Using OIDC as an SSO with OKTA as the Identity Provider (IdP)


Description

This article shows a fairly simple example setup demonstrating how to use OKTA as an Identity Provider (IdP) for Single Sign-On (SSO) using OIDC.

Release or Environment

Paris and above

Instructions

Read through the main documentation open as a reference before going through these steps:

https://docs.servicenow.com/csh?topicname=create-OIDC-configuration-SSO.html&version=latest

To setup OkTA as an IdP for SSO using OIDC:

OKTA Setup : 

1. OKTA developer --> create free account
Create free developer account :
https://developer.okta.com/signup/
Login
2. https://dev-xxxxx-admin.okta.com/admin/dashboard
Make sure you are in the Classic UI
Add Application 
Creata New App
Platform : Web
Sign On Method : Open ID Connect




Now on the Servicenow instance : 



Your https://instancename.service-now.com/login.do


User Provisioning

Once you login you should see it provision a new user assuming your useraccount is in OKTA.


Additional Information

Importing OIDC Well Known Configuration Failed. The OIDC Metadata URL specified is already configured in another OIDC provider

If you get this error on the Import Open ID Well-Known Configuration dialog it means there is already an OIDC Provider Configurations record with the same Well Known URL. First delete any existing Multi-Provider SSO->Identity Providers records that use the problem OIDC Provider Configurations record (check under the OIDC Provider Configurations tab on those records). Then type oidc_provider_configuration.list into the Navigation pane and delete the problem OIDC Provider Configurations record.