- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2025 10:03 PM
I believe this question may have already been answered, but I’d like to double-check just to be safe!
After the Yokohama update, we’ve noticed that an MFA info message is being displayed even for users logging in via SSO.
According to the following knowledge article, I understand that MFA enforcement should not apply to users who authenticate through SSO (e.g., SAML, OIDC, Certificate-Based Authentication):
KB1709783 - Is MFA required for Single-Sign-On (SSO) logins?%20on%20the%20IdP%20side.)
“No. With the default secure MFA policy, MFA is not required for SSO (SAML, OIDC, Certificate Based Authentication etc.) logins.”
We’ve managed to hide the MFA info message using the following settings:
glide.authenticate.multifactor.enforcement.show_user_info_message
glide.authenticate.multifactor.enforcement.acknowledged
However, I’m still concerned because this message was shown to SSO users, which makes me question whether MFA enforcement might still apply to them after the 30-day grace period.
Could anyone confirm that SSO users will not be subject to forced MFA enforcement after the 30 days, despite the info message being shown?
Thanks in advance for your help!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2025 10:15 PM
Hi @E555
The MFA enforcement message with SSO logins will only appear for users with admin roles. This is to ensure that one of the admins acknowledges the change. Once the enforcement message is acknowledged by one of the admins, it will not appear on any SSO logins.
With the default secure policy, MFA will only enforced for ServiceNow local username and password-based authentication and LDAP authentication.
Thanks,
Randheer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2025 10:15 PM
Hi @E555
The MFA enforcement message with SSO logins will only appear for users with admin roles. This is to ensure that one of the admins acknowledges the change. Once the enforcement message is acknowledged by one of the admins, it will not appear on any SSO logins.
With the default secure policy, MFA will only enforced for ServiceNow local username and password-based authentication and LDAP authentication.
Thanks,
Randheer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2025 12:56 AM
Hi Randheer,
Thank you for the info! Does it affect portal users?
Thanks
Rini
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I have a requirement: when we open the ESC portal, the MFA (Multi-Factor Authentication) popup appears immediately. Because of this, informational and warning messages are not visible to the user.
I want to change the positioning of the MFA popup to relative, so that it doesn't overlap or hide important messages.
Can you please let me know where in ServiceNow I can find the css code to make this change?
