Digest token authentication

Zurich Platform security
Release
zurich
ft:locale
en-US
ft:publication_title
Zurich Platform security
ft:clusterId
psec
bundleId
psec
workflow
Platform
  • Secure your instance
  • ServiceNow Vault
  • Exploring ServiceNow Vault
  • Configuring ServiceNow Vault
  • Install plugins
  • Use guided setup
  • ServiceNow Vault console dashboard
  • Guided Vault
  • Tools and metrics
  • Now Assist for Vault
  • Exploring Now Assist for Vault
  • Configuring Now Assist for Vault
  • Using Now Assist for Vault
  • Generate a custom data pattern by using Now Assist for Vault
  • Check role access for an encrypted column with Now Assist for Vault
  • Schedule a Data Discovery job with Now Assist for Vault
  • Platform Security
  • Security Center
  • Security Center landing page
  • Identity and Access Management
  • Security configuration console
  • Security hardening
  • All settings
  • Hardening settings details
  • Filter hardening settings
  • Hardening compliance score trend
  • Increase score
  • Hardening score comparison
  • Security scanner
  • Scan findings
  • Security scan comparison
  • Auditor suite findings
  • Scan checks
  • Scan suites
  • Access Controls Auditor checks
  • Auditor checks
  • Create a scan suite
  • Clone the access controls auditor suite
  • View the Access Controls Auditor Suite
  • Reschedule a scan suite
  • Scan results
  • Customer Actions
  • Implement Customer Actions
  • View Customer Actions
  • Security monitoring console
  • Security Event Notifications
  • Create custom policies
  • Modify policies
  • Configure policy preferences
  • Create custom email
  • Security Event Notifications history
  • Security metrics
  • Customize the dashboard
  • Configure email notifications on threshold triggers
  • All Security Metrics
  • Active Sessions
  • Adaptive authentication Security Metrics
  • Antivirus
  • Authentication
  • Data Classification
  • Authentication metrics
  • Email
  • Export
  • Integration Accounts
  • Privileged Identity
  • Privileged Users
  • Session management
  • Users
  • Security posture console
  • Security Best Practices
  • Complete a best practice
  • View activity of a best practice
  • View data of completed best practices
  • Filters the security best practices table
  • Best Practices
  • Security posture dashboards
  • Security Tasks
  • Automatic Security Task generation
  • Edit Security Tasks
  • Export Security Tasks
  • Security learning
  • Security banner announcements
  • Instance Security Center
  • Migrating to Security Center
  • Monitor security events
  • Configure the security event ribbon
  • Set preferences for security event notifications
  • Check the daily compliance score and configure security property settings
  • Adjust instance security settings to increase compliance
  • How Daily Compliance score, trend, and graph data is refreshed
  • PCI compliance score dashboard
  • PCI configuration controls score dashboard
  • Scan for incorrect security definitions
  • Monitor instance metrics
  • User metrics
  • Export metrics
  • Export metrics settings
  • Authentication Metrics
  • Adaptive authentication metrics
  • Email metrics
  • Designate email domains as untrusted or trusted
  • Antivirus metrics
  • MFA metrics dashboard
  • Activate the ISC Virtual Agent interface
  • Hardening settings
  • Baseline versions
  • New hardening settings
  • Baseline version 7.0
  • Baseline version 6.0
  • Baseline version 5.0
  • Baseline version 4.0
  • Baseline version 2.0
  • Updated hardening settings
  • Baseline version 7.0
  • Baseline version 6.0
  • Baseline version 5.0
  • Baseline version 4.0
  • Baseline version 2.0
  • Deleted hardening settings
  • Baseline version 7.0
  • Baseline version 6.0
  • Baseline version 5.0
  • Baseline version 4.0
  • Baseline version 2.0
  • Access control
  • Anti-CSRF token validation time [New in Security Center 1.3]
