- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2022 02:19 AM
I have SSO SAML enabled on a running instance.
I would like to additionally enable Multi-factor Authentication.
However, for various reasons, we are unable to prepare a verification environment.
I want users to be prompted for a one-time password after SAML authentication.
Is that possible?
Thank you.
Solved! Go to Solution.
- Labels:
-
Platform and Cloud Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2022 06:42 AM
Hi
yes, since San Diego this is possible. Please see the respective documentation page https://docs.servicenow.com/en-US/bundle/sandiego-platform-administration/page/integrate/authenticat...
Kind regards
Maik

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2022 04:25 AM
The MFA is not compatible with a SSO authentication - any user can login per one of those methods only. However, you can define a specific group of users (e.g. admins) who will access the instance using MFA rather than SSO.
To achieve this, you need to define a role-based multi-factor criteria which will enforce MFA for particular users or groups. This would override SSO.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2022 06:42 AM
Hi
yes, since San Diego this is possible. Please see the respective documentation page https://docs.servicenow.com/en-US/bundle/sandiego-platform-administration/page/integrate/authenticat...
Kind regards
Maik

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2022 08:56 AM
Cool, didn't know about that San Diego enhancement! Then it's time for
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2022 07:00 PM
Thank you both for sharing.
We are checking to see if the Docs you gave us are what we want to do.