Need help enabling Account Recovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-12-2023 09:16 AM - edited ‎12-12-2023 09:17 AM
Hi everyone,
Can I get feedback and help to ensure I understand cause and effect of setting up account recovery and how to be compliant with it during a healthscan?
We currently are using onelogin for Prod but the lower environments are just using a local account we setup in users.
I am not getting the option to enable the Account recovery checkbox and also Missing Step 2 and Step 3. We are using version Utah.
To be compliant is it correct that I would need to do the following:
If so, what is the user impact and risk?
com.snc.integration.sso.multi.installer- not a property setup need to add and set value to true
glide.sso.acr.enabled- currently false, need to change to true
glide.authenticate.multisso.enabled - not a property setup, need to add and set value to true
com.snc.integration.sso.multi.installer not a property need to add and set value to true
Below are the articles I read that were a little confusing to me and I wanted to confirm I was on the right track.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0954903
Thank you in advance for any feedback you can provide
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-31-2024 03:11 AM
Hi ,
were you able to set up ACR properly. I am facing same issue.
Once I enabled these properties, we are unable to login to instance even with admin accounts.
Any suggestion please if you had resolved the issue.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-28-2025 02:32 AM
The #1 effect of setting up ACR is that local logins (via /login.do and /side_door.do) are restricted to modifying only the SSO / certification configuration despite being administrators.
In other words, if you ever need to login via /login.do as an admin and do something that only admins can do (say run a background script), ACR will not let you do that.
There might (i.e. may or may not) be a way out using some policy configuration but SN documentation provides no such examples. That would be like negating the whole point of ACR.
