Zurich Release – MFA Is Now Mandatory

InsideDSpace · ‎08-28-2025

The Zurich release of ServiceNow has introduced an important change that impacts every user: Multi-Factor Authentication (MFA) is now built-in and mandatory.

For a long time, MFA has been recommended as a best practice to secure accounts. But with Zurich, ServiceNow has taken a stronger stance — MFA is no longer optional.

-> What happens when you log in?

When users log into their Zurich instance, they’ll immediately see a new enrollment banner on the homepage.
• This banner starts a 30-day countdown for setting up MFA.
• During the countdown, you can continue working normally.
• Once the countdown ends, MFA setup is enforced at login — you won’t be able to access the instance until it’s completed.

This ensures that no user is left without an additional layer of protection.

🔑 How to Set Up MFA in Zurich?

I’ve created a short video walkthrough where I explain each method in detail and show the setup process step by step.

👉 Watch full video here- https://youtu.be/rltfOEWbccI?si=EHISEg40AeJsTVdj

Let me know your thoughts!

#ZurichRelease #ZurichFeatures

Community Alums · ‎10-14-2025

I've since had a play with this and found the system does allow you to disable in the MFA properties.

First go to the MFA property and try to toggle 'Enable Multi-factor authentication' to off. This would bring up a message highlighting the importance of MFA but to click 'here' to provide a reason. I chose temporarily switching off.

Then you'll need to go to the MFA Context and under the related links there's 'Deactivate Policy'. Once deactivated you should now be able to untick 'Enable Multi-factor authentication'.

We're only deactivating for a very short period of time and my post is in no way discouraging the use of MFA.

valesky · ‎10-29-2025

Hello,

my question is , if we deactivate the "Enable mutifactor authentication" , is possible to have it deactivated for more than 30 days? or it is automatically enabled after 30 days?

Thank you

Ambuj Tripathi · ‎10-29-2025

@valesky Why do you want to disable the MFA feature altogether? You can exempt the MFA for a set of users instead of deactivating it.

We are taking this conscious decision to enable the MFA in all the customer instances to increase

the security posture of customer instances.

May I know what's the issue you are facing or the use case you are trying to implement? Or is it that you want to disable since you are using the MFA provided by the Identity Provider?

Please feel free to reach out to servicenow support before disabling it if you are facing any issues with MFA as such or if you have any specific use case which you aren't able to achieve using the available configurations currently.

Thanks!

valesky · a month ago

Hello Ambuji,

actually i would like to disable MFA after upgrade in production only temporary until the customer will complete all the verification on internal policy and communication procedures necessary about the future activation of MFA.

For this verification the customer could need more than 30 days, I don't exactly when they will complete these verifications.

For this reason I would like to know if this limit of 30 days is mandatory or we can postpone for more days until the customer is ready to activate it.

Thank you,

Valentina

GrahamK · 3 weeks ago

Would appreciate a second opinion on my findings related to CSM Portal users (customers).
Having upgraded to Zurich from Xanadu, and with the enforcement of MFA for all users, we had been expecting an announcement to appear for on the CSM Portal advising customers of the introduction of MFA, yet this has not occurred.
Is this what is expected and we should make our own announcements?
Or perhaps something else is not configured appropriately?

Many thanks
Graham