How to mask Service Portal URL?

yltsai · ‎03-04-2018

All Service Portal homepage have <instance_address>/xxxxx?xxxxxxxx as URL. My employer is concerned the security even it is for internal users. The leadership wants to make the internal service portal URL to look like https://<company_name> Service Portal. How can I achieve the request? What are the procedures?

Thank you,

Goran WitchDoc · ‎03-05-2018

I would stay away from that. Besides the normal negative parts from masking URL you will make a lot of trouble for the ServiceNow developers when they suddenly can't use the web url as a tool in their development. I also wonder if ServiceNow actually will work in all ways if doing this. But I must admit, I'm not an expert in this area.

//Göran

yltsai · ‎03-05-2018

My employer experienced few incidents. Someone gave out enterprise's Prod instances' URL, then some "guests" sent emails to the instances and generated many unwanted Incident records. That alarmed leadership on reporting and resource support efforts. I would not go into all details.

Therefore, the leadership wants to "mask" Service Portal's URL to prevent more unforeseen issues from Service Portal.

I have presented the suggestions from both of you to my manager and CIO to determine what action(s) to take.

Thank you,

Goran WitchDoc · ‎03-05-2018

to add to that you can do a lot of stuff to prevent.

example:

*Don't let email from adress which doesn't have a user record create an record. Just put them in spam box and if needed, go through them manually or now and then.

*Don't use your servicenow email. I would more recommend have like servicedesk@company.com

What I'm saying is, if that is the issue, there are better ways of handling it since if you want, you can get the instance name anyway. example if stats.do isn't locked down.

//Göran