MFA for Multiuser Group Instance

melissastic · 3 weeks ago

Hi everyone,
We are using a ServiceNow group/learning instance to simulate a real-world GRC environment (different roles like admin, risk analyst, auditor, approver, etc.). MFA is enforced, and we understand it cannot be disabled.

Issue: We want to avoid a shared login where one person has to approve MFA codes for the entire group. We tried adjusting MFA properties, but the settings revert back and MFA remains enforced.

Question: What is the recommended, supported approach for multi-user access in a learning/group instance?

Should each participant be created as a separate user in the group instance and enroll their own MFA, then be assigned roles?
Or is there another supported method to simulate multiple roles without one person being the MFA approver for everyone?
Thanks in advance.

GlideFather · 3 weeks ago

Hi @melissastic,

yes, the MFA is enforced by default but good news: IT IS possible to disable or adjust!!! ;))

There's a sys property:

glide.authenticate.multifactor

https://yourinstance.service-now.com/nav_to.do?uri=sys_properties.do?sys_id=562c1882d713310091204187ed6103b9

And some more to adjust the MFA as you want:

The above is to enabled/disable for all with no exceptions, but if you want to make exceptions, then navigate to the MFA Context and you can define the policies and conditions for authentication as per your need - who is enforced, who is not....

https://yourinstance.service-now.com/nav_to.do?uri=sys_mfa_policy_context.do?sys_id=c4895d9373512010616ca9843cf6a79f

Read the Docs: Multi-factor Authentication context

_____
No AI was used in the writing of this post. Pure #GlideFather only