If you miss any content, please leave it as a comment and I will add it to this article
| Table of Contents |
My library Knowledge Sources To Go is very popular, but it was intended mainly as a thematically grouped guide to standard sources and was provided by me as a PDF file. For certain topics, however, there is so much content that I can no longer include it in that document, as it cannot continue to grow forever.
For this reason, I have decided to handle such topics in individual community articles like this one instead.
Overview
ServiceNow identity and authentication validates the identity of a user who accesses an instance, and then authorizes the user to features that match the user's role or job function.
Entry point to the official product documentation
Platform Access - Product Architecture Blueprint
Describes the inherent functionality of the product and outlines the technical components in the form of a diagram.
Trainings & Courses
Zero Trust Access: Introduction
By the end of this module, you will be able to:
- Understand what Zero Trust Access is
- Learn how to activate the Zero Trust Access plugins
- Explore the Session Access Role Configuration module
Articles & Blogs
How to Investigate User Account Activity (KB0564981)
At any time there is a need to review specific user behavior, below are the recommended steps on how to review the transaction logs and event logs.
Videos & Podcasts
2020-12-01 by GlideFast Consulting
Introduction to Users, Groups, and Roles
In this ServiceNow Tutorial, Lorena Villanueva gives an introduction to users, groups, and roles in ServiceNow.
2021-11-22, Hardit Singh
Password Policies in ServiceNow
Password policies ensure security in your ServiceNow instance and can be easily configured in ServiceNow PDI as well.
Password Reset
This application takes the familiar consumer internet password reset experience and applies it to enterprise IT. The Service desk-assisted password reset feature is an alternative approach that provides a streamlined and automated process for the service desk to quickly and consistently fulfill password reset requests without having to access password management tools. ServiceNow Password Reset supports all credential stores, including ServiceNow, Microsoft Active Directory, and more. It also supports a variety of identity verification methods, such as security questions, SMS text, and CAPTCHA, which may be used across all credential stores for a consistent and simplified user experience. End users may enroll in password reset by configuring their identity verification methods, or they may be automatically enrolled through user data already existing in ServiceNow.
Entry point to the official product documentation
Articles & Blog Posts
2019-04-08 by ServiceNow Support
Prevent users from re-using recently used passwords on the Password Reset screen
The functionality exists to enforce the requirement that a user changing his or her password to be prohibited from using recently used passwords when resetting the password through the self-service password reset form.
Videos & Podcasts
2020-03-11 by ServiceNow Community
2020-08-07 by snowexpertrohit
ServiceNow Password Reset Application
The ServiceNow Password Reset application enables an end user to use a self-service process to reset or change the password.
2020-10-15 by ServiceNow Community
Automate 30% of service requests with automated password reset
The ServiceNow Password Reset application enables an end user to use a self-service process to reset or change the password. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users.
2022-09-06 by ServiceNow Community
How do I get started with ServiceNow Password Reset?
This video provides a straightforward 7 step approach to implementing password reset on the ServiceNow platform.
2023-09-06 by ServiceNow Community
Streamline Your Password Reset Service Desk
Password Reset is an out-of-box application that ServiceNow provides to its customers, to help them achieve use-cases like Active Directory password reset. As a part of this session, we will be explaining how to use the application, along with demoing:
1. Password Reset for Windows Applications
2. Password Reset for over IVR
3. Password Reset via Virtual Agent
Adaptive Authentication
Adaptive Authentication enables the use of contextual authentication controls, which will evaluate incoming authentication requests and approve or deny them based on specific policy conditions – IP address, user groups, roles, and so on. Enterprises can configure adaptive authentication properties according to their own security requirements and policies.
Entry point to the official product documentation
Trainings & Courses
Adaptive Authentication Overview
This course provides an overview of Adaptive Authentication and Multi Factor Authentication.
Videos & Podcasts
2022-08-04 by ServiceNow Support
Getting started with Adaptive Authentication for Trusted Mobile Apps
In the video we show you how to activate and configure Adaptive Authentication for Trusted Mobile Apps, and how to register trusted devices for accessing the Now mobile app.
