The web blog http://www.learnsccd.com strives to be a comprehensive guide to SCCD, TADDM, SERVICE NOW and MAXIMO tools. This is a personal site maintained solely by me. I intend to update it regularly.For live updates please follow us on.

ServiceNow - LDAP Integration

ServiceNow - LDAP Integration


  • Introduction
  • Architecture
  • Pre-Requisites
  • Steps Involved in the Integration

Introduction

Administrators integrate with a Lightweight Directory Access Protocol (LDAP) directory to streamline the user login process and to automate administrative tasks such as creating users. An LDAP integration allows ServiceNow to use your existing LDAP servers as the master source of user data. The integration uses a read-only connection that never writes to the LDAP directory. The integration only queries for information, and then updates its internal database accordingly.

There are two aspects to the integration:
  1. Data population
  2. Authentication

DATA POPULATION

Integration to the LDAP servers allows you to quickly and easily populate ServiceNow with user records from the existing LDAP database. To prevent data inconsistencies, configuration settings provide the ability to create, ignore, or skip incoming LDAP records. You can also limit the data the integration imports by specifying LDAP attributes. If you do not specify any LDAP attributes, the integration imports all available object attributes from the LDAP server. The instance stores imported LDAP data in temporary import set tables, so the more attributes you import, the longer the import time. By default, ServiceNow does not delete any entries after they disappear from LDAP. This is because deleting an entry also deletes the entire history and references to the deleted entry.

AUTHENTICATION

When a user enters domain credentials in the ServiceNow login page, the instance passes those credentials to each defined LDAP server. The LDAP server responds with an authorized or unauthorized message that ServiceNow uses to determine whether access should be granted. By authenticating against your LDAP server, users access ServiceNow with the same credentials that they use for other internal resources on your domain.

Architecture

LDAP Integration provides the streamlining of user login process and to automate administrative tasks such as creating users Through SSL PKI Certificate, This LDAP integration ensures security by connecting from a single machine that uses a fixed IP address through a specific port on the firewall. Furthermore, the connection requires a read-only LDAP account of your choosing for authentication. To establish a LDAPS connection, ServiceNow admin will load the public side of LDAP server's SSL certificate on ServiceNow instance. Both Third-Party and Self-Signed certificates are supported. The integration uses the certificate to encrypt all communication between the LDAP server and ServiceNow. An SSL-encrypted LDAP integration (LDAPS) communicates over TCP on port 636 by default. The diagram below depicts how communications will be secured using LDAPS with SSL Certificate.


After setting up a secure connection, ServiceNow Admin will be able to complete LDAP integration setup.

Pre-Requisites

The LDAP integration requires:
  • An LDAP v3 compliant directory services server
  • Allows inbound network access (enable SNOW IP and ports) through the firewall of customer network
  • The external IP address or fully-qualified domain name of the LDAP server
  • A read-only LDAP account for Secure connection between Service Now and LDAP Server’s over internet
  • A PKI SSL certificate is required, to secure communication

Steps Involved in the LDAP Integration

  • There are 7 major steps to complete LDAP Integration:
  • Load X.509 Certificate for SSL
  • Create Server 
  • LDAP Configuration 
  • OU Definitions 
  • Define Data source 
  • Define Transform map 
  • Create a Schedule