Multi-factor authentication system properties

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Multi-factor Authentication System Properties

    The Multi-factor Authentication (MFA) system properties allow ServiceNow customers to enable and customize MFA to enhance security measures within their instances. These properties can be configured to meet specific security requirements and improve user experience during login.Key FeaturesEnable Multi-factor Authentication (glide.authenticate.multifactor):Activates MFA for users and administrators, with the default setting enabled.Bypass Setup Limit (glide.authenticate.multifactor.setup.bypass.count):Controls how many times a user can skip MFA setup, defaulting to 3.One-time Code Validity (glide.multifactor.onetime.code.validity):Sets the expiration time for the one-time code sent to users, with a default of 5 minutes.Clock Skew Adjustment (glide.authenticate.multifactor.clockskew):Allows for a maximum of 60 seconds of additional validity for the code to prevent login issues.Remember Browser Feature (glide.authenticate.multifactor.remember.browser.enable):Determines if users are prompted for MFA on returning to the same browser, defaulting to 'yes.'Browser Fingerprint Validity (glide.authenticate.multifactor.browser.fingerprint.validity):Sets the duration (default 8 hours) that MFA remembers a browser.Maximum Remembered Browsers (glide.authenticate.multifactor.remembered.browser.max.count):Limits the number of browsers a user can have remembered for MFA.Web Authentication (FIDO2) (glide.webauthn.enabled):Enables passwordless authentication methods, including hardware keys and biometrics.Email OTP Enablement (glide.authenticate.multifactor.email.otp.enable):Allows for email-based one-time passwords as an MFA factor.Key OutcomesBy utilizing these MFA properties, ServiceNow customers can enhance their security posture, improve user convenience during the login process, and tailor authentication requirements to fit organizational needs. Proper configuration of these properties ensures a secure and user-friendly experience for all users accessing the instance.

    Show full answer Show less

    Use system properties to enable and customize MFA to meet your security requirements.

    Table 1. Multi-factor authentication properties
    Property Description
    Enable Multi-factor authentication (glide.authenticate.multifactor) Option that enables users and administrators to use this feature. The default is enabled. To learn more about this property, see Enable multi-factor authentication (MFA) in Instance Security Hardening Settings.
    Number of times a user can bypass multi-factor authentication

    (glide.authenticate.multifactor.setup.bypass.count)

    		 Number of times that a user can choose to skip the setup of MFA. Your users can still log in to the instance even if they don't have their mobile device with them. If you disable this feature and then re-enable it, the counter starts over again. The default is 3.
    The time in minutes the one-time code sent to user's email address is valid for (glide.multifactor.onetime.code.validity) Number of minutes that the reset code is valid. See Log in with multi-factor authentication. The default is 5.
    Additional time in seconds for which the code is valid to accommodate for the clock skew. The maximum value is 60 seconds. (glide.authenticate.multifactor.clock_skew) Number of additional seconds that the reset code is valid. The maximum is 60. The default is 10.

    The instance validates the code entered by the user against the single app-generated code that is generated at the current time. You can skew the time window with this property and allow one or more codes to be generated during a time window to be considered valid.

    The property's value is used in the following calculation: current time - X/2 and current time + X/2, where X is the value of this property. If you use the value of 10, for example, the instance considers any codes that the app generates within the time range [the current time - 5 seconds] and [current time + 5 seconds] to be valid.

    Use this property to prevent login issues where the user is unable to enter the correct code in the default time allotted.
    Enable remember browser feature for multi-factor authentication.

    (glide.authenticate.multifactor.remember.browser.enable)

    		 Set your instance to prompt a user for MFA when they log in from a new device or browser. The default is yes.
    Validity of browser fingerprint in hours.

    (glide.authenticate.multifactor.browser.fingerprint.validity)

    		 After MFA remembers the browser, the user is not challenged for MFA in the same browser for this duration. The default is 8 hours.
    Maximum number of browsers a user can remember.

    (glide.authenticate.multifactor.remembered.browser.max.count)

    		 The number of browsers MFA remembers for this user.
    Default value of remember browser check box in the validate multi-factor page.

    (glide.authenticate.multifactor.remember.browser.default)

    		 Default value of the remember-browser check box in the validate multi-factor page.
    Enable web authentication (FIDO2) based MFA. (glide.webauthn.enabled) Option to enable passwordless authentication methods such as hardware key and biometric authentication.
    Enable email OTP for Multi-factor authentication (glide.authenticate.multifactor.email.otp.enable Option to enable email based OTP as a factor for MFA.