Will the hardening setting 'Enforce Password Reset on API Requests' be impacted by SSO?

Reuben2 · ‎03-20-2024

I am reviewing the Security Center hardening settings and one that's flagged as non-compliant is 'Enforce Password Reset on API Requests'. This entails setting the system property 'glide.authenticate.api.user.reset_password.mandatory' to true.

Our production instance uses SSO, so we don't use passwords at all but the 'Password needs reset' field still exists on the user record - will activating this property have any impact on users being able to log in or perform any actions, should this field be ticked on their user record?

Ravikumar M1 · ‎02-22-2025

@Reuben2 Did you get the solution for the above issue.

bbf35621 · 3 weeks ago

Anyone can update about whether this will impact SSO or not? I could not find a straightforward answer in the ServiceNow document.

Ambuj Tripathi · 3 weeks ago

Hi @Reuben2

This will not impact the sso logins, since in sso login the user authenticated at the IDP, not in servicenow. moreover, as mentioned in the details, the property is meant to block the API calls (and not UI login) from the user accounts which use basic auth (and not sso) to authenticate and invoke the table APIs even though their account has been marked as password reset upon login.