Restrict email domains for external user registration [Updated in Security Center 1.3, 1.5, and 2.0]
Use the sn_ext_usr_reg.allowed_email_domains property to list acceptable external email domains.
The sn_ext_usr_reg.allowed_email_domains system property defines which email addresses are allowed to self-register to a ServiceNow instance. The format should be a comma separated list of acceptable email domains such as domain1.com,domain2.com where emails such as example@domain2.com will be accepted. If sn_ext_usr_reg.allowed_email_domains is not set with a list of acceptable domains, then users with any email address are allowed to register accounts on the instances. If not defined, malicious actors could perform registration using emails addresses from unwanted domains to gain authenticated access to the instance.
More information
| Attribute | Description |
|---|---|
| Property name | sn_ext_usr_reg.allowed_email_domains |
| Configuration type | System Properties (/sys_properties_list.do), Communities Properties |
| Category | Access control |
| Purpose | List email domains to allow user email for registration. |
| Recommended value |
Enter a list of domains in a comma-separated format, for example domain1.com, domain2.com, domain3.com. This format works with or without spaces between elements. |
| Configuration type | String |
| Security risk | (High) Malicious actors could perform registration using emails addresses from unwanted domains. Ensure that sn_ext_usr_reg.allowed_email_domains is not set to an empty value. |
| Functional impact | Email addresses from domains that are not included in the comma separated list defined in the property aren't allowed to self-register to a ServiceNow instance. |
| Security risk rating | 7.5 |
| References | Communities |
To learn more about adding or creating a system property, see Add a system property.