maucblancha
ServiceNow Employee

Session Recap: What's New for Authentication in Australia 

Overview

 

Authentication continues to evolve across the ServiceNow platform, and this Platform Academy session highlights the latest innovations introduced in the Australia release. This session covered new capabilities that strengthen security, simplify administration, and make it easier to build secure experiences for users. 

 

The session covered: 

 

- Authentication Factors for AI Voice Agents 

- Portal-specific Authentication (configure it your way)

- API & MCP Server Authentication 

 

 

Authentication Factors for AI Voice Agents

 

The session begins with a deep dive into AI Voice Authentication showing how voice agents securely identify and authenticate callers before performing sensitive actions. Once identified, the caller must verify they are who they claim to be and there are six factor available to do so: KBA (Knowledge-based authentication), soft PIN, TOTP (Time-Based One-Time Passwords), SMS OTP (One-Time Passcodes), OKTA push and email OTP. 

 

Portal-Specific Authentication 

 

Before Australia, SSO was instance-wide and every portal inherited the same IdP (Identity Provider) configuration, in the new release admin can enable portal-specific authentication independently of instance-wide settings, toggle local login on/off per portal, select one or more IdPs per portal and auto-redirect when only one IdP is configured, making authentication easier to manager while supporting a variety of real-world access scenarios. 

 

API & MCP Server Authentication 

 

This session concludes with several enhancements for developers building secure integrations. You'll learn how OAuth scopes in Machine Identity Console make least-privilege APO access easier to implement, how ServiceNow MCP servers can now validate tokens issues by trusted external identity providers. These capabilities strengthen integration security while providing greater flexibility. 

 

Key Takeaways

 

- Learn how AI Voice Agents securely identify and authenticate callers using multiple authentication factors.

- Understand how portal-specific authentication enables different Service Portals to use different identity providers. 

- Discover new least-privilege security improvements for APIs using OAuth scopes and Machine Identity Console.

 

Watch Full Session

 

Want to dive deeper into the topics covered in this recap?

 

Watch the recording here.