CSM login and MFA: enforce MFA for Contacts [customer_contact]

maronis
Mega Guru

Hi,

 

currently on the CSM portal, Contacts [customer_contact] can log in without MFA. I would like to enforce MFA for them.

I updated up the OOTB Role based multi-factor authentication [multi_factor_criteria] (d427668b73003300fdbd04fbc4f6a7b6) by adding the snc_external, sn_esm_user roles but Contacts can still log in without MFA. I do not understand what configuration is missing/wrong.

 

maronis_0-1743769001471.png

 

Note:

- Internal users [sys_user] can log in with SSO. They do not need MFA.

- External users [sys_user] such as External consultants log in with MFA.

- if External users try to log in on the CSM portal, they are redirected to MFA successfully.

 

Best regards,

 

Maron

 

 

5 REPLIES 5

Raj92
Tera Expert

Hi @maronis 

Have you enabled Multifactor Authentication field for the external users on user record?

 

Hi Raj92,

 

later on, I also checked the enable MFA on the user profile but it does not help.

 

Best regards,

 

Maronis

 

Can you please confirm if the Adaptive authentication and multi-factor authentication system properties are turned on?

Randheer Singh
ServiceNow Employee
ServiceNow Employee

Please use the Adaptive Authentication MFA context Policy. 

it gives you the flexibility to craft your condition for various personas.

https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/integrate/authentication/concep...