ServiceNow UD SSO migration guide

Learn how to migrate your existing ServiceNow integration to use Universal Directory (UD).

What's new

  • Support for ServiceNow Geneva and later versions
  • User Schema Discovery support with unlimited custom attributes
  • Flexible user attribute mapping support
  • The Okta ServiceNow plugin is no longer required for provisioning

Procedures

Migrating your existing ServiceNow integration to use UD consists of the following steps:

Configure the new ServiceNow UD app

  1. In the Admin Console, go to ApplicationsApplications.

  2. Click Browse App Catalog.
  3. Search for and select ServiceNow UD, and then click Add Integration.
  4. In General Settings, enter the Base URL for your ServiceNow instance.
  5. Optional. If using SWA, enter the SWA Base URL for your ServiceNow instance.
  6. Click Next.
  7. Under Sign-On Options, select the same sign on method as your existing ServiceNow app (SWA or SAML).
    • For SAML apps, click View Setup Instructions and follow the directions. One step has you install the Multi-provider SSO plugin in ServiceNow. This enables you to test using both the existing and new ServiceNow apps to avoid any access issues.
    • For SWA apps, more actions are needed for end users to migrate the username and password based on the SWA type. Select either User sets username and password, or Administrator sets username, user sets password. See End-user instructions for SWA apps.
  8. Make sure to select or add the same Application Username Format from the existing ServiceNow app.
  9. Check for any custom mappings present under the Profile Editor for the old ServiceNow app and copy them over to the new app.

    Default mappings use a different syntax in the new UD version of ServiceNow. To ensure that your mappings remain the same, copy the old mappings to the new app aside from manager. Manager should remain the default mapping for the new app.

Have a test user assigned to the new app and check the sign-in task before proceeding to the migration step.

End-user instructions for SWA apps

Which directions end users must follow when they migrate to the new app is determined by which SWA option you chose on the Sign On tab of the app.

If you chose User sets username and password, then the user must migrate both their username and password to the new app by performing the following steps:

  1. Sign in to the Okta End-User Dashboard.
  2. Go to the old ServiceNow app.
  3. Click the gear icon on the top right to open the ServiceNow Settings dialog.
  4. Click Reveal Password and copy the password.
  5. Click Update Credentials and copy the Username value.
  6. Go to the new ServiceNow app.
  7. Click the gear icon on the top right to open the ServiceNow Settings dialog.
  8. Click Update Credentials.
  9. Enter the copied Username and Password, and then click Save.

If you chose Administrator sets username, user sets password, then the user only migrates their password to the new app by performing the following steps:

  1. Sign in to the Okta End-User Dashboard.
  2. Go to the older adults ServiceNow app.
  3. Click the gear icon on the top right to open the ServiceNow Settings dialog.
  4. Click Reveal Password and copy the password.
  5. Go to the new ServiceNow app.
  6. Click the gear icon on the top right to open the ServiceNow Settings dialog.
  7. Click Update Credentials.
  8. Enter the copied Password, and then click Save.

Migrate users to the new ServiceNow UD app

The ServiceNow app can be assigned to users either by Group App Assignment or Individual App Assignment. The following steps use both methods to migrate all users from the original ServiceNow app to the new instance.

  1. List all the groups assigned from your old ServiceNow app by clicking Groups under the Assignments tab.
  2. Assign the new ServiceNow UD app to the groups.
  3. List all the users assigned individually from your old ServiceNow app by clicking People in the Assignments tab.
  4. Assign the new ServiceNow UD app to these users.
  5. End users are now assigned both the old and new ServiceNow apps.
  6. Send out communications to end users based on the selected SWA type.

Check for errors

  • Check the Okta System Logs for any errors.
  • Check your Okta Dashboard for any errors.
  • Sign in using the new ServiceNow UD app and check user access.
  • You can use app access and unassignment reports to more easily compare the assignments between the old and new ServiceNow apps. See Application Access report and Recent Unassignments report.

Hide or deactivate the old ServiceNow app

  1. Open the old ServiceNow app and go to the General tab.
  2. Click Edit in the App Settings section.
  3. Select Do not display application icon to users.
  4. If the app is set up for mobile access, select Do not display application icon in the okta mobile app.
  5. Click Save. The old ServiceNow app is now hidden to end users.

To deactivate the old ServiceNow app:

  1. Open the old ServiceNow app and go to the General tab.
  2. Click Active, and then select Deactivate.
  3. Click Deactivate Application.

The old ServiceNow app is now deactivated and removed for end users.

Consider hiding the app for a time period (1-2 weeks) and have users test with the new app before deactivating the old ServiceNow app.