Consolidated page of all release notes for Authentication from Zurich to Australia.
How to use this page
To help you prepare for your upgrade, we have combined the cross-family Authentication release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Zurich to Australia.
Tip: If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."
Important information for upgrading Authentication to Australia
Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
New features
Between your current release family and Australia, new features were introduced for Authentication.
| Release |
Release notes |
Zurich |
- Machine Identity Console
- Manage your inbound integration with ServiceNow's Machine Identity Console. Inbound integration in Machine Identity Console provides a simplified configuration experience for your inbound integrations.
- Multi-factor Authentication dashboard
- Use the new MFA Dashboard to understand insights such as MFA user enrollment, privileged admins who haven't opted in to MFA, and compliance. You can verify that all users have MFA enabled for enhanced security with the help
of the MFA Dashboard.
- Multi-factor Authentication Guided Setup
- Use the new MFA Guided setup to configure multi-factor Authentication (MFA) for users who currently log in to ServiceNow with only a user name and password. This update enhances security by guiding administrators through the MFA setup process and verifying that all users are protected with an additional layer
of authentication.
- Attributes for OIDC
- Use the Identity Provider (IDP) Attributes received from the OIDC response from the Identity Provider as a filter criteria for authentication.
|
Australia |
- Authentication factors for AI voice service
- Enable caller access to AI voice agents by configuring the required identification and authentication factors.
- Web Embeddables
- Secure the web embeddables feature for authenticating the ServiceNow®'s web components that are used in third-party portals.
- Granular admin roles
- The granular admin role enables developers and administrators to complete administrative configuration tasks for Authentication without requiring the full admin role.
|
Changes
Between your current release family and Australia, some changes were made to existing Authentication features.
| Release |
Release notes |
Zurich |
- Enhanced SSO login and logout experience
- Use the enhanced SSO login and logout experience. Enhancement includes:
-
- Display of active SAML and OIDC Identity Providers (IdPs) on the ServiceNow platform and portal login pages.
- Assign users to specific groups during SAML and OIDC auto-provisioning.
- Set up OIDC with the same well-known URL. The OIDC configurations can use the same well-known URL of the IdPs for multiple SSO records.
- Display login failure reasons to the users who logged out of ServiceNow due to session expiry or other reasons. Use the login link on the external logout page to again log in to ServiceNow in case of successful logout.
- Display of a generic error message for unsuccessful single log out.
- Enhanced email notifications for SAML certificate and Encryption Key store update.
- FIDO2 as an MFA factor
- Use the FIDO factor policy to enforce FIDO (Hardware key or Biometric as second factor for authentication) as second factor authentication to users who attempt to log in to the instance.
- OAuth integrations
- Configure OAuth integration that includes the following enhancements:
- You can provide a maximum client secret length up to 4096 characters to meet security requirements of the third-party systems.
- You can provide a JSON Web Key Set (JWKS) URL to automatically manage and update the public key for JSON Web Tokens (JWT) signature validation.
- You can request OAuth tokens using the JWT grant type signed with Elliptic Curve Digital Signature Algorithm (ES) signing algorithms, including ES256, ES384, and ES512, for inbound JSON Web Tokens (JWT). It also supports
RS256, RS384, RS512, HS256, HS384, and HS512.
- You can customize the JWT ID (JTI) claim name in both inbound OpenID Connect (OIDC) and JWT Bearer flows.
|
Australia |
- OAuth enhancements
- Following are the OAuth enhancements:
- Use Opaque or JWT token option for your inbound integration endpoints.
- Use the Allow access only to APIs in selected scope option to enable access to the APIs that are explicitly listed in the selected scopes for your inbound integrations.
