MFA Re-Login Behavior Issue after logout on ServiceNow-Customer Portal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
14 hours ago
Hello Team,
We have enabled user-based MFA for external customer users.
Step-up MFA Policy is Enforce MFA for non-SSO logins.
In the Multi-Factor Authentication-properties, the following options are set to Yes:
- Enable Email OTP for Multi-Factor Authentication
- Enable enhanced MFA setup UI to allow users to configure factors independently
During testing in the Dev environment, the test user is prompted to configure MFA using both Authenticator App and Email OTP, and login works successfully with either method.
However, after the user logs out of the customer portal and attempts to log in again, the same message is displayed for both methods:
“Your account requires Multi-factor authentication. Please enter the 6-digit code generated by the authenticator app on your mobile device.”
Even when MFA is unchecked on the user record, and all entries are deleted from User Multifactor Authentications, the user is again prompted to set up MFA with both App and Email on next login — but the same message appears after logout and re-login.
This behavior is consistent:
- In a fresh browser window
- In a different browser
Note: Email OTP is retrieved from logs, as email sending is restricted in the Dev environment.
Could you please review and advise on this MFA login behavior and suggest if we missed anything or any change required in MFA policy?
Best regards,
Ajay
