Prevent All Users from Logging on except for administrators

Not applicable

Hello,

We have an instance going live on Monday morning and would like to prevent all users from logging on from Thursday evening until we go-live. I don't obviously want to remove the accounts from Service-Now nor do I want to have to deactivate there accounts in AD as they need to continue to log on to the network.

I would appreciate anybody's feedback on this.

Thanks
Scott

6 REPLIES 6

Mark Stanger
Giga Sage

You can accomplish this by using an installation exit to override the standard 'Login' installation exit.

http://wiki.service-now.com/index.php?title=Installation_Exits

1) Navigate to 'System Definition -> Installation Exits'
2) Create a new Installation Exit record
3) Name the Installation Exit 'AdminOnlyLogin', set it to 'Active' and set the 'Overrides' field with a value of 'Login' (this is the name of the out-of-box 'Login' installation exit. When you are ready to let all users log in again you can simply de-activate the 'AdminOnlyLogin' installation exit record and everyone will be able to log in again.
4) Use the following script...



gs.include("PrototypeServer");

var Login = Class.create();
Login.prototype = {
initialize : function() {
},

process : function() {
// the request is passed in as a global
var userName = request.getParameter("user_name");
var userPassword = request.getParameter("user_password");

var user = Packages.com.glide.sys.User;

var isAdmin = false;
var rec = new GlideRecord('sys_user');
rec.addQuery('user_name', userName);
rec.query();
if(rec.next()){
//Query the roles table for this user
var rec1 = new GlideRecord('sys_user_has_role');
rec1.addQuery('user', rec.sys_id);
rec1.query();
while(rec1.next()){
if(rec1.role.getDisplayValue() == 'admin'){
isAdmin = true;
break;
}
}
}

var authed = user.authenticate(userName, userPassword);
if (authed && isAdmin)
return user.getUser(userName);

this.loginFailed();

return "login.failed";
},

loginFailed : function() {
var sysMessage = Packages.com.glide.ui.SysMessage;
var message = sysMessage.format("login_invalid");
var GlideSession = Packages.com.glide.sys.GlideSession.get();
GlideSession.addErrorMessage(message);

var userName = request.getParameter("user_name");
var EventManager = Packages.com.glide.policy.EventManager;
EventManager.queue("login.failed", "", userName, "");
}

}


Thanks for your response Mark. I have actually decided that I will disable the LDAP connection until the day we go-live and just use local accounts to logon to SNC.

Thanks again.
Scott


Hi Mark, 

I have been looking at your solution for our upgrade process and was wondering if this also works with SSO? In the instance I am working on, I have the standard login script and a MultiSSOLogin override. Would I have to disable the SSO script when activating the AdminOnlyLogin script?

Thank you,

Jay

Mark Stanger
Giga Sage

I've fully documented the solution I provided below. The script below actually has some problems. Here's the updated solution.

http://www.servicenowguru.com/system-definition/custom-login-validation-installation-exits/