🌟 Mobile Access to IP-Restricted Instances 🌟

At times, customers face a challenge where they have IP restrictions on their ServiceNow instance, but they also want their employees to be able to access it through their personal devices for approving requests, etc. Guess what? ServiceNow does have an answer to this problem!


I've spoken about Adaptive Authentication 🔐 in the past, and once again, it's here to help us. Here’s how you can set it up:


𝐒𝐭𝐞𝐩-𝐛𝐲-𝐒𝐭𝐞𝐩 𝐆𝐮𝐢𝐝𝐞 𝐭𝐨 𝐄𝐧𝐚𝐛𝐥𝐞 𝐌𝐨𝐛𝐢𝐥𝐞 𝐀𝐜𝐜𝐞𝐬𝐬 𝐟𝐨𝐫 𝐈𝐏-𝐑𝐞𝐬𝐭𝐫𝐢𝐜𝐭𝐞𝐝 𝐈𝐧𝐬𝐭𝐚𝐧𝐜𝐞𝐬✨


Start by enabling the following properties:
𝐠𝐥𝐢𝐝𝐞.𝐚𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐞.𝐚𝐮𝐭𝐡.𝐩𝐨𝐥𝐢𝐜𝐲.𝐞𝐧𝐚𝐛𝐥𝐞𝐝
𝐠𝐥𝐢𝐝𝐞.𝐚𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐞.𝐩𝐫𝐞𝐚𝐮𝐭𝐡.𝐚𝐥𝐥𝐨𝐰.𝐭𝐫𝐮𝐬𝐭𝐞𝐝.𝐝𝐞𝐯𝐢𝐜𝐞

Create an IP Filter Criteria ✅
Go to the Adaptive Authentication module and create an IP Filter criteria for your organization's allowed IPs.

Configure the Pre-Authentication Policy✅
Open Pre-Authentication Policy Context.
Set the Default Policy to Allow Policy.
Open the Allow Policy record and add:
The IP Filter criteria you created earlier.
The out-of-the-box criteria called Trusted Mobile App.


Set Policy Conditions✅
Under the Policy Conditions tab, set the following conditions:
Trusted Mobile App is true OR
IP Criteria (the one created in step 2) is true.


Register Trusted Mobile Devices✅
Employees need to navigate to their user profile and click the related link "Register a Trusted Mobile Device." Once this is done, they will be able to access the instance through their registered mobile device, even outside the allowed IP network.

𝐖𝐡𝐚𝐭 𝐢𝐟 𝐚 𝐃𝐞𝐯𝐢𝐜𝐞 𝐢𝐬 𝐋𝐨𝐬𝐭?
If an employee loses their device, an admin can navigate to the Device Registration table and mark that user's device as inactive. This step prevents any unauthorized access.