As mobile-enabled technology continues to rise, more users are embracing mobile apps that offer native features for on-the-go use.
A common concern when implementing the Now mobile app from a ServiceNow customer is understanding the available mobile login options in the platform. Although there is documentation that exists on this topic, it can be challenging to find all the information in one location.
Hence, I’ve summarized the options available below
Release: Xanadu
- Usual SSO
This option is to continue to use the same identity provider configuration as it’s available and active on the platform. You don’t need to do anything additional for this to work (assuming automatic redirect should have been configured on your IdP record).
- Force local login
Even though there is an SSO configuration on your instance, you may still force the users to use their instance local login credentials to login by enabling Force local login on the respective mobile app config.
Choose the mobile app you want to have this enabled on
- Adaptive Authentication
When adaptive authentication is activated and configured on your ServiceNow instance, mobile users must install a separate VPN app on their device to access the instance. To avoid having to install the separate VPN app, you can configure your ServiceNow instance to grant access to mobile users by using the system properties that are described in Adaptive authentication for mobile apps system properties
You would need to register your device as a trusted device first for this to work and you must be on a trusted network for this to happen. To read more on how to register your device as a trusted device see the link below
Once registered, you may use the app outside of the trusted network as you move.
- Configure Mobile apps to use specific Identity providers
You can configure a login experience that is specific to a mobile app and different from the web login experience. For example, Now Mobile app users can be automatically redirected to an identity provider (IdP) that is different from the IdP that is defined for a web session.
It supports different configurations depending on your use case such as
- Use local login
- Use a specific identity provider
- Use the identity provider that’s mapped with your user record
- Enter the login URL for a custom login page
- Zero Trust Access
You may limit end-user access to your ServiceNow instance by opting in to Zero Trust Access. This adjusts user roles and permissions according to security policies defined by the admin based on factors such as IP address, location, and identity provider attributes.
The User gets a message when they login into their mobile highlighting their access is limited
To read more about Zero Trust Access explore the link below
- Manage via Intune
Download the Intune version of the mobile apps available on App. and Play Store. It allows Microsoft Intune admins to create policies that secure the application in a bring-your-own-device (BYOD) environment
Would appreciate the readers to leave their comments below on this subject/topic, sharing their experience and insights on the work they have done in this space before