Articles & Blog Posts
2022-05-06 by @Sanchita Medar
Adaptive Authentication use case for ACME Bank
2022-12-09 by @Randheer Singh
Migrating from IP address access control to Adaptive Authentication
2023-10-06 by @Randheer Singh
Enforce multi-factor authentication (MFA) based on the IP Network
In this blog, we will see how we can use adaptive authentication to dynamically enforce MFA for users accessing the instance outside the trusted network.
Zero Trust Access
ServiceNow Zero Trust - Policy Based Session Access (Session Access) enables organizations to dynamically reduce user privilege in a web session based on a variety of factors, including IP address, location, authentication method, user’s role, group, user having MFA and attributes shared by the Identity Provider (IDP). This can help protect organizations from unauthorized access and data breaches, even when high-privileged users access applications from untrusted devices or locations.
Entry point to the official product information pages.
Entry point to the official product documentation
Summarized overview in one PDF file.
Articles & Blogposts
2023-09-16 by @Randheer Singh
Introducing ServiceNow Zero Trust Access
Videos & Podcasts
2023-08-23 by ServiceNow Community
Introduction to ServiceNow Zero Trust Access
Multi Factor Authentication
The basic level of authentication to an instance is local database authentication where a user enters a username and password combination. MFA gives administrators and users the ability to require a second level of authentication. This second authentication can be:
- A passcode from an authentication app
- A hardware key
- A biometric authenticator, such as a fingerprint reader or facial recognition
Entry point to the official product documentation
Multi-Factor Authentication (MFA) Enforcement FAQ
To enhance the security of all instance account, ServiceNow is enforcing MFA starting with the Yokohoma release. This knowledge article explains all you need to know regarding that topic.
Articles & Blog Posts
2021-03-12 by @Maik Skoddow
Bypass Multi-factor Authentication (MFA) based on IP Addresses
At the Community the question arises again and again whether the multi-factor authentication can be bypassed under certain circumstances. For example users would like to log in directly and without MFA when they're accessing the ServiceNow instance from a secure (company) network. In fact, it is possible to implement such exceptions using the Adaptive Authentication feature of ServiceNow and this article describes what configurations are necessary to realize that scenario.
2023-01-12 by @Randheer Singh
MFA with SSO -Dynamically enforce MFA on the ServiceNow side based on the Identity provider response
In this article, we will discuss how MFA can be dynamically enforced on the ServiceNow side if not enforced on the IdP side based on the attributes shared by the IdP as part of the SAML response/OIDC token.
2023-02-16 by @Randheer Singh
Multi-factor authentication with SMS OTP
In this blog, we will explore how SMS OTP-based multi-factor authentication can be enabled on ServiceNow Platform authentication and provide best practices for implementing this authentication method in your organization.
Videos & Podcasts
2021-11-09 by Hardit Singh
How to activate Multi Factor Authentication (MFA) on ServiceNow
In this short video, we will see how can we setup Multi Factor Authentication (MFA) on our PDI. We will need to activate a system property and download an app on our mobile phone
2023-01-25 by Secretary of Simplification
Did you know you can quickly and easily allow your users to authenticate using biometric data, such as their fingerprints and faces, using their devices' built-in sensors and cameras? This video shows you how. Now there is no more reason not to use multi-factor authentication.
2023-06-07 by ServiceNow Support
Administrator-assisted multi-factor authentication reset
Demonstrates how a ServiceNow system administrator can reset a user's multi-factor authentication validation.
LDAP(S)
An LDAP integration allows the system to use your existing LDAP server as the primary source of user data. Typically, an LDAP integration is also part of a single sign-on implementation.
Entry point to the official product documentation
Articles & Blog Posts
2018-04-11 by DxSherpa
LDAP Integration with ServiceNow
Administrators integrate ServiceNow with LDAP directory to streamline the user login process and to automate administrative tasks such as creating users. LDAP integration allows ServiceNow to use your existing LDAP server as the master source of user data.
2020-05-06 by LearnNowLab
An LDAP integration allows your instance to use your existing LDAP server as the master source of user data.,
2020-05-19 by ServiceNow Support
Connecting Active Directory via LDAPS through MID Server (KB0825425)
This knowledge article explains how to connect Active Directory via LDAPS through MID Server.
