How to disable Yokohama MFA enforcement if you have SSO enabled already

CarolMa6
Tera Expert

‎03-25-2025 01:09 AM

Hi, 

 

I need your help here. 

 

Company ABC already has MFA and SSO enabled, and documentation says 

"Beginning in Yokohama, ServiceNow is going to begin enforcing MFA by default for any internal local logins, meaning any login that is not through a Single Sign-On (SSO) provider or from a Service Account." We upgraded to Yokohama patch 1 and this is enabled by default how can we disable this functionality since it says MFA should not be enforced if you use SSO?
 
Regards 
CarolMa
0 Helpfuls
  • 2,961 Views
11 REPLIES 11

Community Alums
Not applicable

‎03-25-2025 01:42 AM

Hi @CarolMa6 ,

As per ServiceNow, Starting Yokohama MFA is mandatory!!

 

Can I disable MFA?

Although it’s technically possible to configure exceptions to this MFA policy, we strongly advise against doing so and recommend consulting your security team first.

Allowing exceptions would potentially weaken the overall security framework, exposing your accounts to greater risks. Mandating compliance with the MFA requirements helps organizations take a proactive stance on safeguarding their data and maintaining the highest security standards.

Also, refer to this KB:  Multi-Factor Authentication (MFA) Enforcement FAQ 

 

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron

‎03-25-2025 01:54 AM

Hi @CarolMa6 

I completely agree with @Sandeep Dutta and won’t repeat the same points. MFA has been implemented for a reason, and disabling it could introduce risks. You can refer to the provided link or log a ServiceNow support case for further assistance.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

CarolMa6
Tera Expert

‎03-25-2025 02:02 AM

@Dr Atul G- LNG @Community Alums Then to login to the instances user's need to authenticate 3 times?

Company SSO-->Company MFA-->ServiceNow MFA? I understand that it is mandatory and enforced by ServiceNow, but it also says if you have this in place you don't need the ServiceNow MFA? did I misunderstand the documentation?

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to CarolMa6

‎03-25-2025 02:10 AM

Hi @CarolMa6 

 

No, your understanding is correct. This means that if you are already using MFA, then you can disable ServiceNow MFA.

If you are still unsure about whether to disable it or not, it's best to log a ServiceNow support case for full clarity. MFA impacts everyone simultaneously, and disabling it without proper understanding could create unnecessary panic if it doesn’t work as expected.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************