Using Multi-factor authentication

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using Multi-factor Authentication

    Multi-factor authentication (MFA) enhances security for accessing your ServiceNow instance by requiring an additional verification step beyond your username and password. This process can involve various authenticator applications and methods, ensuring that only authorized users gain access to your account.

    Show full answer Show less

    Key Features

    • Authenticator Apps: ServiceNow supports Time-based One-time Passwords (TOTP) through various authenticator applications such as Google Authenticator, Microsoft Authenticator, LastPass Authenticator, Authy, FreeOTP, Duo, and Okta Verify.
    • Second Factor Authentication: After entering your credentials, you will need to provide a code from your authenticator app. If MFA is not set up, you will be guided through the configuration process.
    • Biometric Authentication: If enabled by your administrator, you can use fingerprint or facial recognition as an additional authentication method.
    • Hardware Key Authenticators: Physical security devices can be registered for authentication, providing a secure login option.
    • SMS and Email OTP: You can register a mobile number or email address to receive One-time Passwords (OTP) for verification during login, with a validation code that is valid for 5 minutes.

    Key Outcomes

    By implementing MFA, you secure your ServiceNow instance against unauthorized access, significantly reducing the risk of account compromise. Users benefit from a streamlined login process while ensuring their data remains protected through multiple layers of authentication. This ultimately leads to enhanced security posture for your organization.

    Learn how to use multi-factor authentication tools to securely access your instance.

    Login with MFA

    ServiceNow requires authenticator applications that support Time-based One-time Passwords (TOTP). ServiceNow tests MFA with the following authenticators:

    • Google Authenticator
    • Microsoft Authenticator
    • LastPass Authenticator
    • Authy
    • FreeOTP
    • Duo
    • Okta Verify
    Note:
    • Other authenticators not listed might also be compatible, but are not tested by ServiceNow.
    • For information related to browser specific behavior change, see this KB article.

    Register an authentication app

    Authenticator App
    You can use authenticator apps to use a second factor of authentication.

    If your administrator has enabled multi-factor authentication (MFA) on your instance, you are prompted for a second authentication after entering your user name and password. For details on the MFA login process, see Log in with multi-factor authentication.
    Validation with Authenticator app
    Enter the code displayed on your authenticator app to login.
    If you haven't configured a second form of authentication, you will see a configuration page after logging in to guide you through the process of setting up an authentication app. For details on this setup, see Set up Multi-factor authentication for the first time.
    Authenticator

    Register an authentication device

    After you've configured an authentication app, you can register other methods for authentication.
    Biometric authenticators
    You can use biometric authenticators like fingerprint or facial recognition as your second MFA authentication. If your administrator allows this option, you can configure biometric authenticators using the steps in Register a biometric authenticator.
    Biometrics icon
    Hardware key authenticators
    Hardware keys are physical security devices you can use for authentication. You can register a hardware device for use with your instance using the steps in Register a hardware security key.
    Hardware key icon
    Validation with Biometric or Hardware Key
    Use the biometric or hardware key to login.
    		 Use the Biometric or Security Key to login.
    MFA - Biometric or Hardware

    Register a phone number for OTP

    SMS
    Use SMS based OTP to require users who attempt to login.

    When users attempt to login to ServiceNow, SMS OTP is sent to the mobile number associated with the sys_user record. Users can enter the six-digit verification code that it sent to the mobile device and verify their identity.


    SMS.
    Validation with SMS
    Use the validation with SMS to login based on the OTP generated.
    		 You need to enter the 6-digit code sent to the mobile number to login. The code sent is valid for the next 5 minutes. You can use resend code to again send the code.

    Register an Email address for OTP

    Email address
    Use Email based OTP to require users who attempt to login.

    When users attempt to login to ServiceNow, Email OTP is sent to the email address associated to the user. User's can enter the six-digit verification code that it sent to the mobile device and verify their identity.


    Email.
    Validation with Email
    Use the validation with Email to login based on the OTP generated.
    		 You need to enter the 6-digit code sent to the email address to login. The code sent is valid for the next 5 minutes. You can use resend code to again send the code.
    MFA-Email.