ServiceNow UD SSO migration guide

Learn how to migrate your existing ServiceNow integration to use Universal Directory (UD).

What's new

  • Support for ServiceNow Geneva and later versions
  • User Schema Discovery support with unlimited custom attributes
  • Flexible user attribute mapping support
  • The Okta ServiceNow plugin is no longer required for provisioning

Procedures

Migrating your existing ServiceNow integration to use UD consists of the following steps:

Step 1: Configure the new ServiceNow UD app

  1. In Okta, go to Applications > Add Application:

    snow_migrate1

  2. Search for the ServiceNow UD app, then click Add:

    snow_migrate2

  3. Under General Settings, enter the Base URL for your ServiceNow UD app (you can get this value from your existing ServiceNow app), then click Next:

    snow_migrate3

  4. Under Sign-On Options, select the same SIGN ON METHOD as your existing ServiceNow app (SWA or SAML):

    • For SAML: Click View Setup Instructions for SAML Sign On Method. After you set up SAML, come back and complete Steps 2,3, and 4.

      Note: Set it up using the Multi-Provider SSO plugin so you can test with both the old and new ServiceNow apps to avoid any access issues.

    • For SWA: Additional actions are needed for end users to migrate the username and password based on the SWA type. Select either User sets username and password, or Administrator sets username, user sets password.

      SWA Setting - User sets username and password

      The end user must migrate both the username and password from the old app to the new app.

      snow_migrate4

      End-user instructions for migrating username and password

      1. Sign in to the Okta End-User Dashboard.
      2. Go to the old ServiceNow app.
      3. Click the gear button on the top right to open the old ServiceNow app Settings dialog.
      4. snow_migrate5

      5. Click Reveal Password to get the password and make a copy of it.
      6. snow_migrate6

      7. Click Update Credentials and copy the Username value.
      8. snow_migrate7

      9. Go to the new ServiceNow app.

      10. Click the gear button on the top right to open the new ServiceNow app Settings dialog.

      11. Click Update Credentials.

      12. Enter the copied Username and Password, then click Save.

      SWA Setting - Administrator sets username, user sets password

      The end user migrates only the password from the old app to the new app.

      snow_migrate8

      End-user instructions for migrating password

      1. Sign in to the Okta End-User Dashboard.

      2. Go to the old ServiceNow app.

      3. Click the gear button on the top right to open the old ServiceNow app Settings dialog.

      4. snow_migrate9

      5. Click Reveal Password to get the password and make a copy of it.

      6. snow_migrate10

      7. Go to the new ServiceNow app.

      8. Click the gear button on the top right to open the new ServiceNow app Settings dialog.

      9. Click Update Credentials.

      10. Enter the copied Password, then click Save.

  5. Make sure to select or add the same Application Username Format from the existing ServiceNow app.

    snow_migrate11

  6. Check for any custom mappings present under the Profile Editor for the old ServiceNow app and copy them over to the new app.

    Default mappings use a different syntax in the new UD version of ServiceNow. To ensure your mappings remain the same you can copy all of the old mappings to the new app aside from manager. Manager should remain the default mapping for the new app.

The setup for the new ServiceNow app is now complete.

Important: Have a test user assigned to the new app and check the sign-n task before proceeding to the migration step.

Step 2: Migrate users to the new ServiceNow UD app

The ServiceNow app can be assigned to users either by Group App Assignment or Individual App Assignment. First, you have to find the groups or users assigned to the existing app to migrate to the new SerivceNow UD App.

  1. List all the groups assigned from your old ServiceNow app by clicking Groups under the Assignments tab:

    snow_migrate12

  2. Assign the new ServiceNow UD app to the groups.

  3. List all the users assigned individually from your old ServiceNow app by clicking the People under the Assignments tab:

    snow_migrate13

  4. Assign the new ServiceNow UD app to these users.

  5. The end users will have two ServiceNow apps.

  6. Send out communications to end users based on the selected SWA type.

Step 3: Check for errors

  • Check the Okta System Logs for any errors.

  • Check your Okta Dashboard for any errors.

  • Sign in via the new ServiceNow UD app and check user access.

  • If your org has Application Access and Unassignment Reports, it will be easier to compare the assignments between the old and new ServiceNow applications. See Application Access Audit.

Step 4: Hide or deactivate the old ServiceNow app

  1. Go to the old ServiceNow app > General.

  2. Select the Do not display application icon to users checkbox.

  3. If the app is set up for mobile access, then also select the Do not display application icon in the okta mobile app checkbox.

  4. Click Save. The old ServiceNow app is now hidden to end users.

    snow_migrate14

To deactivate the old ServiceNow app:

  1. Go to the old ServiceNow app > General.

  2. Click Active, then select Deactivate and follow the instructions.

    snow_migrate15

The old ServiceNow app is now deactivated and removed for end users.

Consider hiding the app for a time period (1-2 weeks) and have users test with the new app before deactivating the old ServiceNow app.