Reverse Proxy for ServiceNow with Azure AD SSO

Reverse Proxy for ServiceNow with Azure AD SSO

If you don’t already have a ServiceNow instance, create one following the instructions here to integrate it with Azure AD.

For testing purposes, you can create a developer account and request an instance here.

Important

When creating the instance, select Yes for IDE.

image1.png

Configure SSO

  1. After your instance has been created, you can access the ServiceNow UI by clicking Start Building.
    image2.png
  2. Go to All > System Definition, click Plugins, and search for Multiple Provider Single Sign-On Enhanced UI.
    image3.png
  3. After you press install, click Activate.
    image4.png

    Note

    Wait for the plugin to be installed. This may take a few minutes.

  4. Click Close & Reload Form.
    image5.png
  5. Go to All > Multiple-Provider SSO > Administrator and click Properties, and then enable ACR.
    image6.png
  6. Set up Multi-factor Authentication’ in Step 2, click Save, and then go back to Properties by pressing the link in Step 4.
    image7.png
  7. Select ‘Enable multiple provider SSO’ & ‘Enable Auto importing of users from all identity providers into the user table’ then press ‘Save’
    image8.png

    Note

    After enabling SSO, you can disable ACR. Otherwise, you will be logged by AR user when the session expires.

  8. Log in to Azure AD, go to All Applications > New Application, search for ServiceNow, and then create the new app.
    image9.png
  9. Once the application is created, go to Single Sign-On, select SAML, and add your instance information.
    image11.png
  10. Click View step-by-step instructions in Step 4.
    image12.png
  11. Add your Admin credentials and click Configure Now.
    image13.png
  12. If successful, this will create an SSO entry for Azure in ServiceNow that can be seenon All > Multi-Provider SSO > Providers.
    image14.png

    If not, follow the manual configuration steps (in Step 5).

Important

The above SSO with Azure must be successful before continuing with Netskope configuration.

Configure Netskope Reverse Proxy ServiceNow

  1. Go to Settings > Security Cloud Platform > Reverse Proxy SAML and click Add Account, and enter your ACS URL (instance information), IdP SSO (URL Azure), and Azure Certificate
    image18.png

    Note

    Your Azure certificate can be found here:

    image19.png
  2. Enable Emergency Bypass while testing the connection.
    image20.png
  3. Click Netskope Settings from your new SAML – Reverse Proxy,
    image21.png
  4. Copy all the information in order to enter it in your ServiceNow instance.
    • The Organization ID is used for your ServiceNow Identity Provider URL.
    • The SAML Proxy IDP URL is used for your ServiceNow Identity Provider’s AuthnRequest.
    • The SAML Proxy ACS URL is used for your Azure AD Reply URL (Assertion Consumer Service URL).
    • The SAML Proxy Issuer Certificate is used for your ServiceNow X.509 Certificate.
  5. Go to the X.509 Certificates section in ServiceNow and click New.
    New-x509-Cert.png
  6. Copy the full content of SAML Proxy Issuer Certificate from step 4, paste it in PEM Certificate, and then click Submit.
    SAML-Proxy-Cert.png
  7. The new certificate should appear on the X.509 Certificates page.
    New-Cert.png
  8. Your settings should look like this:
  9. Test the connection. Save the new configuration by clicking Active.
  10. Disable the emergency bypass option in the Netskope UI.
    image25.png
  11. Go to the log in page, authenticate with Azure, and the URL should show the Netskope reverse proxy.
Share this Doc

Reverse Proxy for ServiceNow with Azure AD SSO

Or copy link

In this topic ...