ServiceNow Locked Accounts

kathymorris · ‎07-12-2023

Hi,

When a ServiceNow Admin user is no longer with the company, what is the best practice with removing access?

We see accounts where the user account is "locked" but still has all the admin roles.

Is it best practice to remove the roles as well?

Is there any possible way the user can still get backdoor access?

Best,

Kathy

Harshal Aditya · ‎07-13-2023

Hi @kathymorris - User will not be able to login with backdoor access if account is locked

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1281661#:~:text=Lock%20user%2....

Please mark this response as correct or helpful if it assisted you with your question.

Regards,
Harshal

View solution in original post

Harshal Aditya · ‎07-12-2023

Hi @kathymorris ,

Hope you are doing well.

In most of the cases the serviceNow instance is integrated with AD or 3rd party app for user provisioning , so if the user gets deactivated in the company (AD) it will be deactivated in ServiceNow as well.

But in case there is no integration it needs to be manually done in the system.

Is there any possible way the user can still get backdoor access? --> Might be possible if the user not deactivated can assess the system using login.do (backdoor access)

Please mark this response as correct or helpful if it assisted you with your question.

Regards,
Harshal

kathymorris · ‎07-12-2023

Hi Harshal,

When you say deactivated, do you mean "locked?"

The account is locked.

When the account is locked, and the user's account has "Admin" role, can the user still login via a backdoor? (i.e. API, or some other means)

Harshal Aditya · ‎07-13-2023

Hi @kathymorris - User will not be able to login with backdoor access if account is locked

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1281661#:~:text=Lock%20user%2....

Please mark this response as correct or helpful if it assisted you with your question.

Regards,
Harshal