  • Apply domain separation on dot walked fields [Updated in Security Center 1.3, 1.5, and 2.0]
  • Block access for delegated developers
  • Block Expired Anti-CSRF Tokens [Updated in Security Center 1.5]
  • Check UI action conditions before execution
  • Configure event management assignment group admin roles [New in Security Center 1.5]
  • Configure Service Portal Widgets Allow List [New in Security Center 2.0]
  • Configure Service Portal Widgets Table Allow List [New in Security Center 2.0]
  • Deny internal access to explicit external roles [Updated in Security Center 1.3 and 1.5]
  • Deny unauthorized access to request items [Updated in Security Center 1.3]
  • Display recommendations for high risk UI pages
  • Disable inbound emails for locked out users
  • Double check inbound transactions [Updated in Security Center 1.3]
  • Enable scoped admin application ACLs [Updated in Security Center 1.3]
  • Enable work order management query rules for service organizations [New in Security Center 1.5 and updated in 2.0]
  • Enable ACLs to Control Live Profile Details [Updated in Security Center 1.3]
  • Enable ACLs for Encoded Query in Simple List Widget [New in Security Center 2.0]
  • Enable URL allowlist for cross-origin iframe communication
  • Enable Anti-CSRF token [New in Security Center 1.3, updated in 1.5, and removed in 2.0]
  • Enable contextual security plugin [Updated in Security Center 1.3]
  • Enable Cross Scope Privilege Checks on Service Portal Form [New in Security Center 7.0]
  • Enforce ACL on HR Lifecycle Events Data [New in Security Center 2.0]
  • Enforce ACL on HR Core Data [New in Security Center 2.0]
  • Enforce ACL on HR Virtual Agent Data [New in Security Center 2.0]
  • Enforce application specific ACLs only for application data
  • Enforce application scope restrictions [New in Security Center 1.3 and removed in 1.5]
  • Enforce Read Roles for Catalog Variable Search [New in Security Center 7.0]
  • Enforce security rules to sharing dashboards [New in Security Center 1.3]
  • Enforce scope security for public sector digital services [New in Security Center 1.3]
  • Enforce scoped ACL access for information request playbooks [New in Security Center 1.3 and updated in 1.5]
  • Enforce strict elevate privilege [New in Security Center 1.3]
  • Enforce security scope license and permit playbook [New in Security Center 1.5 and updated in 2.0]
  • Enforce Security Scope for Agent Workspace for HR Case Management [New in Security Center 1.5 and updated in 2.0]
  • Enforce Security Scope for Service Application Information [New in Security Center 2.0]
  • Enforce field level ACLs in GlideRecordSandbox
  • Enforce GroupBy ACLs
  • Ensure archive table ACLs are checked [New in Security Center 1.3 and updated in 1.5]
  • Ensure dashboards creation/deletion requires access check [New in Security Center 1.3 and updated in 2.0]
  • Exclude Sensitive Tables and Fields from Data Generation [New in Security Center 7.0]
  • Prevent Users From Accepting Warning To Bypass CSRF Validation [Updated in Security Center 1.3 and 1.5]
  • Restrict delegated developers read access [Updated in Security Center 1.3]
  • Require AJAXGlideRecord ACL checking [Updated in Security Center 1.3]
  • Restrict write access on system fields to admin users [New in Security Center 7.0]
  • Require approval for agent-based Office 365 group membership changes [New in Security Center 7.0]
  • Prevent impersonating user from viewing application data
  • Enforce oauth state parameter validation
  • Enforce Strict User Image Upload
  • Restrict email domains for external user registration [Updated in Security Center 1.3, 1.5, and 2.0]
  • Enable High Security Plugin [Updated in Security Center 1.3]
  • Honor Admin Override ACLs
  • Prevent inactive users from logging in [New in Security Center 1.5]
  • Prevent Unauthenticated Access to Virtual Agent Embedded Web Client
