Enable MFA for all users in table sys_user

Go to solution
ALe1
Tera Contributor

‎05-08-2023 06:07 PM

Hi Guys.

 

Please, how can enable MFA for all user in my instance? In table sys_user, the columm "Enable Multifactor Authentication" is "false", but, i nedeed change for "TRUE" for all user.

 

Thanks in advance...

0 Helpfuls
  • 1,487 Views
1 ACCEPTED SOLUTION

Go to solution
Community Alums
Not applicable

‎05-08-2023 06:46 PM

Hi @ALe1 ,

You can very easily set up a business rule to ensure that the enable_multifactor_authn field on the sys_user table is always populated. However, you do want to be careful because just turning on MFA for everyone can potentially break things like existing inbound REST interfaces if they only use Basic auth.

 if you want to enable MFA for all user then you can just run the below script in background and you will be able to set it for all users:

SandeepDutta_0-1683596778925.png

 

Script to be used:

var gr = new GlideRecord();
gr.addQuery('active',true);
gr.query();
while(gr.next()){
gr.enable_multifactor_authn = true
gr.update();
}

 

View solution in original post

5 REPLIES 5

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎05-09-2023 12:36 AM

Hi @ALe1 ,
Instead of relying upon Enable Multifactor Authentication column of the sys_user table, you can use Adaptive authentication - MFA context policy to enforce MFA dynamically. In this way, you can automatically enforce MFA for user accounts that will get created in the future in the sys_user table without worrying about the "Enable Multifactor Authentication" field value.

You can use role or group membership conditions in addition to the authentication method and IP address in the policy.

 

Here is the documentation.

 

Thanks,

Randheer

0 Helpfuls