Multi-factor authentication( MFA) enabled based on groups?

ShavageS · ‎01-08-2025

Hi All,

Good Day!

Can some one suggest how we can Enable multi-factor (MFA) authentication based on groups?

Ravi Chandra_K · ‎01-08-2025

Hello @ShavageS

You have to enable glide.authenticate.multifactor system property which will enable role based MFA.

then

All > Multi-factor Authentication > Multi-factor Criteria.

In the Multi-factor Criteria list, open the Role-based multi-factor authentication record

You can create a new role for MFA and add that role to specific group you want

Please refer below doc:

https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/administer/security/refer...

Please mark the answer as helpful and correct if helped.

Kind Regards,

Ravi Chandra

Anand Kumar P · ‎01-08-2025

Hi @ShavageS ,

Add unique role to the group and add that role to mfa as below.

Navigate to All > Multi-factor Authentication > Multi-factor Criteria.
In the Multi-factor Criteria list, open theRole-based multi-factor authenticationrecord.
Use the Multi-factor Roles list to add or remove roles.

Option Description

Add a role Double-click Insert a new row... and enter or select a role name. Click the Save Icon (

) to save the entry.

If my response helped, please mark it as the accepted solution ✅ and give a thumbs up👍.
Thanks,
Anand

Mark Manders · ‎01-09-2025

Be aware that with the next release MfA will be mandatory on all instances, so creating anything group/user/role based may be a waste of time.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Randheer Singh · ‎01-09-2025

Hi @Mark Manders ,

if the instance already has an active MFA policy before the upgrade to the Yokohama release, we will not override it with the MFA enforcement mandate. The instance will continue to support the existing policy.

Thanks,

Randheer