- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 09:35 PM
Is it possible to allow vendor contacts (third-party contacts) to login using local authentication in an instance with Account Recovery enabled?
When enabled, Account Recovery prevents local logins except for configured Account Recovery users. This is preventing newly created vendor contacts from successfully logging into the svdp portal. Disabling Account Recovery resolves the login issue, but this solution is not ideal because the Account Recovery tool is recommended by ServiceNow to provide enhanced security.
Thanks for any insights you can provide!
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2024 06:28 AM
yes, it is absolutely possible. You can modify the policy associated with the account recovery context. You can add a new condition in the policy to allow vendor users.
You can create a role filter criteria with the vendor contact role and use it in the account recovery context allow policy.
Here is the documentation
https://docs.servicenow.com/bundle/utah-platform-security/page/integrate/single-sign-on/concept/acco...
Thanks,
Randheer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 11:54 PM
Hi @Lane3
as you can read on https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/single-sign-on/concept... the account recovery feature is only intended for
- scenarios with enabled SSO
- user with admin roles & resposibilities
To my mind, it's highly critical and a security breach if you assign a vendor the acr_admin role!
From a customer instance with enabled SSO I can tell you, that we don't have enabled account recovery.
Maik

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2024 06:28 AM
yes, it is absolutely possible. You can modify the policy associated with the account recovery context. You can add a new condition in the policy to allow vendor users.
You can create a role filter criteria with the vendor contact role and use it in the account recovery context allow policy.
Here is the documentation
https://docs.servicenow.com/bundle/utah-platform-security/page/integrate/single-sign-on/concept/acco...
Thanks,
Randheer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2024 08:06 AM
Thank you @Randheer Singh!