The CreatorCon Call for Content is officially open! Get started here.

How to Control Display Settings for FIDO and TOTP MFA Authentication per User

SotaT
Tera Contributor

5 hours ago

I understand that email and SMS can be controlled by creating policies. However, policies cannot be created for FIDO and TOTP. Does this mean they cannot be controlled by default?

SotaT_0-1760430853395.png

 

0 Helpfuls
  • 172 Views
4 REPLIES 4

Ambuj Tripathi
ServiceNow Employee
ServiceNow Employee

4 hours ago

From Zurich onwards, you have the option to create the Factor policies for FIDO factors as well - 

https://www.servicenow.com/community/platform-privacy-security-blog/stronger-authentication-control-...

 


Cheers!

0 Helpfuls

SotaT
Tera Contributor
In response to Ambuj Tripathi

4 hours ago

@Ambuj Tripathi 

I confirmed that FIDO is supported, but it seems TOTP cannot be generated. Since this is displayed to all users, is it difficult to control its display on a per-user basis?

0 Helpfuls

Ambuj Tripathi
ServiceNow Employee
ServiceNow Employee
In response to SotaT

56m ago

Yes, that's true. TOTP Factor can't be controlled for specific users/roles.

However, depending upon your requirements, allow/deny the TOTP field access based on the user login parameters like IP range, Roles, groups etc.

0 Helpfuls

kaushal_snow
Mega Sage

3 hours ago

@SotaT ,

 

In ServiceNow, while email and SMS Multi Factor Authentication (MFA) methods can be controlled via policies, the ability to control the display settings for FIDO and Time based One Time Password (TOTP) MFA methods per user is not natively supported through the same policy framework. This means that, by default, these MFA methods are not individually configurable per user through the standard UI or policy settings.

 

However, to manage the use of FIDO and TOTP MFA methods, you can consider implementing custom solutions. This might involve creating custom scripts or UI policies that interact with the MFA configuration tables to enforce specific authentication methods based on user roles or other criteria. Such customizations would require a thorough understanding of ServiceNow's security and authentication framework to ensure compliance with your organization's security policies.....

 

If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.

 

Thanks and Regards,
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/
0 Helpfuls