The Zurich release has arrived! Interested in new features and functionalities? Click here for more

How to block local logins and allow only SSO user logins in ServiceNow? -- Part1

Ambuj Tripathi
ServiceNow Employee
ServiceNow Employee

on ‎07-17-2025 03:02 PM

Hello Everyone!

 

Here I have demostrated how can you configure the Adaptive Authentication policy to allow the sso user logins and block the local logins via two different approaches and both these approaches are available in the Servicenow out of box, without customising any single lines of scripts.

 

Recommended Playback speed - 1.25x

 

 

Text I have used during the demostration - 

Demo - How to create a policy that blocks the local logins and allow only SSO user logins.

Requirement -
- Local logins should be blocked.
- SSO Users (users logging in via SAML or OIDC Identity provider ) should be allowed to login.

Additional Requirement -
- There should be exceptions to allow a few handful users to do the local login
- This exception can be based on the specific users, groups or user roles.
- These users should have full admin access (optional).

Approach 1:
- Use the existing Account Recovery feature. There is already a feature which caters this exact requirement.
- If we want to cater the additional requirements, then we may have to make additional changes in the existing policy or create a new policy for Account Recovery Context.
- https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/integrate/single-sign-on/conc...
- https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/integrate/single-sign-on/conc...

Approach 2:
- Use the Post Auth Policy context of Adaptive Authentication framework and modify the policy to handle both main requirement and additional requirements.
- https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/integrate/authentication/conc...

-----------------------------------------------------------------------------------------------------------------------------------------
Filters which are to be used -
1: Role Filter Criteria - hasAdminRole (role = admin)
2: Authentication Type ( Authentication type = username and password / SSO Login)
-----------------------------------------------------------------------------------------------------------------------------------------

 

I will be adding additional details about below points - 

1: Why Account Recovery approach is recommended?

2: What to do additionally to secure the local logins if you are allowing some privileged users (with sensitive roles like admin, user_admin etc) to do local login?

0 Helpfuls
  • 629 Views
Comments
Community Alums
Not applicable
‎07-17-2025 06:24 PM

Great demonstration! I appreciate how clearly you showcased both approaches to restrict local logins and allow only SSO logins using ServiceNow's OOTB capabilities — without any custom scripts. The comparison between the Account Recovery method and the Post Auth Policy context was especially helpful. I also liked how you covered the ability to create exceptions for privileged users using role or group-based filters.

Looking forward to the follow-up where you'll explain why the Account Recovery method is more recommended, and how to enhance local login security for users with sensitive roles like admin or user_admin. These insights are crucial for maintaining a balance between security and operational flexibility in real-world implementations. Thanks for sharing this!

Dinesh90
Tera Contributor
‎07-21-2025 03:09 AM

@Ambuj Tripathi  : your video is not visible to me, its showing only the white blank screen in the above post and no option to play the video.

0 Helpfuls
Ambuj Tripathi
ServiceNow Employee
ServiceNow Employee
‎07-21-2025 12:52 PM

Hi @Dinesh90 

 

Here is the direct link of the Youtube Video - https://youtu.be/WH3jQh-OY-0?list=PLz3uBEja_oGWkIbQQs9wzW7AhsHweKmiA

 

Cheers!

Dinesh90
Tera Contributor
‎07-22-2025 04:57 AM

Great thanks @Ambuj Tripathi 

0 Helpfuls
Version history
Last update:
‎07-17-2025 03:00 PM
Updated by:
ServiceNow Employee
Contributors