Authentication release notes

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Authentication release notes

    The ServiceNow® Authentication application in the Yokohama release introduces enhanced support for multiple authentication mechanisms to validate user identities effectively. These updates improve security, user experience, and integration capabilities with external systems and AI voice services.

    Show full answer Show less

    Key Features

    • Knowledge-based Authentication (KBA) Enhancements:
      • Voice input support for KBA questions allows users to respond verbally during identification and authentication, with configurable formats, examples, and validation patterns.
      • Script-based validation enables integration with external systems by allowing custom scoped scripts to validate caller identity beyond internal ServiceNow AI Platform tables.
    • AI Voice Service Authentication Factors: Configure required identification and authentication factors to enable caller access to AI voice agents.
    • OAuth Enhancements:
      • Support for choosing between Opaque or JWT tokens for inbound integration endpoints.
      • Option to restrict API access only to explicitly listed scopes for inbound integrations.
      • OAuth Entity Resource tab for outbound integrations to pass resource parameters into OAuth token requests, reflecting them in tokens from OAuth providers.
      • Provider name field for inbound integrations improves monitoring by distinguishing between integrations for both OAuth and Basic authentication methods.
    • Continuous Authentication: Requires step-up authentication or re-authentication before granting access to sensitive or high-privilege information, enhancing security posture.
    • OAuth Grant Types via MID Server: Supports Authorization code, resource owner password credential, SAML bearer, and JWT bearer grant types for outbound OAuth integration requests through the MID Server, facilitating secure communication between ServiceNow and external systems.
    • Multi-factor Authentication (MFA) Enforcement: MFA is now mandatory for all non-SSO logins to ServiceNow, strengthening access security.

    Key Outcomes

    • Improved authentication flexibility and security for users accessing ServiceNow via AI voice and integration endpoints.
    • Enhanced ability to integrate and validate users through external systems using custom scripts and OAuth configurations.
    • Greater control over authentication flows, including continuous authentication for sensitive data access.
    • Streamlined monitoring and management of inbound integrations with clear provider identification.
    • Default enforcement of MFA ensures higher security compliance for all non-SSO users.

    Activation and Related Features

    The Authentication application is active by default as part of the ServiceNow AI Platform. It complements Platform Security features such as failed login management, encrypted password protection, access control rules, and audit logs to help secure your ServiceNow instance effectively.

    The ServiceNow® Authentication application supports many authentication mechanisms that enable you to validate the identity of users. Authentication was enhanced and updated in the Yokohama release.

    Authentication highlights for the Yokohama release

    Yokohama Patch 13
    Knowledge-based factor enhancement for AI voice service
    Following are the knowledge-based authentication (KBA) enhancements:
    • Voice input support for KBA questions: Configure KBA questions to support Voice as an input type, allowing users to provide spoken responses during identification and authentication. When Voice input is enabled, you can configure the expected format, provide examples, and optionally define a validation pattern using regular expressions.
    • Script-based validation for external systems: Configure KBA answers to validate that are created against external systems using custom scripts through the Script Configuration field. When set to Identification mode, you can write scoped scripts that validate caller identity against external authentication systems instead of internal ServiceNow AI Platform tables.
    Yokohama Patch 11
    Authentication factors for AI voice service
    Enable caller access to AI voice agents by configuring the required identification and authentication factors.
    OAuth enhancements
    Following are the OAuth enhancements:
    • Use Opaque or JWT token option for your inbound integration endpoints.
    • Use the Allow access only to APIs in selected scope option to enable access to the APIs that are explicitly listed in the selected scopes for your inbound integrations.
    • Use the OAuth Entity Resource tab for outbound integrations to configure resource parameters so they flow into the OAuth token request and are reflected in the token from your OAuth provider.
    Provider name for Inbound integrations
    Use the Provider name field to enter the details of your inbound integrations to distinguish between different inbound integrations on your ServiceNow AI Platform®. Update the Provider name in your API integrations to improve monitoring capabilities:
    • For OAuth integrations, update the provider name using the Provider name field. To know more, see OAuth Inbound.
    • For Basic authentication integrations, update the Provider name in the integration registration form.
    Yokohama Patch 7
    OAuth token enhancement
    Use Opaque or JWT token option for your inbound integration endpoints.
    Yokohama
    • Use Continuous Authentication to require step-up authentication or re-authentication to the users before allowing access to sensitive or high-privilege information.
    • Multi-factor Authentication (MFA) is enforced by default for all non-SSO login to ServiceNow®.
    • Use the Authorization code, resource owner password credential, SAML bearer, and JWT bearer OAuth grant types of OAuth for outbound integration requests through the MID Server.

    See Authentication for more information.

    New in the Yokohama release

    Continuous Authentication
    Use Continuous Authentication to require step-up authentication or re-authentication to the users before allowing access to sensitive or high-privilege information.
    OAuth Grant Types for MID Server
    Use the Authorization code, resource owner password credential, SAML bearer, and JWT bearer OAuth grant types of OAuth for outbound integration requests through the MID Server. Personal Auth is also supported through the MID server. MID Servers facilitate communication and data movement between a single ServiceNow® instance and external applications, data sources, and services.

    Changed in this release

    Multi-factor Authentication enforcement
    MFA is mandated and is enforced to all the non-SSO login users accessing ServiceNow®.

    Activation information

    Authentication is a ServiceNow AI Platform product that is active by default.

    Related ServiceNow applications and features

    Secure your instance
    Platform Security is built into all levels of the ServiceNow AI Platform. Implement the security features that are appropriate for your organization. Manage failed logins and encrypted password protection, access control rules, and audit logs.