Setting up Okta Single Sign On on ServiceNow instancesSummarySetting up Okta Single Sign On on ServiceNow instance . This article explains how to set up for SSO with Okta on ServiceNow instance . Please note the purpose of this KB is outline the setup process . ServiceNow does not recommend any IDP in general and instructions for setting up configuration on the IDP ( okta in this case) end might change based on any upgrades made by the Identity Provider .ReleaseOn the OKTA end Sign up for Okta developer account at: https://developer.okta.com/signup/ Once you login switch to Classic UI ( Developer Console -> Classic UI ) Login and Go to admin dashboardhttps://<okta_account>-admin.okta.com/admin/dashboard Add Application->ServiceNow UD Configure the settings General -> Base URL -> https://<instancename>.service-now.com Sign On -> SAML 2.0 (rest all defaults)Save the configuration, which should look similar to this screenshot.Click on 'Identity Provider metadata' and save the URLClick on Directory -> People and create a new user. Configure UserName and PasswordClick on the Service Now app that was created -> assignment -> assign -> assign to people and assign it to the user created in step 8 On the ServiceNow end Active the multi SSO plugin:' Integration - Multiple Provider Single Sign-On Installer' Multi Provider SSO -> PropertiesEnable multiple provider SSOEnable debug logging for the multiple provider SSO integration Create a new user to match the user details created on the Okta end (i.e make sure you a sys_user record in Servicenow with the email you mentioned for the Okta User )Identity Providers -> New -> SAML -> Import Identity Provider MetadataIF using your own certificate and signed logout URL is required upload the Certificate on both Okta and the ServerNow side accordingly. Okta in the setup and ServiceNow in the sys_certificate table. Then Click ‘Enable Single Logout’ (on OKTA end) If signed logout URL is required and you desire to use the OOB Certificate options. Click ‘Enable Single Logout’ (on OKTA end) and see KB0994948 for the two currently valid SHA256 certificates. In the KB follow steps 1 - 5 to have the correct certificate pointed to in the properties.On the Identity Provider Record -> check mark Sign LogoutRequest Enter the following as the Signing Key Alias and Signing Key Password: saml2spNext on the ServiceNow side click "Generate Metadata". It should take you to a new screen where you will pull out the x509 crt for importing into the Okta side.Once copied out bring it to a notepad and save it like the following:-----BEGIN CERTIFICATE-----MIIDoTCCAomgAwIBAgIERs1yFjANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMxCzAJBgNV========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================W7GRabHJ8Zv5k/9f45/9F8l/9+v8g+OaqEdQuAdymHbeFQ732vd/4MuJWHylQGcyQz7ytJUqr7j4epX6Li/sQdXGaLxLM+rEKFMY7uB/-----END CERTIFICATE-----Next you need to take this new .crt file and upload it into Okta Here:If it looks different thats okay as long as there is an "upload certificate" in the advanced options and it lets you upload the certificateThen check the Enable Single LogoutIf you run into an invalid certificate error then please engage Okta Support to ensure they are accepting the ServiceNow OOB certificate properly. Click on 'Test Connection' and active the record once the test connection is successful