Configuring Application Control for SSO Authentication with ServiceNow

Configure Application Control to authenticate with third-party identity providers.

You can use any OIDC identity provider.

To set up a third-party identity provider in Application Control:

  1. Click Policy Change Request Options from the ribbon bar and the ServiceNow Integration tab.

  2. Enter the URL of the ServiceNow instance.

  3. Click Authentication Options.

  4. Select the External Authentication (SSO).

  5. Enter the Client ID and Client Secret from the Application Registration.

  6. Enable the Use Proof Key for Code Exchange (PKCE) option.

  7. Enter the token and authorization endpoints, usually found at:


  8. Enter the URL provided for the sign-in redirect URL when you configured your identity provider.

    The redirect URL requires a trailing forward slash.

  9. Click OK.

  10. Click Logon to sign in to the identity provider.

For any Forbidden or Access Denied messages, please consult the Knowledge Base articles for integration with ServiceNow on Ivanti Community.