Enforce Multi-Factory Authentication for ALL Users

Jonathan102 · ‎02-25-2022

Hi,

We are in the process of setting up multi-factor authentication. I understand that you can enforce this by roles but we want to enforce it for every user, include base end users without any roles. How do you accomplish this if the user doesn't have a role?

Thanks,

Jonathan

shloke04 · ‎02-25-2022

Also to add on my above point, if you want to enable MFA for all user then you can just run the below script in background and you will be able to set it for all users:

Script to be used:

var gr = new GlideRecord();
gr.addQuery('active',true);
gr.query();
while(gr.next()){
gr.enable_multifactor_authn = true
gr.update();
}

This will enable MFA for all Active user as you want. Also please go through below doc link to understand more:

https://docs.servicenow.com/bundle/paris-platform-administration/page/integrate/authentication/task/t_RequireMultifactorAuthForAUser.html

https://docs.servicenow.com/bundle/paris-platform-administration/page/integrate/authentication/concept/c_MultifactorAuthentication.html

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

View solution in original post

shloke04 · ‎02-25-2022

Hi,

MFA plugin is enabled by default. So please follow the steps below:

Navigate to User Administration > Users.
Configure the list to show the Enable Multifactor Authentication column.
Change the values of the Enable Multifactor Authentication column for the selected users to true.

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

shloke04 · ‎02-25-2022

Also to add on my above point, if you want to enable MFA for all user then you can just run the below script in background and you will be able to set it for all users:

Script to be used:

var gr = new GlideRecord();
gr.addQuery('active',true);
gr.query();
while(gr.next()){
gr.enable_multifactor_authn = true
gr.update();
}

This will enable MFA for all Active user as you want. Also please go through below doc link to understand more:

https://docs.servicenow.com/bundle/paris-platform-administration/page/integrate/authentication/task/t_RequireMultifactorAuthForAUser.html

https://docs.servicenow.com/bundle/paris-platform-administration/page/integrate/authentication/concept/c_MultifactorAuthentication.html

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

Jonathan102 · ‎02-25-2022

Hi Shloke,

Please disregard the last comment, I have updated the script you suggested to use in a scheduled job. Thanks for your help!

Thanks,

Jonathan

Jonathan102 · ‎02-25-2022

Hi Shloke,

IS there a way to setup this/a script to run daily as a scheduled job? I am surprised that ServiceNow doesn't offer a more effective way to handle this process since base end users do not have any roles. We have new user account created (practically) every day and need to automate this process.

Thanks,

Jonathan