Mark service accounts as internal integration users

Go to solution
Dorothy
Tera Contributor

‎10-23-2020 02:55 AM

reference the SN documentation with regards to creating service accounts here, my understanding is that this checkbox should be checked so to prevent someone from logging into SN as a normal user would. 

I would like to know that if SSO is enabled, then the ServiceNow login box may not even be presented. In such a case what is best practice? Is this required to be checked in such a scenario or is just a matter of choice? 

0 Helpfuls
  • 9,060 Views
1 ACCEPTED SOLUTION

Go to solution
Ashutosh Munot1
Kilo Patron
Kilo Patron

‎10-24-2020 03:07 PM

HI,

There is a risk always if you dont check this box as true. If you have a smart engineer from the team with whom you share this details he can try to login to servicenow using the side_door.do or login.do page.


If this pages are disabled then you have no issues. But if not then he can login to this instance using this credentials and if the box is not true. If it is true it will prevent this from happening.


Thanks,
Ashutosh

View solution in original post

6 REPLIES 6

Go to solution
Willem
Giga Sage
Giga Sage

‎10-23-2020 03:04 AM

Hi Dorothy,

The Internal Integration User check box is used for Integration accounts to not be able to log into the User Interface of ServiceNow.

If you want to prevent regular users from accessing the Login screen you should not use Internal Integration User check box.

 

If you want to disable the login page, have a look at these community questions:

https://community.servicenow.com/community?id=community_question&sys_id=4d4d31c9dbc950505ed4a851ca96...

 

https://community.servicenow.com/community?id=community_question&sys_id=8fa483e9dbd8dbc01dcaf3231f96...

 

Also refer to this ServiceNow Docs article:

https://docs.servicenow.com/bundle/orlando-platform-administration/page/integrate/single-sign-on/ref...

Go to solution
Dorothy
Tera Contributor

‎10-23-2020 06:37 AM

Yes, that's right..But my question is that since SSO is enabled, we anyways will not get the ServiceNow login page, rather the organisation identity mgmt will take care of that. Therefore, for the service accounts is it required to keep this checkbox checked? External unauthorised users may not be able to login using service account because SSO will take care of it anyways. So is this checkbox redundant in this case? 

0 Helpfuls

Go to solution
Willem
Giga Sage
Giga Sage
In response to Dorothy

‎10-23-2020 08:33 AM

Yes and no.

Yes, you are right, since no user uses the login page it seems redundant.

No, because it is more then the login page. Regular users still use the User Interface (UI) where for an integration account this should not be possible. The checkbox makes sure those accounts can not be used to access the UI in any way.

 

0 Helpfuls

Go to solution
sachin_namjoshi
Kilo Patron
Kilo Patron
In response to Dorothy

‎10-23-2020 08:41 AM

IT's not required to keep this checkbox for service accounts since service accounts are not end user accounts.

They are usually used in integrations, AD, etc.

 

Regards,

Sachin

0 Helpfuls