High Assurance session with Continuous Authentication
Establish high assurance session for with ServiceNow's continuous authentication.
A high assurance session is a security measure to establish a secure and trusted connection with the identities (users) who access data and are verified with a high degree of confidence.
ServiceNow's High assurance is achieved through robust authentication methods which enforces re-authentication using methods such as Multi-factor Authentication (MFA) and Single Sign On (SSO) while the users try to access data that are sensitive.
When the user re-authenticates or perform step-up authentication (MFA), there's a high assurance session that is established, which provides the ability for the users to access the data protected by the CA administrator based on the CA policy configuration.
Following are the re-authentication methods used to establish High-assurance based on the type of login:
High assurance session created by the user is valid based on the High Assurance session length (glide.zta.high_assurance.session.timeout) determined by the CA administrator.
The high assurance session can be customized based on your requirement by setting the High Assurance system properties:
| Field | Description |
|---|---|
| High Assurance session length (glide.zta.high_assurance.session.timeout) | Specify the high assurance session length, after which the end-users should re-authenticate. Default: 30 minutes. 注: The value must be between 1 and 480. |
| Default high-assurance session length upon login | Specify the duration in minutes for the default high-assurance session length upon user login. Default value: 5 minutes. 注: This property is only applicable for non-sso logins. |
| Configure end-user display message (glide.zta.high_assurance.session.message) | Specify the message that is displayed to the end-user for re-authentication. Default message: One or more resources require additional authentication due to a policy created by your administrator. |
| Total times failed authentication before user account lock-out (glide.zta.high_assurance.session.max.login.failed_attempts) | Set the maximum failed authentication attempts before the users are logged out. 注: The value must be between 3 and 10. |
High assurance session as a Preemptive measure
Users who work with high privilege data such as financial transactions, government information, PII, can establish high assurance session as a preemptive measure to avoid frequent authentication notification during their logged in session.
High assurance session can be created by the themselves. To create a high assurance session, select . In the Related Links section, select Create High-Assurance Session. Verify your identity to create a high assurance session.