MFA SMS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2025 11:29 PM
I would like to confirm some questions regarding MFA with SMS.
When logging in using SMS, is the value of Multi Factor Type in the sys_user_multi_factor_setup table set to SMS?
Also, is it possible to delete the SMS-based authentication code for each user?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2025 11:34 PM
check this link
Multi-Factor Authentication (MFA) Enforcement FAQ
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2025 11:41 PM
- Navigate to All > Multi-factor Authentication > MFA Context.
- Click the MFA Factor Policies tab.
- Select the Display SMS OTP as an MFA Factor Policy.
This article might help you to setup aswell.
Accept the solution and mark as helpful if it does, to benefit future readers.
Regards,
Sumanth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-08-2025 08:51 AM
Hi @kack l
As the label of the table suggests, this table sys_user_multi_factor_setup stores the recent used factors of the users which are logging using MFA.
Ex 1: If user abel.tuter logs in with 3 factors, i.e. TOTP, Email and SMS, then there will be 3 entries created with combination of user vs factor. Also, one of these factors will be marked as the recent used factor so that when abel.tuter logs in next time, its directly taken to the recent used factor.
Ex 2: If user abraham.lincoln logs in with only 1 factor, i.e. Email, then it will have only one entry and that will be the recent used factor.
So answer to your question is Yes, it will store SMS along with other factor entries as well if user has setup/used other factors also to login in the past (upgrade cases may differe).
I didnt get the second part of the question here. If you are referring to delete the SMS factor entry from this table, you can delete it. But, it will be created again the user logs in with SMS factor next time.
If you want the users to not be able to see the SMS as MFA factor, you can refer to the below docs to set the MFA Factor policy accordingly.
FYI, Servicenow doesn't provide the OOB SMS integrations, and we ask customers to use the third part services like twilio for using SMS as a MFA Factor, so we dont actually store the OTP sent via the SMS.
Let us know if this answered your query.
Thanks!