- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
While I have the SSO set up in our non-prod environments, I am wondering if I have to do anything to our MFA setup that we have been using for more than a year.
I was looking at turning it off, but with Yokohama you get alot of grief (red alerts) and made me wonder if I even have to turn it off... I see the MFA properties file has a box - Enable MFA with SSO - our SSO already authenticates with Microsoft, I get a pop-up to my phone to reply to as expected. It seems to by-pass my MFA (to actually go to my Authenticator for the code), but is that because I choose to stay logged in?
As you can tell I am fairly new to this...
Also any comments you may want to enlighten me regarding our 'portal only' users - we only force MFA on ITIL & Admin users. My test id for this seems to work as expected.
Does MFA come into play once you have SSO set up? I have my Auto-redirect IDP enabled to eliminate the internal/external login choice also.
Will MFA still ask a user to authenticate if they haven't? or will it just push them to sso authentication?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
@Sue L ,
When you enable SSO with MFA, ServiceNow can bypass MFA if the user has already authenticated through SSO, especially if they choose stay logged in, so MFA won't always prompt unless needed. Since you’ve set MFA for ITIL and Admin roles, portal only users won’t trigger MFA unless required by their roles. With Auto redirect IDP enabled, users will automatically be redirected to SSO, and if they’ve already authenticated via SSO, MFA won’t reappear unless explicitly needed. If you’re seeing red alerts with Yokohama, you may need to check your MFA and SSO settings to ensure they're properly integrated to avoid issues.....
If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
@Sue L ,
When you enable SSO with MFA, ServiceNow can bypass MFA if the user has already authenticated through SSO, especially if they choose stay logged in, so MFA won't always prompt unless needed. Since you’ve set MFA for ITIL and Admin roles, portal only users won’t trigger MFA unless required by their roles. With Auto redirect IDP enabled, users will automatically be redirected to SSO, and if they’ve already authenticated via SSO, MFA won’t reappear unless explicitly needed. If you’re seeing red alerts with Yokohama, you may need to check your MFA and SSO settings to ensure they're properly integrated to avoid issues.....
If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/
