Disaster Scenario with Active Directory

LucL · ‎12-20-2024

Hello

First I would like to let's you know this is a question for a loss scenario in Business Continuity for a DR plan.

In the case of a cyber attack :

- Active Directory are compromis.

- We already configure SSO with sercurity code send to corporate user email to corporate.

- We cannot use the AD, until we rebuild it with the procedure

- we store the procedure to restore AD inside the Business Continuity module inside Servicenow !

Fact:

- we cannot use any AD account to login

- we need to remove the SSO, because AD are not safe

- The corporate email are not usable / not safe, because AD are compromis

Login issue :

- Can we remove SSO and change all password easelly

or

- Do we need to create new local account and suspand all corporate account from AD

This a open discussion to found the better solution for our disaster recovery architecture.

Regrad

Kieran Anson · ‎12-23-2024

You wouldn't need to create new accounts, just the authentication mechanism. Disabling SSO/LDAP authentication would be a case of disabling the corresponding record.

Your main issue is going to be around setting every user with a local password in SN and then communicating that out too them. If emails are compromised, what's your communication mechanism

LucL · ‎01-06-2025

Thank's for you post,

We all ready think to this solution for password but we would like to know if this is the best solution, manualy change all required password.

In the case of a Cyber Attack we bring all the required staff to the office or to the DR site, so all the staff are on site and we just write on a paper and give the new password to the right user.

Randheer Singh · ‎12-23-2024

Hi @LucL ,
You may want to consider using the SSO Account recovery feature.

https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/integrate/single-sign-on/concep...
Thanks,

Randheer