Videos & Podcasts
2019-11-06, by Basico ServiceNow Learning
LDAP Integration in ServiceNow
ServiceNow continues to support existing Connect Support customers on the Now Platform for current and upcoming releases but further feature development is not planned for the future. We strongly encourage customers to make the move from Connect Support to Advanced Work Assignment (AWA) and Workspace Agent Chat as we’re focused on continuing to invest in innovation within Advanced Work Assignment and Workspace Agent Chat.
Troubleshooting
Troubleshooting LDAP issues in ServiceNow (KB0539111)
LDAP connection error (KB0547476)
LDAPS with MID server failed with Error "PKIX path building failed: java.security.cert.CertPathBuild... (KB0825530)
OAuth
OAuth 2.0 lets users access instance resources through external clients by obtaining a token rather than by entering login credentials with each resource request.
Entry point to the official product documentation
Articles & Blog Posts
2019-12-03, by Isuru Jayakantha
Everything You Need To Know About OAuth 2 Integration
You will find everything you need for OAuth Integration in this article.
2020-04-25, by Ankus Bawiskar
2020-09-11, by Pushpendra Singh
Login using Google account is very common on most of the web applications/platforms/tools. This article will provide a step by guide on how to achieve the same in ServiceNow.
2024-02-05 by @Astrid Sapphire
Up Your OAuth2.0 Game in Washington DC With Inbound Client Credentials
This article and the following articles in the Up your OAuth2.0 series, will guide you through setting up different types of OAuth Clients and Providers, including extended concepts around OIDC and more! After the guide, I’ll also talk through brief cases of where you might use each variant. This first article focusses on Inbound API Authentication to your ServiceNow instance, using the Client Credentials grant which was implemented in the Washington DC release.
Videos & Podcasts
2020-06-10, by ServiceNow Now Community
Discover OAuth 2.0 with Inbound REST with Ankur Bawiskar
Join us for the session on OAuth 2.0 with Inbound REST, where Ankur demonstrates external clients accessing instance resources/APIs by obtaining OAuth Token, Inbound REST setup.
2021-07-17 by Techno Monk
ServiceNow OAuth 2.0 inbound integration
In this video we will be looking into ServiceNow OAuth 2.0 inbound integration:
1. What is difference between Basic and OAuth
2. What is OAUTH integration
3. How we can use OAUTH integration
4. What is Access and Refresh token
5. Demo
2022-05-24 by Horea Porutiu
ServiceNow OAuth 2.0 Endpoint Integration w/ Postman in 4 MIN
In this video, I create an OAuth API endpoint for external clients to be able to call and access my ServiceNow instance securely via OAuth 2.0. I use my clientID, clientsecret, username, and password to be able to grab my access token.
Troubleshooting
OAuth Token of type 'Client Credentials' generates 'User Not Authenticated' in Inbound web service c... (KB0745184)
Single Sign On (SSO)
External SSO allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication. The integration supports any combination of local and external authentication methods on a single instance:
SAML 2.0
The Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between security domains. The SAML 2.0 integration enables SSO by exchanging XML tokens with an external Identity Provider (IdP). The IdP authenticates the user and passes a NameID token to the system. If the system finds a user with a matching NameID token (for example, the email address), the instance logs that user in.
Digest Authentication
The digest token authentication passes user credentials and a digest token within an unencrypted HTTP header. The instance reads the HTTP header value and compares its computed hash value of the digest token. If the computed hash value matches the digest token value, then the instance searches for a matching value in the User table. If there is a matching value in the User table, the instance considers the user pre-authenticated and logs the user in.
OpenID Connect
OpenID Connect (OIDC) is an identity layer built on top of the OAuth protocol, which provides a modern and intuitive Single Sign-on (SSO) experience to you and your end users. OIDC also improves the log in experience for mobile applications by enabling users to log in to ServiceNow applications using their social identity provider. For example, administrators can configure Single Sign-on with a third-party identity provider that supports OpenID Connect. Users then have the option to log in to your custom ServiceNow application using their identity provider credentials.
