ServiceNow Single Sign-On (SSO) using Shopify Store as Identity Provider

Pre-requisite : Store as IDP - SSO Login Application

To configure SSO into ServiceNow Application with Shopify as IDP, you will need to install the miniOrange Store as IDP- SSO Login Application on your store

Follow the Step-by-Step Guide given below for configuring SSO into ServiceNow Application using Shopify Store as IDP

1. Configure Shopify store as IdP (Identity Provider)

• Go to your shopify store, click on Apps tab and select Store as IDP-SSO login application.

• Click on the Setup Application button in the left navigation bar.

• From the left navigation bar select Apps and click on Add Application button.

• Go to SAML tab and search for Custom SAML and select Custom SAML Application.

• In the Add Application Section and Add Policy Section, enter the values by refering the below table.



Custom Application Name	Choose appropriate App name
SP Entity ID or Issuer	https://[yourdomain].service-now.com
ACS URL	https://[yourdomain].service-now.com/navpage.do
Single Logout URL	https://[yourdomain].service-now.com/external_logout_complete.do
Name ID	E-Mail Address
Name ID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Group Name	DEFAULT
Policy Name	ServiceNow
Login Method	Password

• Click on the Save button to save your configuration.
• Now navigate to Select option and choose Metadata tab.

• Now copy the Metadata URL under INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS section. This will be used in furthur steps.

You have successfully completed Shopify side configurations.

2. Configure SAML in ServiceNow

• Login to ServiceNow as the system administrator.
• Activate the Integration - Multiple Provider Single Sign-On Installer plugin by doing the following:
  • Search for plugins in the Filter navigator (top left input field).
  • Search for Integration - Multiple Provider Single Sign-On Installer from the search bar at the top of the Plugins page:
  • Right-click on the correct plugin, then select Activate/Upgrade:
  
  
  
  • This completes the installation of the Multiple Provider Single Sign-On plugin, allowing you to now configure Single Sign-On settings within ServiceNow.
• Search for Multi-Provider SSO in the Filter navigator (top left input field). Select Identity Providers.
• Click the SAML2 Update1 > Name. Select Configure > Form Design from the Additional actions menu.



• The new Form Design tab should appear. Set the Sign LogoutRequest field after Sign AuthnRequest.
• Click Save (top right). Close the Form Design tab.

3. Configure Shopify in ServiceNow

• Go back to the Identity providers menu. Click New.



• Select the SAML2 Update1 option.



• An Import Identity Provider Metadata pop-up dialogue appears.
• Enter the Metadata URL you have copied from Step 2. Click on Import butto.



• Check Active. Check Default (if you want this SAML configuration to be the default).
• In the user field, specify the ServiceNow user attributes that you will be matching against miniOrange with SAML. By default, this is user_name, but can be configured to match other attributes such as email, depending on your use-case.
• Enter the following Identity Provider's SingleLogoutRequest URL: Sign into the miniOrange Admin Dashboard to generate this variable.
• Change the Protocol Binding for the IDP's SingleLogoutRequest to the following: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
• Check Create AuthnContextClass.
• Signing/Encryption Key Alias: Enter the alias name you created for the SAML 2.0 Keystore. By default, the integration looks for the alias saml2sp.
• Signing/Encryption Key Password: Enter the password to your SAML 2.0 Keystore. By default, the password is the same as the default alias name.
• Check Force AuthnRequest if you want to enable Force AuthnRequest.
• Check Sign LogoutRequest and Uncheck Auto Provisioning User.
• Uncheck Update User Record Upon Each Login. Your settings should look like this:
  
• Click Update. Click Generate Metadata: The new metadata tab appears.
• Save the X509Certificate value.



• Create a file in a text editor in the following format:

      -----BEGIN CERTIFICATE-----
          [your X509Certificate value]
          -----END CERTIFICATE-----
         

• Save the text file as servicenow_slo.cert: and close the metadata tab.
• Select Properties under Administration from the Multi-Provider SSO sidebar on the left.
• Check Enable multiple provider SSO.
• Uncheck Enable Auto Importing of users from all identity providers into the user table. Click Save.

You have successfully completed ServiceNow side configurations.

4. Testing SSO for ServiceNow

• Go to your ServiceNow Application login page.
• Click on the login button you customized earlier. You’ll be redirected to the login page of the Shopify store.

• Enter your Shopify Store login credential and click on Login. You will be automatically logged in to your ServiceNow Application account.

You have successfully configured Shopify as Identity Provider for your ServiceNow Application application.