  • Restrict JSONP Requests to Trusted URLs [Updated in Security Center 1.3]
  • Prevent users from accepting warning to bypass CSRF validation
  • Disable raw database query execution [Updated in Security Center 1.3 and removed in 2.0]
  • Hide user comments on articles [New in Security Center 1.3]
  • Require authentication by default for client-callable script includes [Updated in Security Center 1.3]
  • Enforce production instance behavior [Updated in Security Center 1.3 and 1.5]
  • Restrict access to background script [Updated in Security Center 1.3 and 2.0]
  • Restrict access to emails with empty target table
  • Restrict access to specific IP ranges plugin [Updated in Security Center 1.3]
  • Restrict knowledge bases access [New in Security Center 1.3]
  • Restrict permissions for CMDB model [Updated in Security Center 1.3 and 1.5]
  • Restrict unauthenticated access to attachments
  • Restrict access to custom journal entries [Updated in Security Center 1.3 and removed in 2.0]
  • Restrict flow context read access [New in Security Center 1.5]
  • Restrict Impersonation to Admin [New in Security Center 2.0]
  • Enable security jump start plugin (ACL Rules) [Updated in Security Center 1.3]
  • Use of secure insert multiple operation within import set API [New in Security Center 1.3]
  • Enforce SOAP request strict security [Updated in Security Center 1.3]
  • Required jms connection factories [New in Security Center 1.3 and updated in 1.5 and 2.0]
  • Restrict Global App Development by Role [New in Security Center 2.0]
  • Review extraneous explicit role access control conditions [Removed in Security Center 1.5]
  • Set guest user for soap requests [Updated in Security Center 1.3 and 2.0]
  • Disable public access to favorites [Updated in Security Center 1.3 and 2.0]
  • Enable SNC access control plugin [Updated in Security Center 1.3]
  • Use Document Classification to limit publicly accessible documents [New in Security Center 7.0]
  • Validate query ACLs on Glide DB functions [New in Security Center 7.0]
  • API and web service
  • Validate SOAP content type [Updated in Security Center 1.3]
  • Require authorization for pdf requests [Updated in Security Center 1.3]
  • Require Authentication on Event Management HTTP Processor [New in Security Center 1.3, Updated in 1.5, and removed in 2.0]
  • Require authorization for SOAP requests [Updated in Security Center 1.3, 1.5, and 2.0]
  • Require authorization for unload requests [Updated in Security Center 1.3]
  • Require authorization for csv requests [Updated in Security Center 1.3]
  • Require authorization for excel requests [Updated in Security Center 1.3]
  • Require authorization for import requests [Updated in Security Center 1.3]
  • Require authorization for JSONv2 request [Updated in Security Center 1.3]
  • Require authorization for WSDL request [Updated in Security Center 1.3 and 1.5]
  • Require authorization for XML requests [Updated in Security Center 1.3]
  • Require authorization for XML output requests [Updated in Security Center 1.3]
  • Require Authorization for XSD Requests [Updated in Security Center 1.3]
  • Require authorization for script requests [Updated in Security Center 1.3]
  • Require authorization for SCHEMA requests [Updated in Security Center 1.3]
  • Require authorization for RSS requests [Updated in Security Center 1.3]
  • Require authorization for API requests [Updated in Security Center 1.3]
  • Architecture, design, and threat modeling
  • Certificate based authentication not enforced [New in Security Center 1.3]
  • Check impersonation on ACL evaluation in HR App [New in Security Center 1.3 and updated in 1.5]
  • Disable local login for users with Single Sign-On (SSO) enabled
  • Disable unauthenticated published reports [Updated in Security Center 2.0]
  • Enforce field ACLs for inbound query requests
  • Enforce read ACLs on report views
  • Enforce Query ACLs for Knowledge Quick Links