Entry point to the official product documentation
Articles & Blog Posts
by ServiceNow Support
Checklist before cloning an Instance with Digest, SSO, SAML or Multi SSO Integration (KB0657100)
Cloning could cause your target instance to be inaccessible if it is done incorrectly and the source or target instance has SAML setup. We do not recommend to copy the SAML configuration from one system into another.
by ServiceNow Support
Setup of Signing Keystore for Encryption and Signing (KB0753604)
Describe how to set up a Signing Keystore for Encryption and Signing for a SAML SSO Identity Provider.
by ServiceNow Support
Setting up Okta Single Sign On on ServiceNow instances (KB0777770)
This article explains how to set up for SSO with Okta on ServiceNow instance.
by ServiceNow Support
Multiple Provider Single Sign-On Enhanced UI (KB0817397 🔒)
The 'Integration - Multiple Provider Single Sign-On Enhanced UI' plugin provides a richer user interface to configure your SSO solution on your instance. The plugin allows enterprise users to configure SSO redirections entirely from the User Interface.
by ServiceNow Support
Setup Multi-SSO with SAML using SSOCircle (KB1124279)
In these instructions we will setup a SAML 2.0 Identity Provider.
2019-06-19 by @ARG645
Nuts & Bolts of SAML in ServiceNow : The Bigger Picture
This Series of Articles Nuts & Bolts of SAML in ServiceNow describes the core components of SAML and how they facilitate the SAML Authentication for SingleSignOn in Servicenow.
2022-11-22 by @Logan Poynter
Azure AD & ServiceNow
Whether you’re an existing organization, or are just evaluating ServiceNow as a platform, in this tutorial I’m going to walk through how you as a ServiceNow Administrator can configure Azure AD to control what users and groups are populated in your ServiceNow environment, and establish Single Sign-On services to the ServiceNow application as well.
- Setting Up Our Accounts
- Preparing our ServiceNow Personal Developer Instance
- Adding ServiceNow Enterprise Application & Initial Setup
- Configure Azure SSO & Provisioning
2022-11-22, by Microsoft
Tutorial: Azure Active Directory single sign-on (SSO) integration with ServiceNow
In this tutorial, you'll learn how to integrate ServiceNow with Azure Active Directory (Azure AD).
2023-02-21 by David McDonald
Guide to a ServiceNow login page for multiple SSO providers
ServiceNow integrates pretty well with single sign-on providers like Azure, Okta, and ADFS, but things get difficult when you need to support multiple SSO's. Here's how to do a login page that allows users to choose which SSO provider they want to login through.
Videos & Podcasts
2021-07-28, by snowexpertrohit
Multi SSO Configuration step by step
SAML-based SSO configuration using a free IdP as an example.
2020-06-04 by ServiceNow Talks
Single Sign On with ADFS
Troubleshooting
Troubleshooting SAML or SSO (KB0539112 🔒)
SAML/SSO generates an infinite loop during login when you define glide.security.url.whitelist withou... (KB0621688)
If Multi-SSO is installed, check whether SAML installation exits are inactive (KB0623385)
Multi-SSO Certificate Grouping (idp_certificate table) solves IdP Certificate Mismatch errors when I... (KB0676337)
Cannot Generate Metadata when Sign AuthnRequest or Sign LogoutRequest is checked (KB0689646)
How to safely self-update your IDP certificate when Multi SSO and avoid "IDP Certificate Mismatch" f... (KB0679991)
SAML Errors and Fixes (KB0759250)
SHA-256 support for Single Sign On (KB0778491)
Slow memory leak due to large number of SAML metadata import threads causing intermittent / poor per... (KB0789247 🔒)
Multi-provider SSO V2 with Edge Encryption Proxy (KB0831608)
Users taken to logout using Multi Provider sso. Test connection is successful and Identity Provider ... (KB0827063)
Multi-provider SSO - Maximum number if IDPs supported (KB1005849)
In Multi SSO enabled instances - Session timed out message is never displayed on platform (KB1113341)
Certificate-based (Mutual) authentication
Certificate-based authentication lets you mutually authenticate user logins or inbound API requests using certificates from a trusted Certificate Authority (CA).
Entry point to the official product documentation
Articles & Blog Posts
2021-08-19, by ServiceNow Support
How to configure inbound Certificate Based Authentication (mutual authentication) in ServiceNow
This article is meant only for inbound mutual authentication, known officially as Certificate-Based Authentication (CBA).
