Upgrade instructions for the New York and later Multi-SSO plugin In New York (NY) and later releases, we are upgrading the Multi-SSO plugin to use the latest version of the OpenSAML library and deprecating the older version of the plugin(MultiSSO v1). The latest plugin will enhance security and has more features like Assertion encryption support, IDP-initiated Single Logout (SLO) etc. The existing resources like Script Includes, Installation Exits etc. will also be updated during this upgrade. If you are upgrading to the NY release and have done any customizations to these resources, these instructions will guide your upgrade to the updated Multi-SSO plugin. The resources are listed in Annexure A at the end of this article. Target Audience Any customer who upgrades to NY or later release, but Multi-SSO has not been upgraded to the latest version of Multi-SSO plugin (MultiSSO v2). Plugin Name - Integration - Multiple Provider Single Sign-On Installer (com.snc.integration.sso.multi.installer) To verify if you need to upgrade the plugin: Navigate to All Properties (sys_properties.list).Search for the Property by name – 'glide.authenticate.multissov2_feature.enabled'. If this property is not found in the instance or the property value is set to false, then it effectively means that you have not upgraded the Multi-SSO plugin to the latest version and you need to upgrade it. Upgrade Path for the Multi-SSO plugin After the instance upgrade is complete, please follow the below instructions before starting the MultiSSO plugin upgrade: If you have NOT made any changes to the Multi-SSO or E-signature Plugin-related files (e.g. script includes, installation exits etc), then go directly to the section - Steps to Upgrade the Multi-SSO plugin.Note: If there are any PRB fixes done by ServiceNow, those will be taken care of automatically during the upgrade.How to check for changes: Go to the Filter Navigator and search for "Multi-Provider SSO"Navigate to "Administration" -> "Installation Exits".Click on the Update Personalized List (GEAR ICON) and add "Updated by" to the selected list.If you only see Admin or maint under the Updated By column, then there are no customizations in Installation Exits.Navigate to "Administration" -> "Single Sign-On Scripts".Add the "Updated By" to the selected list similar to Step c.If you only see Admin or maint under the Updated By column, then there are no customizations in Single Sign-On Scripts.You are good to go if there are no customizations in Installation Exits and Single Sign-On Scripts. Please proceed to Steps to Upgrade the Multi-SSO plugin. If you have made any changes or customizations to either the Multi-SSO or E-signature plugin-related files, then refer to the NY release notes (KB0778203 - Customization support of MultiSSOv2) for Out of the Box available customization samples and check if you have done similar customizations. Migrate all the customization-related changes into the latest version of Installation exits and SSO scripts as specified in the KB article. After you apply these changes, go to Steps to Upgrade the Multi-SSO plugin. If you are facing any issues with customizations, contact the ServiceNow support team for assistance. Steps to Upgrade the Multi-SSO plugin Step 1: Disable the Multiple Provider SSO Property on the Multiple Provider SSO Properties page. Navigate to All properties (sys_properties.list) Search the property with the name glide.authenticate.multisso.enabled and Update the value as false and stay on the properties page. Step 2: Search for MultiSSO v2 Property (glide.authenticate.multissov2_feature.enabled). If this system property glide.authenticate.multissov2_feature.enabled is not present in the instance, create the property with the following details. If the property is already present, then enable the property and stay on the properties page. Name – glide.authenticate.multissov2_feature.enabledType – true | falseValue – true Step 3: Re-Enable the Multiple Provider SSO Property. Navigate to All properties (sys_properties.list) Search the property with the name glide.authenticate.multisso.enabled and Update the value as true. Step 4: Test the SSO Login in the Incognito browser window to test the IDP Configuration. If the login is successful, then your instance is upgraded successfully. If the login fails, then check the steps below. Step 5: Test the Connection to verify the IDP Configuration. Enter the IDP user login credentials in the Test Connection popup. Step 6: If Test Connection is successful, then save the Identity Provider form. You have successfully upgraded to MultiSSO v2. If the Test Connection still fails, then check the Troubleshooting section below. A successful test connection means the IDP configuration in ServiceNow is able to successfully connect with the given IDP and both Login and Logout operations are working properly. Please note that you cannot activate the IdP configuration until you have a successful test connection. If the test fails, you can update to save your configuration information, but you cannot activate this configuration.The Successful Test Output should look like the screenshot given below : Note - This disabling and re-enabling step is performed to automatically correct the status of MultiSSO Installation Exits (IEs) according to the current version of the MultiSSO. Troubleshooting Please follow the below steps to verify the IDP configuration. Verify the Multi-SSO Installation Exits status: Once the Multi-SSO plugin is re-enabled, the new Installation Exits will be active.Navigate to Multi-Provider SSO -> Administration -> Installation Exits.Your instance should reflect the MultiSSO Installation Exits status similar to the one given below: Verify the Single Sign-On Script Name: Navigate to Multi-Provider SSO -> Identity Providers.Verify that the script name corresponding to Single Sign-On Column for all your SAML Identity Provider configurations record is 'MultiSSOv2_SAML2_custom' similar to the below screenshot. If the instance has a different configuration, then please contact ServiceNow customer support indicating the above issue. If Test Connection is not successful and the SSO Logins are failing, then contact ServiceNow Customer Support. Annexure A List of Installation Exits that can be checked for customization: MultiSSOMultiSSOLogout List of Script Includes that can be checked for customization: MultiSSO_ClientHelperMultiSSO_ClientHelperUIMultiSSO_SAML2_Update1MultiSSO_SAML2_UserProvisioningMultiSSO_SAMLMetaDataHelperSSO_HelperSAML2_update1ESignatureUtilsSAML2_update1_esig The world works with ServiceNow.