Orchestration, LDAP and MFA authentication

Luiz Lucena · ‎01-05-2024

Hello everyone,

We have LDAP integration to our on-prem Active Directory and Orchestration that automates hundreds of activities, like application access provisioned through AD groups, Oracle accesses provisioned through Mulesoft integration, each of these uses their own service account, non-managed accounts, meaning no one log into those accounts.
For Orchestration, we have the account setup in the Logon As in the MID Server Windows Service. And many PowerShell activities use that account to perform their Orchestration tasks.

My question is, is it possible to enable MFA alongside with those type of accounts?

I'm asking this because our security team may enforce MFA in all accounts, including those, I'm still waiting for more details from them though.

MattSN · ‎01-10-2024

MFA is controlled at the endpoint that you connect to. So for your PowerShell connections from the MID Server, it would only apply if those Windows Servers required MFA for remote PowerShell, which I don't believe is possible today.

View solution in original post

VB14 · ‎01-10-2024

I have similar ask but in Service Catalog Space let me know if you find any idea / suggestion how to perform it. MFA Setup for AD Password Reset(Catalog) - ServiceNow Community

Luiz Lucena · ‎01-10-2024

That should be doable with not much effort, we did that here. I'll reply in your post later today. I'm on my phone now.

MattSN · ‎01-10-2024

MFA is controlled at the endpoint that you connect to. So for your PowerShell connections from the MID Server, it would only apply if those Windows Servers required MFA for remote PowerShell, which I don't believe is possible today.

Luiz Lucena · ‎01-10-2024

Thanks, Matt.

So far with my research I end up with same conclusion.

Thank you.