Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Need help enabling Account Recovery

Gemma4
Mega Sage

‎12-12-2023 09:16 AM - edited ‎12-12-2023 09:17 AM

Hi everyone,

Can I get feedback and help to ensure I understand cause and effect of setting up account recovery and how to be compliant with it during a healthscan?

We currently are using onelogin for Prod but the lower environments are just using a local account we setup in users.

I am not getting the option to enable the Account recovery checkbox and also Missing Step 2 and Step 3. We are using version Utah. 

 

To be compliant is it correct that I would need to do the following:

If so, what is the user impact and risk?

 

com.snc.integration.sso.multi.installer- not a property setup need to add and set value to true
glide.sso.acr.enabled-  currently false,  need to change to true
glide.authenticate.multisso.enabled - not a property setup, need to add and set value to true

com.snc.integration.sso.multi.installer not a property need to add and set value to true


Below are the articles I read that were a little confusing to me and I wanted to confirm I was on the right track.

https://docs.servicenow.com/bundle/utah-platform-security/page/integrate/single-sign-on/concept/conf...

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0954903

 

Thank you in advance for any feedback you can provide

 

Preview file
39 KB
Preview file
39 KB
0 Helpfuls
  • 1,724 Views
2 REPLIES 2

Nisha30
Kilo Sage

‎01-31-2024 03:11 AM

Hi ,

were you able to set up ACR properly. I am facing same issue.

Once I enabled these properties, we are unable to login to instance even with admin accounts. 

Any suggestion please if you had resolved the issue.

Thanks

0 Helpfuls

abhishek_s
Tera Contributor

‎05-28-2025 02:32 AM

The #1 effect of setting up ACR is that local logins (via /login.do and /side_door.do) are restricted to modifying only the SSO / certification configuration despite being administrators.

In other words, if you ever need to login via /login.do as an admin and do something that only admins can do (say run a background script), ACR will not let you do that.

 

There might (i.e. may or may not) be a way out using some policy configuration but SN documentation provides no such examples. That would be like negating the whole point of ACR.

0 Helpfuls