Role based MFA only works for some users after upgrade to Yokohama
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-09-2025 06:59 PM - edited ‎07-10-2025 04:24 PM
After upgrading to Yokohama from WashingtonDC a few months ago we have noted that some people who previously used TOTP authenticators for MFA no longer have that option, but are forced to use EMAIL.
About 40% of our staff are effected, and they range in Roles from ServiceNow Admins to simple ITIL users
I have gone through our Multi-factor Criteria which is set for Roles based MFA, and cannot see why this would occur.
Note that admin roles (among others) require MFA
When I look at my profile I get Configure Multi-Factor Authentication as a related link
But when other admin user looks at their’s in they get
Note that Configure Multi-factor Authentication is not on the list.
BOTH THESE USERS HAVE SAME ROLES AND GROUP MEMBERSHIPS.
When second admin logs in – it forces MFA through email – with no option to setup authenticator
When first admin logs in – it uses Autheticator and was prompted to set it up upon first login
Similar issue exists for non admins:
Some ITIL users get MFA through authenticator, and get the option to Configure through their profile. Others don’t. It’s about a 40/60 split across all ITIL users, independent of groups and other roles.
Note that the users who can’t are not listed on the User Multifactor Authentications list. Only people who use Authenticator app are on the list
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-09-2025 09:11 PM
This has to go for a Support case with ServiceNow. They can check at their end .
Sandeep Dutta
Please mark the answer correct & Helpful, if i could help you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-09-2025 09:29 PM
Thanks. I have already logged one. And am still waiting for a phone call.
I was just hoping that someone out there had already had the same issue resolved by a simple tweek of a sys_properties record or something similar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-10-2025 10:41 AM - edited ‎07-10-2025 10:42 AM
Thanks for the heads-up.
We’re moving to Yokohama tonight and all ITIL users and no role users signs in through Azure AD SSO (navpage.do).
I as an Admin sometimes use login.do.
Did Support give you a fix for MFA issue you came across?
Do we need to flip any ServiceNow property or any settings, before the upgrade so our ITIL users don’t get stuck?
Any tip would help—thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-10-2025 04:21 PM - edited ‎07-10-2025 04:23 PM
As far as I can tell you should be fine.
The transition to the "new MFA" was seamless during the upgrade, and all my other contacts who have done the same upgrade did not experience what we are. The big difference is that we are not SSO, while everyone else who I have talked to is.
And Support haven't got me a fix yet.