  • Enforce Query ACLs for SubLists, List Counts and Widget Data Tables
  • Enforce valid query string choice [New in Security Center 7.0]
  • Define allowed ServiceNow internal IP addresses [Updated in Security Center 1.3 and 1.5]
  • Disable legacy JQuery behavior [Updated in Securty Center 1.3]
  • Disable GlideRecord Scope Fencing Legacy Behavior [New in Security Center 1.3 and updated in 1.5 and 2.0]
  • Disable legacy AngularJS behavior [Removed in Security Center 2.2]
  • Require authorization for data broker rest API [Updated in Security Center 1.3]
  • Restricted Binding functionality in case Bearer Authorization [New in Security Center 7.0]
  • Deny by default with empty ACLs [Updated in Security Center 1.3]
  • Set Automatic Token Cleanup for Token Credentials [New in Security Center 2.0]
  • Authentication
  • Activate role-based multi-factor authentication [Updated in Security Center 1.3]
  • Activate role based multi-factor authentication [Updated in Security Center 1.3]
  • Anti-CSRF token (instance security hardening)
  • Control Lockout Time for Invalid Password Reset Attempts [Updated in Security Center 1.3 and 2.0]
  • Disable creating users from incoming emails [Updated in Securty Center 1.3]
  • Disable password-less authentication
  • Disable resource owner password credentials (ROPC) in OAuth 2 token grants [New in Security Center 7.0]
  • Do not apply password policy at login [Updated in Security Center 1.5 and removed in 2.0]
  • Enable account recovery [Updated in Security Center 1.3 and 1.5]
  • Enable CAPTCHA for customer registration
  • Enable a deny-list password validation check
  • Enable Captcha for External User Registration [Updated in Security Center 1.3 and 1.5]
  • Enable CAPTCHA in password reset
  • Enable email OTP for multi-factor authentication
  • Enable password reset policy checks [Updated in Security Center 2.0]
  • Enable policy based session access for mobile [New in Security Center 1.5]
  • Enable relay state in SAML requests to prevent replay attacks
  • Enable SMS code notification for enrollment and verification [Updated in Security Center 1.3]
  • Enable SSL in LDAP authentication [Updated in Security Center 1.5 and 2.0]
  • Enforce current password policy compliance requirements on login
  • Enforce device encryption and passcode requirements [New in Security Center 1.3]
  • Limit Invalid Password Reset Attempts [Updated in Security Center 1.3 and updated in 2.0]
  • Managing unlock timeout after failed logins [Updated in Security Center 1.3]
  • Maximize failed login unlock timeout duration [Updated in Security Center 1.3]
  • Maximize reset password request retry window duration [Updated in Security Center 1.3]
  • Maximize reset password request unlock window duration [Updated in Security Center 1.3]
  • Maximize reset password SMS complexity [Updated in Security Center 1.3]
  • Maximize reset password SMS pause window duration [Updated in Security Center 1.3]
  • Maximize reset password verification delay duration [Updated in Security Center 1.3]
  • Minimize external user registration link expiration duration [Updated in Security Center 1.3 and 1.5]
  • Minimize reset password max SMS per day [Updated in Security Center 1.3]
  • Minimize failed login attempts for high assurance sessions
  • Minimize reset password request expiration duration [Updated in Security Center 1.3]
  • Minimize reset password request success window duration [Updated in Securty Center 1.3]
  • Minimize reset password SMS expiracy duration [Updated in Security Center 1.3]
  • Minimize one-time out of band verifier lifetime duration [Updated in Security Center 1.3]
  • Minimize SAML notBefore or notOnOrAfter constraint duration [Updated in Security Center 1.3 and 1.5]
  • Notify users during password reset/change process [Removed in Security Center 1.5]
  • Reduce allowed bypasses for multifactor setup
  • Remove credentials from Welcome page
