How to disable side_door.do

erich_leitzbach
ServiceNow Employee
ServiceNow Employee

Hello.

 

One of my customers did a security audit to SNC application when using SSO.

The auditors came up with moaning about side_door.do to log into instance with local user profile when SSO is not working.

 

Now the question is if there are any ways to disable side_door.do and

a) only allow for specific users or

b) allow in certain circumstances with prior activation / enabling of side_door.do?

 

I know that this might cause the system to be inaccessible if SSO is crashed and side_door.do might not be working for ANY enduser.

For sake of discussion with auditors this might be taken as a theoretical situation and customer will need to be aware of high operational risks.

 

Any idea and argumentation is welcome.

 

Regards, Erich

1 ACCEPTED SOLUTION

cwilker10
Giga Expert

You can also investigate setting up an entry in sys_public for side_door and make it false.   jshatney has the right answer, though, if you don't have a local account then you can't use it successfully anyway.



-Chris


View solution in original post

2 REPLIES 2

jshatney
Mega Expert

If a user does not have a local password in ServiceNow, they cannot login with the side_door.do



You can enable a specific set of users by setting a password for them in their user record.


cwilker10
Giga Expert

You can also investigate setting up an entry in sys_public for side_door and make it false.   jshatney has the right answer, though, if you don't have a local account then you can't use it successfully anyway.



-Chris