How to remove MFA for Selected Users in ServiceNow

Hari S1
Tera Contributor

‎05-14-2024 04:33 AM

Hi,

 

We have restricted licenses for specific users in ServiceNow and we would like to give a single user ID for two individuals(only for two individuals not for all users). However, this poses a challenge due to the implementation of MFA (Multiple Factor Authentication). Is there any way to remove MFA for these two users while maintaining its enforcement for others?

 

 

Thank you.

0 Helpfuls
  • 3,489 Views
3 REPLIES 3

dgarad
Giga Sage

‎05-14-2024 04:49 AM

Hi @Hari S1 

Refer below link.

https://www.servicenow.com/community/developer-forum/disable-multifactor-authentication-for-test-use...

If my answer finds you well, helpful, and related to the question asked. Please mark it as correct and helpful.

Thanks
dgarad
0 Helpfuls

Sohail Khilji
Kilo Patron
Kilo Patron

‎05-14-2024 05:21 AM

Hi @Hari S1 ,

 

Yes you can do it,

 

you can "Configure user-based multi-factor criteria".

 

Steps:

 

  1. Navigate to All > User Administration > Users. (open the user record)
  2. Configure the list to show the Enable Multifactor Authentication column.
  3. Change the values of the Enable Multifactor Authentication column for the selected users to false.

☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect

Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎06-10-2024 08:51 AM - last edited on ‎02-18-2025 07:09 AM by Administrator

Hi @Hari S1 

The ideal way to implement this would be through the MFA context policy.

You can create a new group, "MFA Exempt Group," and add selected users to that group.

 

Then you can create a group filter criteria with the "MFA Exempt Group".

 

Now you can create an adaptive authentication policy and use required filter criteria like "authentication method", role filter criteria, and group filter criteria based on your needs. Finally, you can craft a policy condition that evaluates to true for your current use case for which you want to enable MFA and false for users that are part of the "MFA Exempt Group".

 

You can associate this policy with MFA context with step-up authentication as the default behavior.

Adaptive authentication learning course

MFA context policy

 

Thanks,

Randheer