MFA exempted user still seeing blue banner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 hours ago
Hi,
I've added a non-SSO user account to the MFA exempted user group, following this guidance: https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/integrate/authentication/conc...
However, after about 45 minutes the user still sees the MFA blue banner. The banner persists despite logging out and back in, and after manually refreshing the system's cache.
The policy conditions in the MFA context for my instance is what was set by ServiceNow by default, so exactly matches what is shown in the guidance.
Is there anything else I might need to do to stop the banner from appearing? Does it simply just take some time after adding an account to the exemption group for the banner to stop appearing.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
Hi @ChrisF7,
While adding a user to the MFA exemption group is the correct procedure, the banner's persistence typically points to a session or server-side cache issue rather than a simple propagation delay, as the change should be nearly immediate. To resolve this, ensure the user's session is completely terminated by having them log out, then as an administrator, navigate to "User Administration > Logged in users" find their session, and manually end it.
Following this with a system cache flush by typing cache.do in the filter navigator will clear any outdated cached information. These actions force a fresh authentication and re-evaluation of the user's group memberships against the MFA policy, which should remove the banner.
Hope this helps!
Thanks & Regards,
Muhammad Iftikhar
If my response helped, please mark it as the accepted solution and helpful so others can benefit as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hi @M Iftikhar,
I've attempted this but once the user is logged out, they no longer appear in "User Administration > Logged in users", so as an admin I can't then manually end their session, which to me makes sense given they're no longer logged in.
I've completed the system cache flush a couple of times but the banner still appears when the user next logs in.
Thanks,
Chris
