How to disable side_door.do

Go to solution
erich_leitzbach
ServiceNow Employee
ServiceNow Employee

‎01-28-2014 06:47 AM

Hello.

 

One of my customers did a security audit to SNC application when using SSO.

The auditors came up with moaning about side_door.do to log into instance with local user profile when SSO is not working.

 

Now the question is if there are any ways to disable side_door.do and

a) only allow for specific users or

b) allow in certain circumstances with prior activation / enabling of side_door.do?

 

I know that this might cause the system to be inaccessible if SSO is crashed and side_door.do might not be working for ANY enduser.

For sake of discussion with auditors this might be taken as a theoretical situation and customer will need to be aware of high operational risks.

 

Any idea and argumentation is welcome.

 

Regards, Erich

0 Helpfuls
  • 7,137 Views
1 ACCEPTED SOLUTION

Go to solution
cwilker10
Giga Expert

‎02-06-2014 10:24 AM

You can also investigate setting up an entry in sys_public for side_door and make it false.   jshatney has the right answer, though, if you don't have a local account then you can't use it successfully anyway.



-Chris


View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
jshatney
Mega Expert

‎02-06-2014 08:45 AM

If a user does not have a local password in ServiceNow, they cannot login with the side_door.do



You can enable a specific set of users by setting a password for them in their user record.


0 Helpfuls

Go to solution
cwilker10
Giga Expert

‎02-06-2014 10:24 AM

You can also investigate setting up an entry in sys_public for side_door and make it false.   jshatney has the right answer, though, if you don't have a local account then you can't use it successfully anyway.



-Chris


0 Helpfuls