  • Require captcha for guest walk-up experience in customer service application [New in Security Center 1.3 and updated in 1.5]
  • Require obfuscation of classic mobile app UI [Updated in Security Center 1.3]
  • Require obfuscation of mobile app UI [Updated in Security Center 1.3]
  • Set minimal password length [Updated in Security center 2.2]
  • Set OTP lifetime for password reset to 1 hour [Updated in Security Center 2.0]
  • Business Logic
  • Limit max comments per user per day
  • Limit max subscriptions per user per day
  • Minimize SMTP Recipient Quantity [Updated in Security Center 1.3]
  • Timeout Guest Sessions
  • Validate remote host
  • Communications
  • Enforce certificate trust [Updated in Security Center 1.3, removed in 2.0, added in 7.0]
  • Disable outbound SSLv2/SSLv3 connections [Updated in Security Center 1.3]
  • Do not use demo certificates for active saml configurations [Updated in Security Center 1.5]
  • Disable deprecated TLS versions
  • Enforce OCSP check on network error [New in Security Center 1.3 and updated in 2.0]
  • Verify certificate chain and hostname [New in Security Center 1.3 and updated in 2.0]
  • Verify certificate revocation [New in Security Center 1.3]
  • Configuration
  • Auto set content type options [Removed in Security Center 1.3.3]
  • Cache-Control HTTP Header Value [Updated in Security Center 1.3 and removed in 1.5]
  • Enable HTTP response headers configuration
  • Disable legacy JQuery UI usage
  • Disable locked form elements debugging
  • Disable MultiSSO Debugging [Updated in Security Center 1.3 and 1.5]
  • Disallow target cloning [New in Security Center 1.3]
  • Disable soap fault stack trace display
  • Restrict performance monitoring access [Updated in Security Center 1.3]
  • Enable updated version of MultiSSO plugin [Updated in Security Center 1.3 and 1.5]
  • Enforce secure referrer policy [New in Security Center 1.3]
  • Ensure minimum private key size
  • Implement the x-frame-options: SAMEORIGIN security header [Updated in Security Center 1.3]
  • Require write access to access service catalog add item page [New in Security Center 1.3]
  • Set Xframe options to prevent embedding third-party websites [Updated in Security Center 1.3]
  • Data protection
  • Remove remember me
  • Require clearing pasteboard when backgrounding mobile application [New in Security Center 1.3 and updated in 1.5]
  • Restrict HR case updates from personal emails [New in Security Center 1.3 and updated in 1.5]
  • Restrict oauth parameters to POST body [New in Security Center 1.3]
  • Error handling and logging
  • Disable logger for low privilege users in script sandbox [Updated in Security Center 1.3]
  • Disable secure cookie debugging
  • Disable SQL Error Messages [Updated in Security Center 1.3 and 1.5]
  • Enable MID audit log [New in Security Center 1.3 and updated in 1.5]
  • Enable protected tables plugin [New in Security Center 1.3]
  • Log all outbound http request fields [Removed in Security Center v1.3.2]
  • Log html sanitization [Removed in Security Center 2.0]
  • Log session audit events [New in Security Center 1.3 and updated in 1.5]
  • Log user impersonation [Updated in Security Center 1.3 and 2.0]
  • Prevent verbose HTTP request logging
  • Turn off verbose SQL error messages for import processor [Updated in Security Center 1.3]
  • File and resources
  • Disallow infected file download [Updated in Security Center 1.5 and 2.0]
  • Enable email spam scoring and filtering [Updated in Security Center 1.3]
  • Enable antivirus scan
  • Restrict downloadable files types in static content [Updated in Security Center 1.3]
  • Limit attachment size in training and prediction flows for GraphQL endpoints [New in Security Center 1.3 and updated in 1.5]
  • Limit attachment size in training and prediction flows [New in Security Center 1.3 and updated in 1.5]
  • Limit HTTP response body size [New in Security Center 1.3 and updated in 1.5]
