Using OIDC as an SSO with Google as the Identity Provider (IdP)


Description

This article shows a fairly simple example setup demonstrating how to use Google as an Identity Provider (IdP) for Single Sign-On (SSO) using OIDC.

Release or Environment

Paris release new newer (OIDC support is not present before the Paris release)

Instructions

Read through the main documentation open as a reference before going through these steps:

https://docs.servicenow.com/csh?topicname=OIDC-SSO-overview.html&version=latest

https://docs.servicenow.com/csh?topicname=create-OIDC-configuration-SSO.html&version=latest

To setup Google as an IdP for SSO using OIDC:

You should now be able to login by going to https://INSTANCENAME.service-now.com/login.do and see an option to login with Google (Login with Google Test in this example):

Once you login you should see it provision a new user with your Google account (assuming you enabled Automatic user provisioning):

Additional Information

Single Logout

For single logout functionality (where clicking 'Logout' in the ServiceNow instance UI also ends the user's session at the IdP level) you will need to configure the IdP's logout endpoint URL in the 'End Session Endpoint URL' field on the OIDC Entity record:
https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/task/add-OIDC-entity.html

Troubleshooting

Importing OIDC Well Known Configuration Failed. The OIDC Metadata URL specified is already configured in another OIDC provider

If you get this error on the Import Open ID Well-Known Configuration dialog it means there is already an OIDC Provider Configurations record with the same Well Known URL. First delete any existing Multi-Provider SSO->Identity Providers records that use the problem OIDC Provider Configurations record (check under the OIDC Provider Configurations tab on those records). Then type oidc_provider_configuration.list into the Navigation pane and delete the problem OIDC Provider Configurations record.