Multifactor Login

Go to solution
MStritt
Tera Guru

‎08-05-2024 10:06 AM

How can I determine the last time a user/contact has logged in using multifactor? I can see under User Multifactor Authentications where it says created. Does that mean that's when the customer/contact originally registered and paired his device? Or does the Created value show when they last used multifactor to login? Also, is multifactor login captured when using OTP via email vs a device/mobile authenticator app?

0 Helpfuls
  • 745 Views
1 ACCEPTED SOLUTION

Go to solution
Mark Roethof
Tera Patron
Tera Patron

‎08-05-2024 10:42 AM

Hi there,

 

Interesting question, never gave this a thought 😅. Though immediately I was thinking of the sys_user_login_history table which has been added a few releases ago. And... I see a field "mfa_enforced". That can mean only one thing right?!?! So checked... and yes, it keeps a true/false value for if you logged in using MFA or not. For example, I'm using MFA on a customer instance and it says true, where end-users are using SSO and the value is false.

 

So hopefully this brings you on track.

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Mark Roethof
Tera Patron
Tera Patron

‎08-05-2024 10:42 AM

Hi there,

 

Interesting question, never gave this a thought 😅. Though immediately I was thinking of the sys_user_login_history table which has been added a few releases ago. And... I see a field "mfa_enforced". That can mean only one thing right?!?! So checked... and yes, it keeps a true/false value for if you logged in using MFA or not. For example, I'm using MFA on a customer instance and it says true, where end-users are using SSO and the value is false.

 

So hopefully this brings you on track.

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

0 Helpfuls

Go to solution
MStritt
Tera Guru
In response to Mark Roethof

‎08-05-2024 11:27 AM

Thanks Mark.

 

So, MFA Enforced would mean that it's being enforced. Not necessarily when they last logged in using MFA? I see a field on this table called 'Time of Login'. If MFA is enforced/true, I would assume this time would be  when they used MFA to login (in addition to User ID/email and password). But, Login Type shows as DB. Meaning, the user logged in by providing a username and password. Looks like there may be different values for Login Type (SSO, DB, Basic, LDAP, MFA). In our instance, I'm only seeing Login Types of DB, SAML or Empty (no value). I logged in earlier today with a test account (external contact), logging into our Customer Portal with MFA, and it's showing login type of DB.

0 Helpfuls

Go to solution
Mark Roethof
Tera Patron
Tera Patron
In response to MStritt

‎08-05-2024 11:33 AM - edited ‎08-05-2024 11:33 AM

Yes as I see it comparing results, last logged in using MFA is:

MFA enforced true + Type DB.

 

(I tested using ServiceNow MFA, not a third-party MFA)

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn