Can I enable MFA on an instance that has SAML SSO enabled?

Go to solution
suzukieri
Tera Contributor

‎05-17-2022 02:19 AM

I have SSO SAML enabled on a running instance.
I would like to additionally enable Multi-factor Authentication.
However, for various reasons, we are unable to prepare a verification environment.

I want users to be prompted for a one-time password after SAML authentication.
Is that possible?

Thank you.

Labels:
0 Helpfuls
  • 1,604 Views
1 ACCEPTED SOLUTION

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎05-17-2022 06:42 AM

Hi @Suzuki Eri 

yes, since San Diego this is possible. Please see the respective documentation page https://docs.servicenow.com/en-US/bundle/sandiego-platform-administration/page/integrate/authenticat...

Kind regards
Maik

View solution in original post

6 REPLIES 6

Go to solution
Artem Tyndyk
Tera Expert

‎05-17-2022 04:25 AM

The MFA is not compatible with a SSO authentication - any user can login per one of those methods only. However, you can define a specific group of users (e.g. admins) who will access the instance using MFA rather than SSO.

To achieve this, you need to define a role-based multi-factor criteria which will enforce MFA for particular users or groups. This would override SSO.

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎05-17-2022 06:42 AM

Hi @Suzuki Eri 

yes, since San Diego this is possible. Please see the respective documentation page https://docs.servicenow.com/en-US/bundle/sandiego-platform-administration/page/integrate/authenticat...

Kind regards
Maik

Go to solution
Artem Tyndyk
Tera Expert
In response to Maik Skoddow

‎05-17-2022 08:56 AM

Cool, didn't know about that San Diego enhancement! Then it's time for @Suzuki Eri to upgrade 😉

 

0 Helpfuls

Go to solution
suzukieri
Tera Contributor
In response to Maik Skoddow

‎05-17-2022 07:00 PM

Thank you both for sharing.
We are checking to see if the Docs you gave us are what we want to do.

0 Helpfuls