9 Replies · Latest reply on Jul 17, 2017 5:08 PM by Darren Everett

    User Provisioning and Authentication  (LDAP)

      Hi all.

       

      I have read as many documents and forums as I could find.

      I just need some quick clarification please.

       

      Internet: ServiceNow Istanbul

      Customer Network : LDAP Servers, MID Server

       

      We wish to enable two things.

      1. User provisioning from the LDAP Server.  No problems.  MID Server can talk to ServiceNow using Port 443. Great.

      2. Authentication (or SSO).  Not so great.

       

      In this example, the SN instance will need to talk through the firewall and directly to LDAP Server.  With no MID Server interaction, correct?

      If correct, where can I find the security and network requirements for this communication (ports, directions, type)?

       

      Also, please confirm that in this architecture, the MID server  option will work, but is rather redundant in this User Provisioning role, correct?

       

      Further to this.....  I then find this :   LDAP integration setup

      Which states :   Administrators can enable LDAP integration to allow single sign-on of users from their company LDAP directory.

      After the integration, the MID Server connects to the instance and the MID Server also connects to the LDAP server. In both cases, the MID Server initiates the connection:

      1. First, the MID Server connects to the LDAP server via LDAP on Port 389.
      2. Then, the MID Server initiates an HTTPS encrypted connection to the instance on Port 443 to push the data to the instance.

      ...which is contrary to my understanding about SSO and MID Servers not working togeather.

       

      Thanks all.

      --------------------------
      Darren Everett
      0405 500 448

      CIS
      CSA