  • Limit maximum number of attachments in email
  • Maximum allowed attachment size [Updated in Security Center 1.3]
  • Set Allowed MIME Child Types [New in Security Center 2.0]
  • Validate file mime type in AttachmentCreator soap web service [New in Security Center 1.3 and updated in 1.5]
  • Malicious code
  • Block rooted or jailbroken mobile devices
  • Enable Code Signing for application configuration data and scripts [Removed in Security Center 1.3]
  • Session management
  • Apply continuous authentication policies to mobile sessions
  • Minimize absolute session timeout duration [Updated in Security Center 1.3]
  • Define active session timeout exception roles [New in Security Center 1.3]
  • Enable UserCookie version 3.1 [Updated in Security Center 2.0]
  • Enforce password reset on api requests [Updated in Security Center 1.5]
  • Enable HTTP Only Cookie Flag [Updated in Security Center 1.3]
  • Invalidate Session After OAuth Token Expiration [New in Security Center 2.0]
  • Minimize concurrent interactive session quantity [Updated in Security Center 1.3]
  • Limit concurrent sessions across all nodes [Updated in Security Center 1.3]
  • Limit concurrent sessions plugin
  • Limit guest's active session life span [New in Security Center 1.3]
  • Limit concurrent interactive sessions [Updated in Security Center 1.3]
  • Limit integrations' active session life span [New in Security Center 1.3]
  • Limit policy based session access mobile refresh token interval [New in Security Center 1.5]
  • Limit UI active session life span [New in Security Center 1.3]
  • Limit session length for high assurance sessions
  • Proactively invalidate inactive sessions [New in Security Center 1.3 and updated in 1.5 and 2.0]
  • Rotate HTTP session identifiers
  • Minimize concurrent interactive session quantity [Updated in Security Center 1.3]
  • Minimize session activity timeout duration [Updated in Security Center 1.3]
  • Minimize session window timeout duration [Updated in Security Center 1.3]
  • Stored cryptography
  • Enable glide KMF encrypter [Removed in Security Center 1.3.2]
  • Disable use of TripleDES/3DES encryption algorithm
  • Prevent usage of 3DES keys [New in Security Center 7.0]
  • Validation, sanitization, and encoding
  • Allow HTML Links to Trusted Domains in the Description Fields of the Impact Workspace Module [New in Security Center 7.0]
  • Restrict access to GlideSystemUserSession scriptable API [Updated in Security Center 1.3 and 2.0]
  • Disable JavaScript tags in embedded HTML [Updated in Security Center 1.3]
  • Enable the hardened java security manager [New in Security Center 1.3]
  • Enforce HTML Sanitization [Updated in Security Center 1.3]
  • Ensure Contextual Search Do Not Contain An Unvalidated Redirect [New in Security Center 7.0]
  • Disable AJAXEvaluate
  • Disable Entity Expansion within the XMLDocument2 Streaming Parser [Updated in Security Center 1.5]
  • Disable external content url [Updated in Security Center 2.0]
  • Restrict downloadable MIME types [Updated in Security Center 1.3 and 2.0]
  • Disable embedded HTML code [Updated in Security Center 1.3]
  • Enable HTML Sanitizer within Virtual Agent [Updated in Security Center 1.3 and 1.5]
  • Enable Jelly JS Interpolation Protection
  • Enable Jelly JS interpolation protection for nested expressions [Updated in Security Center 2.0]
  • Enforce relative links [Updated in Security Center 1.3 and 1.5]
  • Enforce URL allowlist check [Updated in Security Center 1.3, 1.5, and 2.0]
  • Escape Excel Formulas [Updated in Security Center 1.3]
  • Escape HTML in list views [Updated in Security Center 1.3 and 1.5]
  • Escape JavaScript [Updated in Security Center 1.3]
  • Escape jelly script [Updated in Security Center 1.3 and 1.5]
  • Escape scripts in scratchpad [Updated in Security Center 1.3]
  • Escape XML markup [Updated in Security Center 1.3]
  • Escape xml response
