MFA didn't work with SSO

ParkHyunSun · ‎11-26-2024

Hi Community,

I want to configure MFA after someone login with SSO.

I tested with my PDI, and saw that the local login requires MFA.

However, the user who login with SSO didn't go through MFA step.

Below is how I did. (https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/integrate/authentication/task/c...)

1. Integrating Entra ID to login with SSO.

2. Making the properties, Enable Multi-factor authentication and Enable Multi-Factor Authentication with SSO true from Multi-factor Authentication.

2.1. I double checked that those properties are true in sys_properties table.

3. I created Step-Up MFA Policy and put it in the MFA context.

3.1. Filter Criteria

Authentication Scheme

User Based MFA

3.2. Policy Condition

Authentication Scheme | is | Single Sign-On

4. Test with SSO account.

When I tried to login with SSO, it redirects to the Azure Entra ID successful.

However, it redirects to ServiceNow instance directly, instead of MFA authentication page.

What I want to do is making login process two steps, SSO - MFA.

How can I configure this correctly?

Thank you.

Collin Romeijn · ‎11-27-2024

Hi ParkHyunSun,

the ony thing i see different from your screenshot is the "Enable remeber browser feature for multi-factor aythentication" turned on and in the docs is turned off. Maybe you should clear your browser cache and reloggin with the test user in a clean browser session.

Most people use the MFA from Entra. Any reason why you want to use the MFA from SN in this case?

Kind Regards,

Collin