Announcing Zero Trust- Continuous Authentication

Strengthening Security with Continuous Authentication

We are excited to introduce Zero Trust Continuous Authentication (CA) in the Yokohama release—an advanced security capability that continuously verifies user identity beyond the initial login. This feature aligns with Zero Trust security principles by ensuring that users accessing sensitive resources remain who they claim to be throughout their session.

Why Continuous Authentication?

Traditional authentication methods verify a user only at login, leaving organizations vulnerable if credentials are compromised during a session. Continuous Authentication dynamically enforces step-up authentication or re-authentication based on resource sensitivity, user actions and security policies. This ensures that high-risk actions trigger additional verification, reducing the risk of account takeovers and unauthorized access to sensitive data.

Key Capabilities

• Adaptive Re-authentication – Enforces SSO re-authentication/MFA enforced by the SSO provider (for SSO logins) or Platform-provided MFA (for local login) when users attempt to access protected data.
• Zero Trust Enforcement – Assumes breach and enforces explicit verification to mitigate security threats.
• Granular Security Policies—Enables table—or data-class-level policies, ensuring step-up authentication is enforced based on access context.
• High Assurance Sessions – Establishes a secure session for privileged actions, reducing the frequency of authentication prompts for verified users.
• Real-time Risk Mitigation – Prevents unauthorized access even if a session is hijacked by continuously verifying user identity.

How It Works

1. Admins define policies to enforce step-up authentication when users access personally identifiable information (PII) or other sensitive data. Policies can be created for a data class or a group of tables.

2. If a user attempts to access the data protected by CA policies, MFA (for local login) or SSO re-authentication/MFA enforced by the SSO provider (for federated login)  is triggered based on policy settings.
3. Users can create High Assurance Sessions proactively, allowing seamless, secure access for a defined duration.
4. Audit logs track authentication events, helping security teams analyze access patterns and detect anomalies.

Real-World Use Cases

• Financial Services & Healthcare – Enforce re-authentication before accessing financial records, patient data or other sensitive information.
• Privileged Admin Access – Require MFA for admin actions, reducing risk from compromised accounts.
• Regulated Industries – Meet compliance standards with continuous identity verification.

Getting Started

The Zero Trust - Continuous Authentication is available as a licensed feature in the Yokohama release. To enable it:

1. Install the Zero Trust - Continuous Authentication (com.snc.zero_trust_continuous_authentication) plugin. ServiceNow Vault or ServiceNow Zero Trust Access license is required for this plugin.
   
   

2. Set up step-up authentication with MFA or IdP-based re-authentication.

3. Configure policies at the data class or table level.
   
   

    

   
   
   

4. Enable the system properties.
   
   

When a user accesses tables protected with a CA policy, they are prompted to reverifying their identity.

After successful verification, the user can access the sensitive data.

For SSO logins, the continuous authentication feature supports both re-authentication and MFA provided by the identity providers.

To learn more, visit our documentation.

Upgrade to Yokohama and embrace Zero Trust security with Continuous Authentication today!