URL allow list for logout redirects
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
6 hours ago
Hi Community,
I'm working on securing logout redirect URLs in our ServiceNow instance by enabling the `glide.security.url.whitelist` system property to prevent open redirect attacks via phishing.
Before enabling the property, I want to first populate the URL allowlist with our trusted redirect destinations (SSO/SAML IdP logout URLs, Service Portal URLs, and approved external domains).
However, I'm unable to locate the URL Allowlist module or the `sys_security_acl_allowlist` table in our instance. It doesn't appear under System Security in the navigation menu, and searching the filter navigator doesn't surface it either.
Could anyone advise:
1. Which plugin needs to be activated for this module/table to appear?
2. Is there an alternative way to manage the allowlist if the module isn't available?
We're currently on Australia release . Any guidance would be greatly appreciated!
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
6 hours ago
Hi @ramaharini
refer:
URL allow list for logout redirects (instance security hardening)
https://www.servicenow.com/docs/r/platform-administration/r_AvailableSystemProperties.html
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti