multi-factor authentication

Go to solution
Detlef Biederma
Tera Expert

‎04-22-2024 06:11 AM

Hello 

 

We plan to enable MFA.  Goal:  every user should use multi-factor auth.  

Possible ways:

  • user based:  set   sys_user.enable_multifactor_authn  = true 
  • role based:  set "Multi-factor Criteria" to one or more specific roles
  • group/ip based:

 

If I try to go a simple way:  

  • scheduled job (every hour):  set  sys_user.enable_multifactor_authn  = true   for all users
    would it initiate problems for technical users (interface users)   (not human's)  ?

Sincerely Detlef Biedermann

 

 

0 Helpfuls
  • 812 Views
1 ACCEPTED SOLUTION

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎04-22-2024 07:39 AM

Hi @Detlef Biederma ,
You should explore using adaptive authentication - MFA context policy to enforce MFA dynamically based on a policy.

You can create a policy that always evaluates to true. For example, you can use the authentication scheme filter criteria.

Here is the documentation for the feature. Here is the NowLearning course on Adaptive Authentication.
Please let me know if you want an example policy.

Thanks,

Randheer

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎04-22-2024 07:39 AM

Hi @Detlef Biederma ,
You should explore using adaptive authentication - MFA context policy to enforce MFA dynamically based on a policy.

You can create a policy that always evaluates to true. For example, you can use the authentication scheme filter criteria.

Here is the documentation for the feature. Here is the NowLearning course on Adaptive Authentication.
Please let me know if you want an example policy.

Thanks,

Randheer

0 Helpfuls

Go to solution
Detlef Biederma
Tera Expert
In response to Randheer Singh

‎04-23-2024 06:14 AM

Thanks for the feedback.  

I was not aware, that there is an other property to enable "MFA context":

DetlefBiederma_0-1713878014181.png

in addtion to:

DetlefBiederma_1-1713878048754.png

Now I can elaborate a lot more functionality.

Thanks.

0 Helpfuls

Go to solution
Amit Pandey
Kilo Sage

‎04-22-2024 08:26 AM

Hi @Detlef Biederma 

 

As per my understanding, scheduled jobs for MFA will be an aggressive measure. You may bump into unknown errors. I agree with Mr. @Randheer Singh. You should explore-

 

https://www.youtube.com/watch?v=rIQNf4M7LyU

 

Regards,

Amit

Getting started with Adaptive Authentication for Trusted Mobile Apps
Getting started with Adaptive Authentication for Trusted Mobile Apps
youtube.com/watch?v=rIQNf4M7LyU
In the video we show you how to activate and configure Adaptive Authentication for Trusted Mobile Apps, and how to register trusted devices for accessing the Now mobile app. This video covers: 00:00 Intro 00:28 Installing the plug-in 00:36 Enabling Adaptive Authentication properties 00:49 Defining
0 Helpfuls

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee
In response to Amit Pandey

‎04-22-2024 11:07 AM

Hi @Amit Pandey ,

The YouTube link is pointing to an entirely different feature supported by adaptive authentication. Could you please update or remove it to avoid confusion? 
Thanks,

Randheer

0 Helpfuls