Walk-up Experience portal security and access

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Walk-up Experience portal security and access

    The Walk-up Experience on-site portal in ServiceNow is designed with built-in security measures to prevent end users from gaining elevated role privileges. Access to the portal is restricted to accounts assigned only thesnwalkup.walkuploginrole. This ensures that users accessing the portal, typically via on-site devices like tablets, have appropriate, limited permissions.

    Show full answer Show less

    Key Features

    • Explicit Role Plugin: The com.glide.explicitroles plugin, introduced in the Paris release of ServiceNow AI Platform, manages user security roles by explicitly assigning either sncinternal or sncexternal. Walk-up Experience depends on this plugin to correctly set user roles, especially marking Walk-up Experience users as external.
    • Role Assignment Behavior: For new installations, Walk-up Experience creates users with the sncexternal role automatically after the Explicit Role plugin is installed. For upgrades prior to the Rome release or when upgrading to Zurich, users may initially have the sncinternal role assigned because the plugin defaults to it and does not remove it during upgrade.
    • User Access: Walk-up Experience agents use the snwalkup.walkuplogin role to log into the portal. Internal authenticated users may also check into queues online via desktop or mobile, while internal and external users can use on-site kiosk devices for check-in.

    Important Upgrade Considerations

    • When upgrading to the Zurich release, the Walk-up Experience user account is initially assigned the sncinternal role instead of sncexternal. This requires manual removal of the sncinternal role and addition of the sncexternal role to ensure proper external user designation.
    • This manual role adjustment is only necessary during the upgrade to Zurich. Subsequent upgrades after Zurich do not require this step.
    • For new installations on Zurich and later, role assignment to sncexternal happens automatically without manual intervention.

    Practical Implications for ServiceNow Customers

    ServiceNow customers deploying or upgrading Walk-up Experience should ensure the Explicit Role plugin is activated and understand its impact on user role assignments. Proper role configuration is critical to maintaining secure, appropriate access to the Walk-up Experience portal, especially during upgrades to the Zurich release. Following the prescribed role adjustments during upgrading avoids unintended elevated privileges and maintains compliance with security best practices.

    Security is built into the application to prevent end-user facing devices at the Walk-up Experience on-site portal from offering elevated role privileges to users. The Walk-up Experience on-site portal is accessed by an account containing only the sn_walkup.walkup_login role.

    Understanding Walk-up Experience portal security

    Activate the Explicit Role (com.glide.explicit_roles) plugin to assign users security roles, either snc_internal or snc_external. This plugin was introduced in the ServiceNow AI Platform Paris release. With the Quebec release, for new installations, Walk-up Experience added a dependency on this plugin to explicitly set the Walk-up Experience user as an external user.

    When upgrading Walk-up Experience installations prior to Rome, the Walk-up Experience user is assigned snc_internal instead of snc_external. This is because the Explicit Role plugin assigns all users, including Walk-up Experience users, to snc_internal. Walk-up Experience cannot remove snc_internal during upgrade. For new installations of Walk-up Experience, this process works automatically.
    Note:
    Refer to Explicit roles plugin for details about the plugin and Explicit Roles for more information about this upgrade process.

    Access to Walk-up Experience

    Agents opening up the on-site Walk-up location for business, or joining the support team during operation hours, access the user record account with sn_walkup.walkup_login role to log into the Walk-up Experience portal. Internal and external users can access the on-site Walk-up Experience portal via a check-in device, typically a tablet, to enter a queue. Internal, authenticated users can also access an online queue check-in via desktop or mobile device.

    Important information for upgrading Walk-up Experience to Zurich

    The Explicit Role (com.glide.explicit_roles) plugin was introduced in the ServiceNow AI Platform Paris release. When installed, users are assigned security roles, either snc_internal or snc_external. With the Zurich, release Walk-up Experience has added a dependency on this plugin to explicitly set the Walk-up Experience user as an external user.

    When upgrading Walk-up Experience to Zurich, the Walk-up Experience user is assigned snc_internal instead of snc_external. This is because the Explicit Role plugin assigns all users, including the Walk-up Experience user, to snc_internal. Walk-up Experience cannot remove snc_internal during upgrade. For new installs of Walk-up Experience, this process works without issue because the Explicit Role plugin installs first, assigns all users to snc_internal, then the Walk-up Experience user account is created with the snc_external role already assigned.
    Note:
    Refer to Explicit roles plugin for complete details about the plugin and ServiceNow AI Platform explicit roles.
    After upgrading to Zurich, you need to remove the snc_internal role from the Walk-up Experience user account, or any users created to log into the Walk-up Experience kiosk. Then you need to add the snc_external role to the users. This process is not necessary for upgrades after Zurich.
    Note:
    Refer to Explicit Roles for complete details about this process.