Using OIDC as an SSO with Google as the Identity Provider (IdP)SummaryThis article shows a fairly simple example setup demonstrating how to use Google as an Identity Provider (IdP) for Single Sign-On (SSO) using OIDC.ReleaseParis release new newer (OIDC support is not present before the Paris release)InstructionsRead through the main documentation open as a reference before going through these steps: https://docs.servicenow.com/csh?topicname=OIDC-SSO-overview.html&version=latest https://docs.servicenow.com/csh?topicname=create-OIDC-configuration-SSO.html&version=latest To setup Google as an IdP for SSO using OIDC: Multi-Provider SSO->Identity Providers->New. Choose Open-ID ConnectThe Import Open ID Well-Known Configuration dialog will pop upAt this point open a new tab (leave the dialog open) and follow the instructions under the heading Create Authorization Credentials of the Google Sign-In For Websites documentation: https://developers.google.com/identity/sign-in/web/sign-in#create_authorization_credentialsNote: Add https://INSTANCENAME.service-now.com and https://INSTANCENAME.service-now.com/navpage.do under Authorised Forwarding URI'sCopy the Client ID and Client Secret back from the Google API setup page into the Import Open ID Well-Known Configuration dialogCopy the well-known URL https://accounts.google.com/.well-known/openid-configuration (refer: https://developers.google.com/identity/protocols/oauth2/openid-connect) into the Well Known Configuration URL fieldSet the Name field to something that makes sense (suggested: whatever you named the OAuth 2.0-Client-ID to in the Google API interface. Then click ImportOptional user provisioning: On the OIDC Identity Provider record created enable User Provisioning->Automatically provision and User Provisioning->Update user. Enable Provision Using: User Info and User Info Datasource: Google User Info Example. Set a role for the provisioned users to be granted (e.g. itil)Enable 'Show as Login Option' and set a label (e.g. 'Login using your Google Account'). You can also set a logo image URL hereMulti-Provider SSO->Properties->Enable Multi-Provider SSO You should now be able to login by going to https://INSTANCENAME.service-now.com/login.do and see an option to login with Google (Login with Google Test in this example): Once you login you should see it provision a new user with your Google account (assuming you enabled Automatic user provisioning): Related LinksSingle Logout For single logout functionality (where clicking 'Logout' in the ServiceNow instance UI also ends the user's session at the IdP level) you will need to configure the IdP's logout endpoint URL in the 'End Session Endpoint URL' field on the OIDC Entity record:https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/task/add-OIDC-entity.html Troubleshooting Importing OIDC Well Known Configuration Failed. The OIDC Metadata URL specified is already configured in another OIDC provider If you get this error on the Import Open ID Well-Known Configuration dialog it means there is already an OIDC Provider Configurations record with the same Well Known URL. First delete any existing Multi-Provider SSO->Identity Providers records that use the problem OIDC Provider Configurations record (check under the OIDC Provider Configurations tab on those records). Then type oidc_provider_configuration.list into the Navigation pane and delete the problem OIDC Provider Configurations record.