- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2024 08:11 AM
Hello everyone,
We have LDAP integration to our on-prem Active Directory and Orchestration that automates hundreds of activities, like application access provisioned through AD groups, Oracle accesses provisioned through Mulesoft integration, each of these uses their own service account, non-managed accounts, meaning no one log into those accounts.
For Orchestration, we have the account setup in the Logon As in the MID Server Windows Service. And many PowerShell activities use that account to perform their Orchestration tasks.
My question is, is it possible to enable MFA alongside with those type of accounts?
I'm asking this because our security team may enforce MFA in all accounts, including those, I'm still waiting for more details from them though.
Solved! Go to Solution.
- Labels:
-
Orchestration (ITOM)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2024 04:56 AM
MFA is controlled at the endpoint that you connect to. So for your PowerShell connections from the MID Server, it would only apply if those Windows Servers required MFA for remote PowerShell, which I don't believe is possible today.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2024 04:13 AM
I have similar ask but in Service Catalog Space let me know if you find any idea / suggestion how to perform it. MFA Setup for AD Password Reset(Catalog) - ServiceNow Community
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2024 05:23 AM
That should be doable with not much effort, we did that here. I'll reply in your post later today. I'm on my phone now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2024 04:56 AM
MFA is controlled at the endpoint that you connect to. So for your PowerShell connections from the MID Server, it would only apply if those Windows Servers required MFA for remote PowerShell, which I don't believe is possible today.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2024 05:24 AM
Thanks, Matt.
So far with my research I end up with same conclusion.
Thank you.