Hi @Jonathan102 

A Basic Auth Exception Account is a designated service or integration account that is officially whitelisted or exempted from modern, secure authentication policies (such as MFA or SSO).

It is permitted to authenticate using only static username and password credentials (Basic Authentication) to support legacy integrations

Criteria for Granting an Exception Account

In enterprise platforms such as ServiceNow, exception accounts are generally approved only when an external system cannot support modern authentication methods. To be considered for this type of security exception, the account should meet the following requirements:

• System or Service Account: The account must represent an automated process or system (such as an API integration, MID Server, or third-party monitoring solution) and not be associated with an individual user or administrator.
• No Support for Modern Authentication: The external application, tool, or script connecting to the platform must be unable to use modern authentication mechanisms such as OAuth 2.0 or Single Sign-On (SSO) and must rely on static credentials for authentication.
• Least-Privilege Access: The account should be assigned only the permissions necessary to perform its intended function. Access should be limited to the required API endpoints or roles

Best Practices for Exception Accounts

Because Basic Authentication is inherently less secure -> as static credentials travel with every request -> these accounts must be highly restricted:

• Credential Hardening: The password for the exception account should be generated randomly and stored securely in Servicenow vaults  rather than being hardcoded in plaintext within scripts.
• Continuous Auditing: You should regularly review accounts using this method via the ServiceNow Security Center to ensure old, decommissioned integrations are removed