In the new Security Center, addressing sn_ext_usr_reg.allowed_email_domains

James Behrens
Giga Guru

‎09-12-2023 12:59 PM

In the new Security Center module, there is a hardening setting named: "External User Registration Email Domain Allowlist" The hardening instructions state:

If "sn_ext_usr_reg.allowed_email_domains" is not set with a whitelist of acceptable domains, then malicious actors could perform registration using emails addresses from unwanted domains.

 

There is a page on docs for this: External user registration email domain allowlist (servicenow.com)

This page does not state whether this only affects SAML or whether this might impinge on some solutions such as vendor risk assessments. There is a fair difference between those who might log on to your ServiceNow instance vs all your vendors filling out vendor risk assessments.

 

Would anyone have any insight on this?

0 Helpfuls
  • 1,228 Views
4 REPLIES 4

James Behrens
Giga Guru

‎09-12-2023 01:35 PM

under read first.. then post question...

I think this may be related to the plugin: External User Registration - Plugin Details (service-now.com)

We do not have that installed.. You'd think it would know that. 

0 Helpfuls

avieet
Tera Contributor
In response to James Behrens

‎09-18-2024 02:55 AM

This link is redirecting to a prod env for Trinity Health. 

avieet_0-1726653275222.png

requesting you to address this as someone might try messing around with it probably!

0 Helpfuls

James Behrens
Giga Guru

‎09-13-2023 06:55 AM

It was easier to test than to actually post the question. This setting did not affect vendor portal for us. That was my biggest concern.

Josh Pirozzi
Kilo Sage

‎04-19-2024 05:31 AM

@James Behrens,

 

Thanks for the research/testing! I agree that you'd think the system would recognize if the plugin was installed or not.

 

Thanks,

Josh Pirozzi

0 Helpfuls