Tutorial: Configuring session validation

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Configure session validation within the Adaptive Authentication framework to provide as an additional layer of protection for session or cookie hijacking.

    시작하기 전에

    Role required: adaptive_auth_admin

    Plugin required: Adaptive Authentication (com.snc.adaptive_authentication)

    To configure Session Validation, you must perform the following steps:

    프로시저

    1. Navigate to All > Adaptive Authentication > Authentication Policies > All Policies.
    2. Select the Session Validation Policy in the Policies (sys_authentication_policy_list.do) page.
    3. Select Policy Inputs.
      1. Select New or Edit.
      2. Choose the kind of Policy Input (Filter Criteria) that you want to create.
        Available options are IP, Role, and Group Filter Criteria. Let's choose IP Filter Criteria.IP Filter Criteria
      3. Fill the form with the filter details and provide the IP Range.
        IP Filter Criteria

        To learn more about how to create an IP Filter, see Create IP filter criteria.

      4. Select Submit.
    4. Select Policy Conditions on the Session Validation Policy page.
      1. Select New.
      2. Fill the form and set the Condition for the Policy Input.
        주:
        You can set the conditions to true or false based on the configuration of the policy input. In this example, it is set to true. Setting the condition to true in this case allows only the user with the configured IP address to log in.
        Condition
    5. Select the Active check box to activate the policy after the Session Validation Policy is set up with policy inputs and conditions.
      Activate Session Context
    6. Navigate to All > Adaptive Authentication > Authentication Policies > Properties and enable the Session Validation property.
      Session Validation property
    7. Navigate to All > Adaptive Authentication > Auth Policy Contexts > Session Validation Context.
    8. Set the Default Policy to Allow Policy or Deny Policy to set the session validation context according to the policy input and policy conditions.
      주:
      By default:
      • The Session Validation context is set to Allow Policy.
      • Allow Policy is selected as Session Validation Policy.
      • The Session Validation Context for an authentication policy can only be with Allow Policy.
      Policy Context

    결과

    The configuration evaluates the login session based on the following:

    • Restricts access to the ServiceNow® instance when hijackers copy a user's session cookies from one device to another to impersonate a session.
    • Restricts the user's session access if they're using an insecure network.