Amazon Connect SSO integration with ServiceNow

  • Release version: Australia
  • Updated May 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Amazon Connect SSO integration with ServiceNow

    The Amazon Connect Single Sign-On (SSO) integration with ServiceNow allows agents to authenticate once via a shared identity provider (IdP) and gain seamless access to both ServiceNow and the Amazon Connect softphone. This integration eliminates the need for duplicate logins by leveraging the existing active IdP session when agents open the Amazon Connect softphone within ServiceNow.

    Show full answer Show less

    When an agent logs into ServiceNow through the configured IdP, an active SAML 2.0 session is established. Opening the softphone forwards the SSO Login URL from ServiceNow to Amazon Connect, which completes authentication automatically using the existing session. If the SSO Login URL is not set, the system defaults to standard Amazon Connect authentication. The integration requires no custom code and uses the Streams API library provided by Amazon Connect.

    Note that the SSO setup must be configured within the IdP and AWS after completing the guided setup and verifying the basic login functionality.

    Key Features

    • Seamless agent experience: Agents sign into ServiceNow once and are automatically authenticated into Amazon Connect, avoiding disruptive login popups.
    • Standard protocols: Utilizes SAML 2.0 for secure SSO authentication via a shared IdP.
    • Compatibility: Works with both the standard Contact Control Panel (CCP) and the Interaction Controls Component (ICC) voice controls.
    • No custom code required: Uses Amazon Connect’s native Streams API library for SSO functionality.
    • Fallback mechanism: Automatically falls back to standard Amazon Connect login if SSO Login URL is not configured.

    Configuration Steps

    To enable SSO integration between ServiceNow and Amazon Connect, a one-time configuration is required across the three systems—ServiceNow, the identity provider (IdP), and Amazon Connect. The example uses Okta as the IdP, but similar steps apply for other IdPs:

    1. ServiceNow: Install the SSO plugin and configure the IdP (e.g., Okta).
    2. Identity Provider (IdP): Create user accounts and add the Amazon Web Services SAML application.
    3. Amazon Connect: Enable SAML federation, configure the IAM role, and set up the IdP integration.
    4. Identity Provider (IdP): Retrieve the IdP-initiated SAML SSO Login URL.
    5. ServiceNow: Enter the SSO Login URL into the Amazon Connect instance record.

    Important: The user identity (email or username) must be consistent and exactly match across ServiceNow, Amazon Connect, and the IdP for SSO to work correctly. Typically, the user’s email serves as the login parameter and should be mapped accordingly.

    Benefits for ServiceNow Customers

    • Improved agent productivity: Agents avoid multiple authentication steps and disruptive login popups.
    • Consistent user experience: Single seamless login across ServiceNow and Amazon Connect enhances workflow efficiency.
    • Secure and standardized authentication: Uses industry-standard SAML 2.0 protocols and centralized IdP management.

    Single Sign-On (SSO) integration between Amazon Connect and ServiceNow eliminates duplicate authentication by using a shared identity provider (IdP) to authenticate agents automatically when they open the Amazon Connect softphone.

    Amazon Connect SSO integration overview

    When an agent authenticates into ServiceNow via configured IdP, an active IdP session is established. Opening the softphone forwards the SSO Login URL fromServiceNow to Amazon Connect, which initiates authentication. The IdP completes the SAML 2.0 flow using the existing session, and the Amazon Connect softphone loads without requiring any additional agent action.

    If the SSO Login URL field is empty, the system falls back to standard Amazon Connect authentication. No custom code is required. The SSO capability is provided by the Streams API library, which is part of Amazon Connect, and works for both the standard Contact Control Panel (CCP) and the Interaction Controls Component (ICC) enabled voice controls.

    Note:
    The SSO setup must be done in the IdP and AWS after the guided setup is completed and the basic login is working as expected.

    For more information about Single Sign-On (SSO) configuration for ServiceNow Voice, see the Single Sign-On configuration for ServiceNow Voice with Amazon Connect [KB3025173] article in the HI Knowledge Base.

    Benefits of the SSO authentication

    Using the SSO authentication, agents using ServiceNow as the primary agent workspace and Amazon Connect as the contact center solution can address the following issues:
    Duplicate authentication
    Agents can avoid authenticating twice, for ServiceNow and for Amazon Connect, even with both systems using the same IdP.
    Disruptive login popups
    Without the SSO integration, the Amazon Connect opens an authentication pop-up, creating an inconsistent agent experience.

    SSO configuration sequence

    The following configuration displays the one-time setup steps required across Okta, ServiceNow, and Amazon Connect to enable SSO.
    Note:
    Okta has been used as an IdP example. The steps are similar for any other IdP.

    The configuration steps are:

    1. ServiceNow: Install the SSO plugin and configure Okta as the IdP.
    2. IdP: example Okta Create a user and add the Amazon Web Services SAML application.
    3. Amazon Connect: Enable SAML federation and configure the IAM role and IdP.
    4. IdP: example Okta Retrieve the IdP-initiated SAML SSO Login URL.
    5. ServiceNow: Paste the SSO Login URL into the SSO Login URL field on the Amazon Connect instance record.
    Note:
    After configuration, all three systems share the same IdP. User identity (email or username) must match exactly across ServiceNow and Amazon Connect for SSO to work.

    The login parameter is generally the user email that must be mapped to the user name. Here's an example of how SSO is configured in Amazon Connect.

    The following screen captures show the user identity fields across all three applications.

    Figure 1. Amazon Connect instance user
    Amazon Connect user list showing one record with login and name fields used for identity matching.
    Figure 2. IdP user (Okta)
    Okta user profile showing name and email fields used for identity matching.
    Figure 3. ServiceNow user
    Platform user form showing User ID, first name, last name, and email fields used for identity matching.