Is it possible to disable email MFA options?

shun6
Giga Sage

‎04-21-2023 02:53 AM

Hi all,

I upgraded my instance from San Diego to Utah.

In San Diego version, I configured only app MFA option to login to the instance, but in Utah email option appeared.

 I want disable email option and force users to use app MFA authentication.

Where can I configure? 

 

shun6_0-1682070219853.png

 

0 Helpfuls
  • 921 Views
2 REPLIES 2

Community Alums
Not applicable

‎04-21-2023 03:20 AM

Hi @shun6 ,

MFA with Email is activated with the Integration - Multifactor Authentication (com.snc.integration.multifactor.authentication) plugin by default. You need to configure the policy inputs and conditions.

When users attempt to login to ServiceNow, Email OTP is sent to the Email address associated. User's can enter the six-digit verification code that it sent to the email address and verify their identity.

Follow the steps and try to meet your requirement : https://docs.servicenow.com/bundle/utah-platform-security/page/integrate/authentication/task/configu...

 

Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎04-24-2023 04:10 AM

Hi @shun6 

If you are not using adaptive authentication MFA context policy to enforce MFA, you can set this property to false

glide.authenticate.multifactor.email.otp.enabled

 

Bonus tip: You can simplify MFA using webAuthN/FIDO2.
Activate Integration - Web Authentication (com.snc.integration.webauthn) to allow hardware key or biometric authenticators like windows hello or TouchID/FaceID on your instance.