URL allow list for logout redirects

ramaharini
Tera Contributor

Hi Community,

I'm working on securing logout redirect URLs in our ServiceNow instance by enabling the `glide.security.url.whitelist` system property to prevent open redirect attacks via phishing.

Before enabling the property, I want to first populate the URL allowlist with our trusted redirect destinations (SSO/SAML IdP logout URLs, Service Portal URLs, and approved external domains).

However, I'm unable to locate the URL Allowlist module or the `sys_security_acl_allowlist` table in our instance. It doesn't appear under System Security in the navigation menu, and searching the filter navigator doesn't surface it either.

Could anyone advise:
1. Which plugin needs to be activated for this module/table to appear?
2. Is there an alternative way to manage the allowlist if the module isn't available?

We're currently on Australia release . Any guidance would be greatly appreciated!

Thanks in advance.

1 REPLY 1

Tanushree Maiti
Tera Patron

Hi @ramaharini 

 

refer:

Enforce URL allowlist check 

URL allow list for logout redirects (instance security hardening) 

https://www.servicenow.com/docs/r/platform-administration/r_AvailableSystemProperties.html

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti