UI Scripts, Login Rules, or Installation Exits?   It seems as if some ServiceNow users are trying to use the same method for all angles of redirection. Using the same method for all aspects of redirection isn't the best way to go about logging in your users. So if one method for all redirection isn't the answer, which method is the best for which aspect?

UI Scripts

UI Scripts can be used like script includes, but they can also be used as global UI Scripts (careful, a bad global UI Script can prevent users from logging in or doing anything…). A global UI Script will execute any time a user enters a page (such as login.do, navpage.do, home.do).

A few caveats though

• It will execute every time a user enters a page — and that is any time a user clicks from one module to the next, updates a record and goes back to the list, etc.
• It executes when entering into the page, not when exiting out of the page.

An example of such a UI script given by Travis Toulson can be found here: Redirect ITIL users to CMS.

Login Rules

Login rules are the old way on how to tell which CMS (Content Management System) sites to direct a user to. Login rules fire after the user entered his login information, but before going to the home screen. Their conditions allow for advanced conditions with access to the gs (GlideSystem) object. They are part of the Content Management application and are used to redirect users to "their" ESS page or to the non-ESS interface.

Keep in mind that login rules do not work properly on domain separated instances currently.

Installation exits

Installation exits in this context are interfacing to the login and logout functionality, and I have most often worked with them when configuring the SAML integration.

I have for example edited the SAML2SingleSignon_update1 Installation exit to check for users who have or do not have roles and changed the redirect:

When should each be used? This is the big question…

• Installation exits and Login rules fire on login only and are scripted on the server side. They are relatively easy and efficient for initial logins — but they will not stop a user from changing sites midway through manipulating the URL.
• Global UI scripts are able to stop a user from cheating his way into a different site. Since Global UI scripts are called on each page load (and as such can cause big issues when there is a mistake in them, too), they do not necessarily work on login.
• Both Login Rules or Installation Exits can override Global UI script settings upon logging in the first time.

Remember how we mentioned earlier that global ui scripts are called when entering, but not when leaving a page? Upon entering the login.do page, we do not know which user is in the process of logging in; and upon exiting, we are already on our way to the default login home site as defined in the system. I have found that admins have the most success when they use both a method that runs on login (installation exit or login rule) and a global UI script.   This way, all possible escape routes are covered and users are directed to the site they are supposed to be.