Multifactor Authentication and SSO compatibility

antonioferrari
Tera Contributor

‎02-14-2018 05:11 AM

Hi everybody,

provided I've read page Multifactor authentication , I know that Multifactor Authentication provided OOTB by ServiceNow is not supported with SSO.

Anyway I'd like to know if this scenario according to you could work. We want to divide users into two disjoint sets:

- SET "A" will contain users that will access ServiceNow only via SSO provided by an external Identity Provider. This users will have "Enable Multifactor Authentication" field set to "false" (MFA disabled) and won't be able to access ServiceNow with local DB credentials (they will have a random generated password that won't be furnished to them). The Identity Provider will be configured to use its own MFA methods in case of access out the intranet. This MFA has nothing to do with ServiceNow and is up to the IdP to let it work.

- SET "B" will contain users that will access ServiceNow only via Local Database credentials. These users will access ServiceNow calling "side_door.do" or "login.do" page and will have "Enable Multifactor Authentication" set to "true". They can't access ServiceNow via SSO.

This is because our Customer wants that some admin users must exist in case SSO doesn't work, they must access SN only via side_door and their access must be secured by MFA.

Do you think that scenario with set A and B will work? Do you advice possible problems?

Best regards,

Antonio Ferrari

  • 2,954 Views
6 REPLIES 6

Randheer Singh
ServiceNow Employee
ServiceNow Employee
In response to Anna T_

‎07-23-2024 08:00 AM

You can use Adaptive Authentication - MFA context policy.
You can define a policy using the authentication scheme and user role/group filter combination.

0 Helpfuls

Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎04-26-2022 07:19 AM

From SD release onwards, MFA can be enforced after successful SSO login at the identity provider side.
Here is the product doc explaining the details.

0 Helpfuls