Our company's MFA fails when "glide.authenticate.mfa.with.multisso.enabled" is enabled
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2025 08:21 PM
We recently upgraded our ServiceNow sub-production instances from Xanadu to Yokohama and are
currently conducting UAT.
During testing, we received a notification that MFA will be enabled for all users performing non-SSO logins and that action is required (review KB1700938).
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1700938
The document states that for existing customers upgrading their instance to Yokohama or later releases,
if the instance does not already have the adaptive authentication – MFA context policy enabled, a
default MFA policy will be automatically activated.
If record "glide.authenticate.mfa.with.multisso.enabled" is disabled in sys properties (which is our current setup), when logging in with either a local account, or via SSO, we are prompted for MFA using our Microsoft
Authenticator app. A number is displayed on the screen, which we enter into the Microsoft
Authenticator app, or we can opt to receive an SMS.
If record "glide.authenticate.mfa.with.multisso.enabled" is enabled in sys properties, our users will be prompted for ServiceNow's MFA in addition to our current MFA setup when logging into ServiceNow.
I need help to ensure our existing MFA (company default MFA ) is not impacted by the proposed change that ServiceNow is planning when enabling MFA by default as per the KB.
Can you please advise how to achieve this desired outcome?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2025 09:15 PM
Hi,
Only local servicenow users as well as LDAP users will be impacted by the MFA that gets activated in Yokohama.
If you are using SSO where you gets redirected for authentication then the users shouldnt be impacted in any way.
If you insist of disabling the MFA enforcement in Yokohama then its possible though not recommended.
Disable:
Go to Multi-factor Authentication --> MFA Context --> Deactivate Policy
Go to: https://<instance>.service-now.com/system_properties_ui.do?sysparm_use_polaris=false&sysparm_category=MultifactorAuthDisable&sysparm_title=Reason%20for%20Turning-off%20Multi-factor%20Authentication
Provide a reason for turning off MFA --> Save
Go to Multi-factor Authentication --> Properties --> Remove check on "Enable Multi-factor authentication" and Save
Re-Enable:
Go to Multi-factor Authentication --> MFA Context --> Activate Policy
Reason is reset and MFA property is enabled again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2025 08:40 PM
Hi Simon,
Thank you for your response to my question on the community forum. Your ideas have given me some good options to explore. I will look into them and see how they work out. Many thanks for your valuable input!
