MFA didn't work with SSO

ParkHyunSun
Tera Expert

‎11-26-2024 10:23 PM

Hi Community,

 

I want to configure MFA after someone login with SSO.

 

I tested with my PDI, and saw that the local login requires MFA.

However, the user who login with SSO didn't go through MFA step.

 

Below is how I did. (https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/integrate/authentication/task/c...)

 

ParkHyunSun_1-1732688152125.png

1. Integrating Entra ID to login with SSO.

 

ParkHyunSun_0-1732688132234.png

2. Making the properties, Enable Multi-factor authentication and Enable Multi-Factor Authentication with SSO true from Multi-factor Authentication.

2.1. I double checked that those properties are true in sys_properties table.

 

ParkHyunSun_3-1732688282376.png

3. I created Step-Up MFA Policy and put it in the MFA context.

3.1. Filter Criteria

Authentication Scheme

User Based MFA

ParkHyunSun_4-1732688414194.png

3.2. Policy Condition

Authentication Scheme | is | Single Sign-On

 

4. Test with SSO account.

When I tried to login with SSO, it redirects to the Azure Entra ID successful.

However, it redirects to ServiceNow instance directly, instead of MFA authentication page.

 

What I want to do is making login process two steps, SSO - MFA.

How can I configure this correctly?

 

Thank you.

 

 

0 Helpfuls
  • 435 Views
1 REPLY 1

Collin Romeijn
Kilo Guru

‎11-27-2024 01:28 AM

Hi ParkHyunSun,

the ony thing i see different from your screenshot is the "Enable remeber browser feature for multi-factor aythentication" turned on and in the docs is turned off. Maybe you should clear your browser cache and reloggin with the test user in a clean browser session.

Most people use the MFA from Entra. Any reason why you want to use the MFA from SN in this case?

Kind Regards,

Collin

0 Helpfuls