Note:
- Most of the fields are auto-populated when using the default IdP.
- Details of the ServiceNow Homepage must be provided.
- User-related details such as Client ID and Client Secret from Facebook must be provided within the IdP.
Table 1. OIDC_Facebook Identity Provider Details Field Description Name Name of the OIDC IdP record. Enter OIDC_Facebook. Default Option to set the OIDC IdP configuration as default. OIDC Entity Profile OAuth Entity Profile for the OIDC configuration. Enter Facebook default_profile. External logout redirect The URL where the integration redirects users after they log out. Typically, this URL is the portal that is used for SSO. This field is automatically set to external_logout_complete.do. For example, https://<yourinstance>.service-now.com/external_logout_complete.do. Active Option to make the OIDC IdP configuration active. Note: This option can only be set to active after a successful test connection.Auto Redirect IdP Option to enable automatic redirection of the users to the login page of the identity provider. ServiceNow Homepage The URL of the login page that is used for authentication. This field is automatically set to your instance URL. The format of the URL is https://<yourinstance>.service-now.com/navpage.do Show as Login option Option to display the OIDC IdP as a login option on the login page. In this case, the login option appears as the Login with Facebook button. SSO Label Label of the OIDC IdP displayed on the login page. This field appears only when Show as Login option is enabled. Logo URL Publicly available URL that contains the logo of the OIDC IdP provider. This field appears only when Show as Login option is enabled. - (Optional)
Open the User Provisioning tab, and fill in the fields.
Note: You must configure the OIDC-related information such as Client ID and Client Secret of your users from Facebook.
Table 2. User Provisioning tab Field Description Automatically provision users Option to enable automatic user provisioning. This property creates a user in the instance User [sys_user] table when the user exists on the IdP but doesn’t exist in the User table. Note: You can choose to enable automatic user provisioning during user login. When automatic user provisioning is enabled, a user record is automatically created in the ServiceNow instance if that user record doesn’t exist.Provision using The data source to use to transform to a ServiceNow user. Choices are as follows: - An ID Token
- User Info endpoint
- Both ID Token and User Info
Use the Lookup list to select the pre-defined data source template, then open the record to configure the Transforms table mapping.
Provision data source The ID token data source that is used for user provisioning. User Info Datasource The user info endpoint data source used for user provisioning. This field appears only when User Info or Both ID Token and User Info is selected from the Provision using field. Update User on next login Option to enable user updates during the next login. Update User Interval Time (Seconds) Minimum time interval (in seconds) to update a user record between subsequent logins. This field is automatically set to 3600 seconds. For example, after a user logs in, the user record will be updated after 3,600 seconds until the next login. This field is available only when the Update User on next login field is enabled. User roles applied to provisioned users List of roles applied to the newly provisioned users. -
In the OIDC Entity tab, view and modify the OIDC client configuration and OIDC connect flow using the entity record.
For more information related to OIDC-based configuration, see Configure an OAuth OIDC provider for accepting third-party token
- In the OIDC Provider Configuration tab, view and modify the well-know configuration URL of the OIDC IdP.
- (Optional)
Open the Advanced tab, and fill in the fields.
Table 3. Advanced tab Property Description Single Sign-On Script The script that executes during Single Sign-On. Logout Script The script that executes after the user logs out. Note: Scripts are run during single sign-on and logout. - To enable and test the configuration, click Active.
-
To update the record, click Update.
The Facebook-based login option is displayed on the login form.
-
When logging in on the login form, do the following:
- Select the Facebook option.
- To log in to the ServiceNow instance, specify your Facebook credentials.