  • Enable HTML Sanitizer [Updated in Security Center 1.3]
  • Restrict allowed Java packages [Updated in Security Center 1.3]
  • Packages call removal tool
  • Unset LDAP Initial distinguished name [Updated in Security Center 1.3 and removed in 2.0]
  • Enforce strict security of session cookies [Updated in Security Center 1.3]
  • Minimize Entity Expansion Threshold for GlideXMLUtil Scriptable [Updated in Security Center 1.3, 1.5, and 2.0]
  • Prevent Empty ACL Creation [New in Security Center 2.0]
  • Define restricted downloadable MIME types [Updated in Security Center 1.3, 1.5, and 2.0]
  • Restrict uploaded MIME types [Updated in Security Center 1.3 and 2.0]
  • Restrict XML external entities [Updated in Security Center 1.3 and 2.0]
  • Require XMLdoc2 entity validation with allowlistDisable entity expansion [Updated in Security Center 1.3]
  • Sanitize All Translated HTML Fields [New in Security Center 2.0]
  • Sanitize HTML in the Description Fields of the Impact Workspace Module [New in Security Center 7.0]
  • Set safe content security policy for svg files [New in Security Center 1.3]
  • Log Export Service (LES)
  • Explore
  • Log sources
  • Administer
  • Create a log source configuration
  • Create source type and multi topics in the LES source table
  • Update system property
  • Configure
  • Kafka consumer
  • Guided setup for Kafka consumers
  • MID server consumer
  • Guided setup for MID Server consumers
  • Multi-consumer support using unique mid servers
  • Secure Hermes LES connection
  • Use
  • Reference
  • Log Export Service roles
  • Logs
  • System logs
  • System log
  • Transaction logs
  • Client transaction timings
  • Push logs
  • System email log
  • Event logs
  • Import logs
  • System Diagnostics module
  • Customer Updates table
  • Log history
  • Use the log file browser
  • Enhanced logging security
  • Avoid log tampering
  • Configuring the log protection plugin
  • Create log protection property
  • Logging, auditing, and errors
  • Disabling SQL error messages
  • Secrets Management
  • Exploring Secrets Management
  • About client-side Secrets Management
  • Configuring client accessible secrets
  • Create encryption keys and certificate
  • Add your certificate to the ServiceNow Trusted Key Store
  • Create a secret group
  • Upload the public/private keypair to the MID Server
  • Create credentials
  • Configure Flow Designer to manage the integration
  • Test the end-to-end client-side encrypted secrets integration
  • Test a Windows Management Instrumentation credential encrypted with Secrets Management
  • Cloning and Secrets Management
  • Secrets Management dashboard
  • Secrets management roles
  • Create a secret group cryptographic module
  • Create a basic secret group
  • Create a secret group with criteria
  • Upload a public key
  • Run jobs
  • Code Signing
  • Explore
  • Configure
  • Assign the Administrator Role
  • Trusted Instance Setup
  • Upload configuration files to your protected instance
  • Protected Instance Setup
  • Enable Certificate Validation
  • Quorum Controlled Certificate Revocation
  • Export Request
  • Import Request
  • Approve Request
  • Disable Code Signing
  • Create Key Pairs and Certificates
  • Custom Firewall Rules
  • Root of Trust Settings
  • Migrate Signatures
  • Disable Root of Trust
  • Using Code Signing
  • Standalone Signing Tool
  • Use Signing Tool
  • Tool Arguments
  • JDBC Signing
  • REST and SOAP Signing
  • Sign the Existing Messages
  • Sign the New Messages
  • Sign Records and Files
  • Create a Job on a Trusted Instance
  • Sign Flows and Actions
  • Health and Status Dashboard
  • Dashboard Summary
  • Signature Status
  • MID Server Configuration
  • Key Pair and Certificates
  • Configuration Dashboard
  • Administer and Troubleshoot
  • Properties
  • Roles
  • Logs and Errors
  • Antivirus Scanning
  • Exploring Antivirus Scanning
  • Configuring Antivirus Scanning
