https://www.servicenow.com/community/servicenow-ai-platform-articles/tokyo-highlight-adaptive-authentication-for-trusted-mobile-apps/ta-p/2315080 <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">New in the ServiceNow Tokyo release for identity and authentication is the <A href="https://docs.servicenow.com/bundle/tokyo-platform-security/page/integrate/authentication/concept/mobile-adaptive-authentication.html">Adaptive Authentication for Trusted Mobile Apps</A> functionality.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">Introduced originally in Quebec, <A href="https://docs.servicenow.com/bundle/tokyo-platform-security/page/integrate/authentication/concept/adaptive-authentication.html">Adaptive Authentication</A> caters for a way of allowing or restricting access to the ServiceNow platform for users or integrations via API both before <SPAN style="font-style: italic;">and</SPAN> after authenticating, based on roles, groups or the originating IP address. In practice, this means that restricting ServiceNow instance access via the traditional <A href="https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/login/task/t_AccessControl.html">IP Address Access Controls</A> that can be applied can in effect remain for internal workloads but your customer facing portal could now be accessed from anywhere by giving those controls more granularity, that is, by user roles or group memberships.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">Adaptive Authentication for Trusted Mobile Apps will allow Mobile Device Management (MDM) enrolled mobile devices to use the Now Mobile app from an network that isn’t trusted.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">Adaptive authentication can be configured to trust a particular Now Mobile app via a filter as an Adaptive Authentication Policy which when the app attempts to communicate with your ServiceNow instance, it confirms the linkage between the user account and the trusted Now Mobile app. All of the available Now Mobile login methods are supported (Username/Password, SAML, OIDC, and MFA) with this feature.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">Importantly, to allay the fears of your IT security team, there are a whole suite of controls, events and metrics in support of this new functionality. The total allowed registered device count can be restricted, end users that change device can require re-registration of their new device, and standard security logging events are captured, such as signature failures, cookie validation failures and invalid tokens. Plus <A href="https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/security/concept/instance-sec-center-adaptive-auth-metrics.html">adaptive authentication metrics</A> can be viewed directly within the platform in the Instance Security Center including Policy Results Rates, Denied IP Addresses, Authentication User Logins, and API User Logins - and of course all of these can be sent to their SIEM.</P> Sun, 07 Aug 2022 08:21:50 GMT Robert Maxwell 2022-08-07T08:21:50Z https://www.servicenow.com/community/servicenow-ai-platform-articles/tokyo-highlight-adaptive-authentication-for-trusted-mobile-apps/ta-p/2315080 <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">New in the ServiceNow Tokyo release for identity and authentication is the <A href="https://docs.servicenow.com/bundle/tokyo-platform-security/page/integrate/authentication/concept/mobile-adaptive-authentication.html">Adaptive Authentication for Trusted Mobile Apps</A> functionality.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">Introduced originally in Quebec, <A href="https://docs.servicenow.com/bundle/tokyo-platform-security/page/integrate/authentication/concept/adaptive-authentication.html">Adaptive Authentication</A> caters for a way of allowing or restricting access to the ServiceNow platform for users or integrations via API both before <SPAN style="font-style: italic;">and</SPAN> after authenticating, based on roles, groups or the originating IP address. In practice, this means that restricting ServiceNow instance access via the traditional <A href="https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/login/task/t_AccessControl.html">IP Address Access Controls</A> that can be applied can in effect remain for internal workloads but your customer facing portal could now be accessed from anywhere by giving those controls more granularity, that is, by user roles or group memberships.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">Adaptive Authentication for Trusted Mobile Apps will allow Mobile Device Management (MDM) enrolled mobile devices to use the Now Mobile app from an network that isn’t trusted.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">Adaptive authentication can be configured to trust a particular Now Mobile app via a filter as an Adaptive Authentication Policy which when the app attempts to communicate with your ServiceNow instance, it confirms the linkage between the user account and the trusted Now Mobile app. All of the available Now Mobile login methods are supported (Username/Password, SAML, OIDC, and MFA) with this feature.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">Importantly, to allay the fears of your IT security team, there are a whole suite of controls, events and metrics in support of this new functionality. The total allowed registered device count can be restricted, end users that change device can require re-registration of their new device, and standard security logging events are captured, such as signature failures, cookie validation failures and invalid tokens. Plus <A href="https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/security/concept/instance-sec-center-adaptive-auth-metrics.html">adaptive authentication metrics</A> can be viewed directly within the platform in the Instance Security Center including Policy Results Rates, Denied IP Addresses, Authentication User Logins, and API User Logins - and of course all of these can be sent to their SIEM.</P> Sun, 07 Aug 2022 08:21:50 GMT https://www.servicenow.com/community/servicenow-ai-platform-articles/tokyo-highlight-adaptive-authentication-for-trusted-mobile-apps/ta-p/2315080 Robert Maxwell 2022-08-07T08:21:50Z https://www.servicenow.com/community/servicenow-ai-platform-articles/tokyo-highlight-adaptive-authentication-for-trusted-mobile-apps/tac-p/2434900#M3379 <DIV class="lia-quilt-row lia-quilt-row-message-header-top"> <DIV class="lia-quilt-column lia-quilt-column-24 lia-quilt-column-single lia-quilt-column-message-header-top-content"> <DIV class="lia-quilt-column-alley lia-quilt-column-alley-single"> <DIV class="lia-message-subject lia-component-message-view-widget-subject"> <DIV class="MessageSubject"> <DIV class="MessageSubjectIcons "> <H1 class="message-subject"><SPAN class="lia-message-read">Steps to&nbsp;<A id="link_9" class="page-link lia-link-navigation lia-custom-event" href="https://www.servicenow.com/community/now-platform-articles/migrating-from-ip-address-access-control-to-adaptive/ta-p/2409855" target="_self">migrate from IP address access control to Adaptive Authentication to use the trusted mobile app feature.</A></SPAN></H1> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> <DIV class="lia-quilt-row lia-quilt-row-message-header-main">&nbsp;</DIV> <DIV class="lia-quilt-row lia-quilt-row-message-header-bottom"> <DIV class="lia-quilt-column lia-quilt-column-18 lia-quilt-column-left lia-quilt-column-message-header-bottom-left"> <DIV class="lia-quilt-column-alley lia-quilt-column-alley-left"> <DIV class="lia-message-author-avatar">&nbsp;</DIV> </DIV> </DIV> </DIV> Thu, 05 Jan 2023 18:44:49 GMT https://www.servicenow.com/community/servicenow-ai-platform-articles/tokyo-highlight-adaptive-authentication-for-trusted-mobile-apps/tac-p/2434900#M3379 Randheer Singh 2023-01-05T18:44:49Z https://www.servicenow.com/community/servicenow-ai-platform-articles/tokyo-highlight-adaptive-authentication-for-trusted-mobile-apps/tac-p/2562755#M3612 <P>Not able to use trusted mobile app criteria in Post authentication context. Do you know how it works?</P><P>&nbsp;</P> Tue, 16 May 2023 08:56:42 GMT https://www.servicenow.com/community/servicenow-ai-platform-articles/tokyo-highlight-adaptive-authentication-for-trusted-mobile-apps/tac-p/2562755#M3612 Varun Batra 2023-05-16T08:56:42Z