ServiceNow and the SameSite cookieIssue Google's Chrome 80 release will be implementing a new policy that treats unmarked cookies as SameSite=Lax after two minutes from cookie creation.Based on testing with Firefox, which has experimental support for a similar, but more immediate, behavioral change, Service-Now's SAML SP support is relying on a state cookie to be submitted along with the SAML form POST, and SSO fails when this new setting is used.After February's change, Chrome users will see occasional failures if they linger on their IdP's login pages longer than 2 minutes. The bug may become more serious in the future.In addition, setting the cookie(s) to SameSite=None is known to break older Mac and iOS Safari releases outright, as they treat that setting as SameSite=Strict. So things are difficult right now, and user agent testing or tricks involving multiple cookies to address individual browsers have been the only solutions I've seen proposed.Okta has a mention of S-N being impacted by this on their report page:https://support.okta.com/help/s/article/Testing-results-for-Chrome80-SameSite-by-default-cookie-changes You can test the current behavior by following these steps: 1- Open Dev Tools on Chrome.2- Select the Application tab.3- Open the console.4- Go to hi.servicenow.com (You can use any instance that uses SSO)5- Check the console in dev tools. It has the following messages:A cookie associated with a resource at http://adnxs.com/ was set with `SameSite=None` but without `Secure`. A future release of Chrome will only deliver cookies marked `SameSite=None` if they are also marked `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.A cookie associated with a resource at http://pubmatic.com/ was set with `SameSite=None` but without `Secure`. A future release of Chrome will only deliver cookies marked `SameSite=None` if they are also marked `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.A cookie associated with a resource at http://adnxs.com/ was set with `SameSite=None` but without `Secure`. A future release of Chrome will only deliver cookies marked `SameSite=None` if they are also marked `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.A cookie associated with a resource at http://pubmatic.com/ was set with `SameSite=None` but without `Secure`. A future release of Chrome will only deliver cookies marked `SameSite=None` if they are also marked `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.ResolutionServiceNow is currently addressing this issue through PRB1379917 - " Chrome 'same site cookie' security in Chrome 80" There is no release target or ETA yet, but development and product management aware that google is going to add this feature in Chrome 80 in February. They are working on providing a fix.Add PRB1379917 to your case.