Citrix Secure Private Access

Configure ServiceNow

Users can securely log on to ServiceNow using their enterprise credentials.

To configure ServiceNow for SSO through SAML, perform the following:

  1. In a browser, type https://<your-organization> and press Enter.

    For example, if the URL you use to access ServiceNow is, then you must replace <your-organization> with myserver.


    • Ensure that the following details are provided in the Citrix Gateway service user interface when adding the ServiceNow app.

      • Assertion URL: https://<your-organizaton>

      • Relay State: https://<your-organizaton>

      • Audience: https://<your-organizaton>

      • Name ID Format: Select “Email Address”

      • Name ID: Select “User Principal Name (UPN)”

    • The Name ID format and Name ID attributes depend on the method of authentication chosen for ServiceNow.

  2. Log on to your ServiceNow account as an administrator.

    Log on to ServiceNow account

  3. In the upper-left corner, using the Filter Navigator, search for plug-ins, and click Plugins in the search results.

    Search for plug-ins

  4. In the right pane, in System Plugins section, search for integration.

    lIntegrations plug-ins

  5. In the search results, right-click Integration - Multiple Provider Single Sign-OnInstaller and click Activate/Upgrade.

    Active plug-in

  6. Click Activate.

    A progress bar indicates the completion of the activation process.

  7. In the left pane, scroll down to the Multi-Provider SSO section and click Multi-ProviderSSO > Identity Providers.

    Add identity providers

  8. In the right pane, click New.

    Add SAML as new identity provider

  9. Click SAML.

    IdP details

  10. If you have the metadata URL, in the Identity Provider New Record section, in the Import Identity Provider Metadata pop-up window, click URL and enter the metadata URL and click Import.

    The values for the Identity Provider record fields are automatically populated.

    If you have the metadata XML file, click the XML. Copy the Identity Provider Metadata XML data and paste in the box. Click Import.

    The values for the Identity Provider record fields are automatically populated. You can update the values if necessary.

    Autopopulated IdP details


    • Citrix recommends that you import the metadata XML file instead of configuring it manually. You can import the metadata XML file from the Citrix Cloud wizard (Citrix Gateway Service > Add a Web/SaaS App > Single sign on > SAML Metadata).

    • While configuring the parameters in the Advanced tab, ensure that the User Field value matches with the value that is configured for the Name ID field in the Citrix Gateway service user interface.

      User field and name ID field

  11. Click Submit.

  12. In the left pane, click x509 Certificate to upload x509 certificate.

    509 certificate

  13. In the right pane, click New.

    Add new 509 certificate

  14. In the X.509 Certificate New record section, specify the following information:

    509 certificate details

    Name – type a certificate name.

    • Format – click the appropriate format: for example PEM.

    • Expiration notification – select the check box.

    • Type – click the appropriate type.

    • Notify on expiration – click the Add me icon to get notified. Click the Unlock Notify on expiration to add more users.

    • Active – select the check box.

    • Short Description – type description for the certificate.

    • PEM Certificate – paste the PEM certificate.

      • Download the certificate from the Citrix Cloud wizard (Citrix Gateway Service > Add a Web/SaaS App > Single sign on > Certificate).

      • Copy the text from —–BEGIN CERTIFICATE—– to —–ENDCERTIFICATE—–

      • Paste the text in a text editor and save the file in an appropriate format such as <your organization name>.

      Note: If you have used an XML file to configure the IdP, you do not have to configure the certificate.

      Sample certificate

      Click Submit.

  15. In the left pane, click Identify Providers.

    Add identity provider

  16. Click the Identity Provider that you have added.

    Select identity provider

  17. On the identity Provider details page, scroll down to the Related Links section. In the X.509 Certificate row, search for the X.509 certificate, and add the appropriate certificate for the identity provider by clicking Edit.

    Edit IdP

    To add a new x.509 certificate, click New and to add or remove the certificates, click Edit.

  18. Click Update on the identity provider details page to save the changes.

    Update IdP details

  19. To obtain metadata to be used for IdP configuration, click Generate Metadata.

    Note: You must click Generate Metadata to complete the updates.

    lMetadata details for IdP configuration

    The service provider metadata appears in a new window. You can use the metadata to validate the entities across both, SP and IdP.


Configure ServiceNow

In this article