Email MFA in Yokohama

Karine_M
Tera Guru

Hi,

 

With migrate to Yokohama, users without SSO must enable the MFA.

For some users we want to use the Email Authentication only.

When logging in, the user got the message :

Karine_M_0-1751631589438.png

And on the profile page, when clicking on Configure Multi-factor Authentication, Email MFA is not available.

 

 

Karine_M_2-1751631676168.png

Can you tell us how the user can select Email MFA ?

On MFA Context, the MFA Factor Policies are configured : 

Karine_M_3-1751632077851.png

 

Regards,

 

karine

 

1 ACCEPTED SOLUTION

Ambuj Tripathi
ServiceNow Employee
ServiceNow Employee

Hi @Karine_M 

 

There are some additional user level checks which are also required.

 

1: User's email field should not be empty.

 

2: User level notifications should be enabled for the testing user. ( sys_user.notification = 2)

 

3: Please check if the email MFA property and adaptive auth property is enabled in the instance (Email MFA - glide.authenticate.multifactor.email.otp.enabled, Adaptive Auth - glide.authenticate.auth.policy.enabled).

 

4: The Email MFA Factor policy is enabled - https://instance.service-now.com/sys_authentication_policy.do?sys_id=5263ab587761111029fc1646ba5a99a...

AmbujTripathi_1-1751912438665.png

 

Now, if all of the above configurations are correct, then it means the factor policy is evaluating to false for this specific user in the instance.

To verify this, you can enable the adaptive auth debug property in the instance and search with either the Email Factor policy name or policy sys_id. If the policy evaluation result is coming as true, then it wont even show the MFA setup page and it will redirect user to validation page - validate_multifactor_auth_code.do

AmbujTripathi_0-1751912159751.png

 

For the reference, I am putting MFA Factor policy doc link here - https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/integrate/authentication/task...

 

Can you please check above and let me know if the issue still persists. This should fix the issue and take the user to validation page directly. Please try it out and let us know.

 

Thanks!

-Ambuj

View solution in original post

6 REPLIES 6

Hi @Ambuj Tripathi 

 

Your answer help me to found my mistake !!

I can now choose to receive my code by email.

 

Thanks a lot for your help.

 

Regard,

 

Karine

Glad it worked for you!