- Use the OAuth Entity Resource tab for outbound integrations to configure resource parameters so they flow into the OAuth token request and are reflected in the token from your OAuth provider.
|
Removed
Between your current release family and Australia, some Authentication features or functionality were removed.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Deprecations
Between your current release family and Australia, some Authentication features or functionality were deprecated.
| Release |
Release notes |
Zurich |
Due to the launch of new simplified inbound integration configuration in Machine Identity Console, the following inbound integrations configurations in the Application registry page are deprecated:
- OAuth API endpoint for external clients
- OAuth JWT API endpoint for external clients
- OIDC provider to verify ID tokens
|
Australia |
No updates for this release. |
Activation information
Review information on how to activate Authentication.
| Release |
Release notes |
Zurich |
Authentication is a ServiceNow AI Platform product that is active by default.
|
Australia |
Authentication is a ServiceNow AI Platform product that is active by default.
|
Additional requirements
If any additional requirements were introduced or changed for Authentication we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Browser requirements
If any specific browser requirements were introduced or changed for Authentication we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Accessibility information
Review details on accessibility information for Authentication, such as specific requirements or compliance levels.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
- Coral theme
- Coral is now the default theme for new portal, web, and mobile experiences with Next Experience or Core UI enabled. This theme provides a fresh look and feel, featuring brand-neutral illustrations to enhance your user experience. A dark theme option is available for web and mobile experiences.
|
Localization information
If there are specific localization considerations for Authentication we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Highlight information
If there are specific highlight considerations for Authentication we have noted them here.
| Release |
Release notes |
Zurich |
Zurich Patch 7
- Knowledge-based factor enhancement for AI voice service
- Following are the knowledge-based authentication (KBA) enhancements:
- Voice input support for KBA questions: Configure KBA questions to support Voice as an input type, allowing users to provide spoken responses during
identification and authentication. When Voice input is enabled, you can configure the expected format, provide examples, and optionally define a validation pattern using regular expressions.
- Script-based validation for external systems: Configure KBA answers to validate that are created against external systems using custom scripts through the Script
Configuration field. When set to Identification mode, you can write scoped scripts that validate caller identity against external authentication systems instead of internal ServiceNow AI Platform tables.
Zurich Patch 4
- Authentication factors for AI voice service
- Enable caller access to AI voice agents by configuring the required identification and authentication factors.
- OAuth enhancements
- Following are the OAuth enhancements:
- Use Opaque or JWT token option for your inbound integration endpoints.
- Use the Allow access only to APIs in selected scope option to enable access to the APIs that are explicitly listed in the selected scopes for your inbound integrations.
- Use the OAuth Entity Resource tab for outbound integrations to configure resource parameters so they flow into the OAuth token request and are reflected in the token from your OAuth provider.
Zurich Patch 3
- Provider name for Inbound integrations
- Use the Provider name field to enter the details of your inbound integrations to distinguish between different inbound integrations on your ServiceNow AI Platform®. Update the Provider name in your API integrations to improve monitoring capabilities:
- For OAuth integrations, update the provider name using the Provider name field. To know more, see OAuth inbound.
- For Basic authentication integrations, update the Provider name in the integration registration form. To know more about the integration registration form, see View dashboard.
Zurich Patch 1
- OAuth token enhancement
- Use Opaque or JWT token option for your inbound integration endpoints.
Zurich
- Experience the new Inbound integration configuration in the Machine Identity Console.
- Use the new MFA Dashboard to understand insights such as MFA user enrollment, privileged admins who haven't opted in to MFA, and compliance.
- Use the FIDO factor policy to enforce FIDO-based authentication.
- Use the enhanced SSO login and logout experience.
- Configure the authentication policies to restrict access, reduce roles, or enforce MFA based on Identity Provider (IdP) attributes that are received from the OIDC response.
See Authentication for more information.
|
Australia |
Australia Patch 1
- Knowledge-based factor enhancement for AI voice service
- Following are the knowledge-based authentication (KBA) enhancements:
- Voice input support for KBA questions: Configure KBA questions to support Voice as an input type, allowing users to provide spoken responses during
identification and authentication. When Voice input is enabled, you can configure the expected format, provide examples, and optionally define a validation pattern using regular expressions.
- Script-based validation for external systems: Configure KBA answers to validate that are created against external systems using custom scripts through the Script
Configuration field. When set to Identification mode, you can write scoped scripts that validate caller identity against external authentication systems instead of internal ServiceNow AI Platform tables.
Australia
- Enable caller access to AI voice agents by configuring the required identification and authentication factors.
- Secure the web embeddables feature for authenticating the ServiceNow®'s web components that are used in third-party portals.
- Use the granular roles to complete administrative configuration tasks for Authentication without requiring the full admin role.
- Use the enhanced Auth Scope for your Inbound Integrations.
See Authentication for more information.
|