Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

MFA Setup -- dont want to download a TOTP

Go to solution
Kristin Acree
Mega Sage

‎05-02-2025 05:23 AM - edited ‎05-02-2025 05:24 AM

Some of my users don’t want to use TOTP on a personal phone, don’t have a work phone, or don’t have smartphones at all. While I know they can install an authenticator app, they’d prefer to use email from the start without being forced to download anything.

 

Is there a way to default certain users to email authentication during setup? Most users have work phones, so enforcing the email option for everyone isn’t ideal. Ideally, users should be able to choose their authentication method upfront. Yes, I know email can be set after the second login, but some users don’t want any work-related apps on personal devices. I’m looking for a way to skip the initial TOTP setup and go straight to email for specific users.

 

Screenshot 2025-05-02 at 8.11.11 AM.png

0 Helpfuls
  • 1,228 Views
1 ACCEPTED SOLUTION

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee
In response to Kristin Acree

‎05-12-2025 09:29 AM

You can use the email factor policy to only enforce MFA with email OTP.

In this blog, I have covered SMS OTP, but similar steps can be used for email OTP.

https://www.servicenow.com/community/platform-privacy-security-blog/multi-factor-authentication-with...

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
SotaT
Tera Contributor
In response to Randheer Singh

3 weeks ago

@Randheer Singh 

I want to use element policies to allow email and SMS authentication only for users with specific roles. However, doing so only displays email and SMS options, and other authentication methods like authentication apps or facial recognition are not shown. Is there a way to display all options?

0 Helpfuls