CSM login and MFA: enforce MFA for Contacts [customer_contact]

maronis
Mega Guru

‎04-04-2025 05:22 AM

Hi,

 

currently on the CSM portal, Contacts [customer_contact] can log in without MFA. I would like to enforce MFA for them.

I updated up the OOTB Role based multi-factor authentication [multi_factor_criteria] (d427668b73003300fdbd04fbc4f6a7b6) by adding the snc_external, sn_esm_user roles but Contacts can still log in without MFA. I do not understand what configuration is missing/wrong.

 

maronis_0-1743769001471.png

 

Note:

- Internal users [sys_user] can log in with SSO. They do not need MFA.

- External users [sys_user] such as External consultants log in with MFA.

- if External users try to log in on the CSM portal, they are redirected to MFA successfully.

 

Best regards,

 

Maron

 

 

0 Helpfuls
  • 717 Views
5 REPLIES 5

Raj92
Tera Expert

‎04-04-2025 05:46 AM

Hi @maronis 

Have you enabled Multifactor Authentication field for the external users on user record?

 

0 Helpfuls

maronis
Mega Guru
In response to Raj92

‎04-04-2025 08:20 AM

Hi Raj92,

 

later on, I also checked the enable MFA on the user profile but it does not help.

 

Best regards,

 

Maronis

 

0 Helpfuls

Randheer Singh
ServiceNow Employee
ServiceNow Employee
In response to maronis

‎04-05-2025 08:35 PM

Can you please confirm if the Adaptive authentication and multi-factor authentication system properties are turned on?

0 Helpfuls

Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎04-04-2025 07:00 AM - edited ‎04-04-2025 07:00 AM

Please use the Adaptive Authentication MFA context Policy. 

it gives you the flexibility to craft your condition for various personas.

https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/integrate/authentication/concep...

 

0 Helpfuls