
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2014 06:47 AM
Hello.
One of my customers did a security audit to SNC application when using SSO.
The auditors came up with moaning about side_door.do to log into instance with local user profile when SSO is not working.
Now the question is if there are any ways to disable side_door.do and
a) only allow for specific users or
b) allow in certain circumstances with prior activation / enabling of side_door.do?
I know that this might cause the system to be inaccessible if SSO is crashed and side_door.do might not be working for ANY enduser.
For sake of discussion with auditors this might be taken as a theoretical situation and customer will need to be aware of high operational risks.
Any idea and argumentation is welcome.
Regards, Erich
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2014 10:24 AM
You can also investigate setting up an entry in sys_public for side_door and make it false. jshatney has the right answer, though, if you don't have a local account then you can't use it successfully anyway.
-Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2014 08:45 AM
If a user does not have a local password in ServiceNow, they cannot login with the side_door.do
You can enable a specific set of users by setting a password for them in their user record.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2014 10:24 AM
You can also investigate setting up an entry in sys_public for side_door and make it false. jshatney has the right answer, though, if you don't have a local account then you can't use it successfully anyway.
-Chris