Auto Provisioning User - ServiceNow SAML integration with ForgeRock

Hey there,

We are trying to integrate ServiceNow with ForgeRock via SAML. ForgeRock is acting as IDP and ServiceNow is acting as SP. If users are existing in both side, then we are successfully able to test user. But when we are trying to auto provision a user then if user is not existing in ServiceNow then the test is failing with following error - Ensure that the user you are trying the test connection with is present in the system.
Ensure that ‘User Field’ property value corresponds to the value set in the IDP returned through ‘Subject NameID’ in the response.

Any help is appreciated. Thank you !!!

Manoj Mahadadalkar

Hi @Manoj_Mahadadalkar

This sounds like you need to review your ServiceNow configuration to ensure that Just In Time (JIT) provisioning is enabled. It is also possible that for JIT provisioning you will need to include additional attribute assertions in your SAML response from ForgeRock. I’d start by confirming that JIT is enabled in ServiceNow, and then confirm that you are sending the required attributes in your assertion to support JIT provisioning.

1 Like

Hey @mwtech

I’ve confirmed that auto user provisioning is enabled. But could you elaborate more on what required attributes need to be send in assertion to support JIT provisioning. On ServiceNow side in User Field we are using email.

Hi @Manoj_Mahadadalkar

That is more of a question for ServiceNow. Unfortunately I do not have expertise in configuring ServiceNow as an SP, so I don’t have any insight. I suggest working with your ServiceNow administrator.

Hey @mwtech

Got it. Thank you