How to disable Yokohama MFA enforcement if you have SSO enabled already

CarolMa6
Tera Expert

‎03-25-2025 01:09 AM

Hi, 

 

I need your help here. 

 

Company ABC already has MFA and SSO enabled, and documentation says 

"Beginning in Yokohama, ServiceNow is going to begin enforcing MFA by default for any internal local logins, meaning any login that is not through a Single Sign-On (SSO) provider or from a Service Account." We upgraded to Yokohama patch 1 and this is enabled by default how can we disable this functionality since it says MFA should not be enforced if you use SSO?
 
Regards 
CarolMa
0 Helpfuls
  • 2,965 Views
11 REPLIES 11

Randheer Singh
ServiceNow Employee
ServiceNow Employee
In response to CarolMa6

‎03-25-2025 06:01 AM

Hi, @CarolMa6, 
This is not correct. Users with SSO login will not be forced with MFA.
Please read about the enforcement in detail in this KB

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709783
Thanks,

Randheer

Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎03-25-2025 05:59 AM

Hi @CarolMa6 ,
To clarify the details, the MFA enforcement is applicable to only logins that are not happening through SSO. SSO logins will work without any change. With this mandate, users who do not have snc_external roles and use ServiceNow local username and password-based logins will be asked to set up MFA. 

This ensures that all logins are protected. You do not need to disable the MFA policy.
Please read question 1d for more details from the MFA enforcement FAQ KB.

Thanks,

Randheer

0 Helpfuls

Lakshikaaa
Tera Contributor
In response to Randheer Singh

a week ago

Hi Randheer Singh,

I'm unable to log in to my PDI. It asks for an authenticator code, but I had disabled MFA. When I try to scan the QR code again, it says: "You have an existing dev account for admin. Choose a different name for your new account." How can I access my existing PDI?

0 Helpfuls

Mark Roethof
Tera Patron
Tera Patron

‎03-25-2025 06:13 AM

Hi there,

 

No customers yet on Yokohama, so can't respond from real experience. Though looking at the Docs:

 

"Enforcement of MFA for non-SSO logins to ServiceNow from the Yokohama release."

 

And else ofcourse admins can change this behavior.

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

Simon Christens
Kilo Sage

‎04-09-2025 04:42 AM

Though this is NOT recommended as per said above it is possible to disable MFA:

 

Disable:

Go to Multi-factor Authentication --> MFA Context --> Deactivate Policy

Go to: https://<instance>.service-now.com/system_properties_ui.do?sysparm_use_polaris=false&sysparm_category=MultifactorAuthDisable&sysparm_title=Reason%20for%20Turning-off%20Multi-factor%20Authentication

Provide a reason for turning off MFA --> Save

Go to Multi-factor Authentication --> Properties --> Remove check on "Enable Multi-factor authentication" and Save

 

Re-Enable:

Go to Multi-factor Authentication --> MFA Context --> Activate Policy
Reason is reset and MFA property is enabled again