- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2025 07:32 AM
Hi,
We use MFA for external customers which works fine but we've recently noticed that when the 'Don't challenge for MFA on this browser for the next 8 hours' tickbox is ticked it only works for 1 hour, i.e., it won't challenge for MFA for the first hour but will then revert and challenge for MFA after 1 hour has passed. As per the MFA properties product doc I've checked the sys_property 'glide.authenticate.multifactor.browser.fingerprint.validity' and this is set to 8 which should be effective for 8 hours, and the sys_property 'glide.authenticate.multifactor.remember.browser.enable' is also set to true: https://www.servicenow.com/docs/bundle/utah-platform-security/page/integrate/authentication/referenc...
Is anybody able to confirm if this is expected behaviour or if there's potentially something else I can check or refer to to restore the 8 hour MFA fingerprint validity? Our session timeout is set to 60 mins, so I was wondering if that has an impact but it seems unlikely since I've tested on our dev instance and reduced the session timeout to 5 mins and it worked fine.
Many thanks in advance, any help would be greatly appreciated!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2025 07:48 AM
Hello @SNAdmin47
Sure, do let me know.
Kindly mark my answer as helpful and accept solution if it helped you in anyway,
Regards,
Shivalika
My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194
My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2025 06:15 AM
Hi @Ankur Bawiskar My colleague still has an open ticket for it and is still awaiting feedback from the business stakeholders, but we've advised them that from the disparity in our testing with different browsers, and also using different security settings and versions on browsers, we believe this is most likely due to browser configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2025 07:41 AM
Hello @SNAdmin47
Technically I would say its happening because of session timeout, but since you already mentioned that you tried it out in sub instance and it worked fine.
But I feel behavior maybe different for sub production instances, maybe.
Try deleting this property, obviously after taking backup and creating a fresh one with 8 as value and also, try changing the session timeout for once in prod and check if possible ?
Kindly mark my answer as helpful and accept solution if it helped you in anyway,
Regards,
Shivalika
My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194
My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2025 07:45 AM
Hi @Shivalika,
Thanks, good suggestion on temporarily changing the session timeout on prod and re-testing. I'll give that a go to at least discount the potential (or not), and potentially re-create the sys_property.... so thanks again for the suggestion. I'll come back and confirm once I've tested.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2025 07:48 AM
Hello @SNAdmin47
Sure, do let me know.
Kindly mark my answer as helpful and accept solution if it helped you in anyway,
Regards,
Shivalika
My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194
My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2025 04:45 AM
I've had someone do a load of testing and there seems to be an inconsistency in the end results depending on the browser being used (Firefox keeps asking for MFA after and hour, whilst Chrome/Edge lasts for appx 6-7 hours), so we suspect this is a browser configuration affected issue rather than a ServiceNow configuration issue. Which is nice because that means I 'can't' do anything about it and it's someone else's problem #winning