Multiple MFA Devices for User Account and force Specific MFA App

tiguin2798
Tera Guru

Hello,

 

I am currently testing MFA Authentication in our Dev environment. I have successfully enabled MFA and it is working as intended. However, I have two questions that I'm hoping the community can assist me with.

 

1) We have a break glass account that I would like to share with another user for MFA. Is there a way to add multiple devices for a user to choose when they receive the MFA prompt? Creating the system property glide.mfa.allow_multiple_devices as a true/false and setting it to true did not appear to work even after clearing the cache and logging back in. Of course the work around could be to create the user their own break glass account, but we really want to limit the number of these if possible.

 

2) We currently use DUO for our MFA application. Is there a way to force that this is the only accepted MFA application? I attempted to create a new MFA Criteria both as a full admin/security admin, but did not see the option. Is there another way to achieve this or is there something I'm missing? I also looked at DUO's documentation found here that I am working to implement, but do not see how this would restrict ServiceNow to use DUO only.

https://duo.com/docs/sso-servicenow

 

Any assistance is much appreciated!

 

 

2 REPLIES 2

Kieran Anson
Kilo Patron

Hi,

Do you have a link to the documentation for glide.mfa.allow_multiple_devices as I'm unable to to find any references to this. 

 

If you want DUO to be the only source, you would need to setup MFA on the identity provider and disable the MFA setup within ServiceNow. That way, DUO is the authoritative source 

Thank you for this suggestion. I will review with my IAM team to attempt the setup of ServiceNow with DUO.