Enforce Multi-Factory Authentication for ALL Users

Jonathan102 · ‎02-25-2022

Hi,

We are in the process of setting up multi-factor authentication. I understand that you can enforce this by roles but we want to enforce it for every user, include base end users without any roles. How do you accomplish this if the user doesn't have a role?

Thanks,

Jonathan

shloke04 · ‎02-25-2022

Also to add on my above point, if you want to enable MFA for all user then you can just run the below script in background and you will be able to set it for all users:

Script to be used:

var gr = new GlideRecord();
gr.addQuery('active',true);
gr.query();
while(gr.next()){
gr.enable_multifactor_authn = true
gr.update();
}

This will enable MFA for all Active user as you want. Also please go through below doc link to understand more:

https://docs.servicenow.com/bundle/paris-platform-administration/page/integrate/authentication/task/t_RequireMultifactorAuthForAUser.html

https://docs.servicenow.com/bundle/paris-platform-administration/page/integrate/authentication/concept/c_MultifactorAuthentication.html

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

View solution in original post

Nick Fajardo · ‎06-07-2022

You can very easily set up a business rule to ensure that the enable_multifactor_authn field on the sys_usee table is always populated.

Nick Fajardo · ‎06-07-2022

You can very easily set up a business rule to ensure that the enable_multifactor_authn field on the sys_usee table is always populated. However, you do want to be careful because just turning on MFA for everyone can potentially break things like existing inbound REST interfaces if they only use Basic auth.