About the behavior of multi-factor authentication (MFA)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2025 05:20 AM
Hello,I have a question about the behavior of multi-factor authentication (MFA).
The following settings have been made to perform verification for multi-factor authentication (MFA).
The version is the PDI environment of Yokohama.
1.Multi-factor authentication> Property
Change the property value to true
2.Multi-factor authentication>Multi-factor criteria
Change role-based multi-factor authentication to active
3.Multi-factor authentication>MFA Context
Activate the policy
By default, the Has MFA exempted role policy within the MFA context is set to snc_external.
Therefore, it is expected that users with roles other than this will see a screen to configure multi-factor authentication (MFA) when logging in.
When I tested this in the PDI environment, a user with only the snc_internal role was able to log in without multi-factor authentication (MFA).
Are there any other settings required regarding multi-factor authentication (MFA)?
What I ultimately want to do is test that by setting the snc_internal role to the Has MFA exempted role, users with the snc_internal role can be excluded from multi-factor authentication (MFA).

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2025 07:16 AM
Hi @kenta yoshida
If you have upgraded your instance from a previous version to Yokohama, every user will get a default 30-day relaxation before MFA is enforced. If you want every user to immediately have MFA, you can update the glide.authenticate.multifactor.self_enrolment_period property to 0.
For more details, please refer to this FAQ KB.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709783#mcetoc_3b_timeline_ad...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2025 07:50 AM
Hi Randheer Singh.
Thank you for answering my question.
Upon checking the PDI environment, the following properties were set to 0.
・glide.authenticate.multifactor.self_enrolment_period property
Do you think there might be other causes?