NTLM authentication

Navjeevan · ‎03-14-2024

if the customer plans to deprecate NTLM, What is the alternative for NTLM authentication which is used by discovery?

Community Alums · ‎03-14-2024

It's a good decision by your customer as NTLM is the most complex of the authentication protocols supported by a basic web server.

It is a proprietary protocol designed by Microsoft with no publicly available specification. Early versions of NTLM were less secure than Digest authentication due to faults in the design. However, these were fixed in a service pack for Windows NT 4 and the protocol is now considered more secure than Digest authentication.

You can use REST as an alternative.

Please follow the article for the steps : https://www.servicenow.com/community/developer-forum/rest-over-ntlm-solution-proposed/m-p/1588236

View solution in original post

Community Alums · ‎03-14-2024

Hi @Navjeevan ,

It's a good decision by your customer as NTLM is the most complex of the authentication protocols supported by a basic web server.

It is a proprietary protocol designed by Microsoft with no publicly available specification. Early versions of NTLM were less secure than Digest authentication due to faults in the design. However, these were fixed in a service pack for Windows NT 4 and the protocol is now considered more secure than Digest authentication.

You can use REST as an alternative.

Please follow the article for the steps : https://www.servicenow.com/community/developer-forum/rest-over-ntlm-solution-proposed/m-p/1588236