Disable local login i.e. login.do for non-admin users which have SSO enabled
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 07:03 AM
Hello ServiceNow Community,
I have a requirement to disable local login i.e. login.do for non-admin users which have SSO enabled.
Please help me with the solution to implement to restrict local login(login with username & password) that is login.do for non-admin users and allow admins and integration users to have local login.
I have SSO enabled in the instance already for the same we want to restrict users to use local login(login.do).
please help with solution to implement
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2025 02:42 AM
Hi @HS7
Can you please check if the above filter criteria is present in the sys_role_filter_criteria table?
If not present, then you can create a new record in role filter criteria and add "admin" as role here.
If already present, come to the post auth policy context page - Adaptive Authentication -> Post Auth Policy.
On the policy context page, select allow policy in "default policy" field dropdown, and whatever policy is there, you need to edit the inputs list to add the new filter hasAdminRole into it by swapping towards right.
Once the filter is part of the input, you can save the policy, switch to next - "condition" tab, edit the condition and create it as per your requirements.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2025 06:14 PM
Thank you @Ambuj Tripathi
I have set it up exactly as you instructed, but it still doesn't show up. Is there anything else I should be aware of?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2025 11:54 PM - edited 07-17-2025 11:54 PM
FYI - I have just created an article with a recorded demo just for this use case. Please do checkout as it might be useful for your use case of disabling the local logins.
Cheers!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2025 01:08 PM
Hi @HS7
This is part of the Adaptive Auth plugin and gets installed if you select to install the demo data. This role filter criteria should be added into the policy input first and then only it will be shown in while creating the policy condition.
Please check in this table - sys_role_filter_criteria.
This record - "has Admin Role" should be present in this above table. if its not present, you can either repair the Adaptive Authentication plugin by loading the demo data or you can create your own filter criteria which will work like the OOB one.
Once you create the criteria, you need to use it as an input into the required policy. Then only it wiill be shown as policy input while creating the condition.
Please refer to my demo video regarding the similar use case -
https://youtu.be/WH3jQh-OY-0?list=PLz3uBEja_oGWkIbQQs9wzW7AhsHweKmiA
Thanks!