  • Reviewing quarantined files
  • Review antivirus activity
  • Understanding Dictionary attributes
  • HTML sanitizer
  • Exploring HTML sanitizer
  • Configuring HTML sanitizer
  • Enabling HTML sanitizer
  • Enable sanitization on individual fields
  • Enable HTML Sanitizer logging
  • Auditing
  • Explore
  • Auditing components
  • Configure
  • Enable inclusion list auditing for a table
  • Exclude a field from being audited (exclusion listing)
  • Include a table field in auditing (inclusion listing)
  • Enable auditing for a system table
  • Audit Management Console
  • Setup your audit retention
  • Review
  • Reference
  • Differences Between Audit and History Sets
  • Control access to history
  • Change the number of history entries
  • History List
  • History Calendar
  • History Timeline
  • View timeline of changes to related records
  • Export a snapshot of a configuration item
  • Compare CI snapshots
  • Tracking changes to reference fields
  • Tracking inserts
  • Tracking CI Relationships
  • High Security Settings
  • Exploring High Security Settings
  • Activating High Security Settings
  • Virtual Private Network (VPN)
  • Exploring Virtual Private Network (VPN)
  • Activating a VPN service
  • Configuring an address for VPN communication
  • Platform Privacy
  • Exploring Data Privacy
  • Data Privacy
  • Data Privacy for Now Assist
  • Exploring Data Privacy for Now Assist
  • Configuring Data Privacy for Now Assist
  • Data privacy
  • Data privacy overview
  • Data classification
  • Create data classifications
  • Classify data
  • Data anonymization
  • Create anonymization techniques
  • Create anonymization policies
  • Configure data anonymization clone request
  • Create anonymization job
  • Activate parallel jobs
  • Real time anonymization
  • Real time anonymization failures
  • Activate data privacy
  • Data Privacy for Virtual Agent
  • Domain separation
  • Supported field types for anonymization
  • Data privacy roles
  • Data privacy (Classic)
  • Activate data privacy (Classic)
  • Installed with data privacy (Classic)
  • Data privacy (Classic) configuration
  • Create a data privacy technique configuration
  • Create a data privacy policy
  • Configure a data privacy job
  • Data privacy job rollback
  • Roll back a data privacy job
  • Data privacy clone
  • Configure data privacy clone request
  • Data Privacy Job Logs
  • Data Discovery
  • Exploring Data Discovery (Classic)
  • Activating Data Discovery
  • Classify data
  • Data Discovery jobs
  • Configure a job
  • Attachment scanning
  • Configure patterns
  • Default data patterns
  • Configure target tables
  • Activate parallel jobs
  • Data Discovery roles
  • Data Discovery job results
  • Data Discovery supported data types
  • Scanning with Granular Configuration
  • Granular Findings
  • Contextual based discovery
  • Data Discovery policies
  • Create a policy
  • Data Discovery Store
  • Data Discovery Store overview
  • Data Discovery policy
  • Create new policy
  • Data Discovery sources
  • Create new data pattern
  • Select active data patterns
  • Select target tables
  • Data Discovery scheduled discovery
  • Create discovery job
  • Review discovery findings
  • Create granular job
  • Review granular findings
  • Data Classification
  • Exploring Data Classification
  • Installing plugin demo data
  • Creating data classifications
  • Assigning data classifications to dictionary entries
  • Analyzing data classifications
  • Domain separation
  • Encryption
  • Key Management Framework
  • Exploring the Key Management Framework
  • Cryptographic module overview
  • Cryptographic specification overview
  • Module access policy overview
  • Instance level keys in the Key Management Framework
  • Configuring the Key Management Framework
  • Assign Key Management Framework roles
  • Configure field encryption settings to select key type
  • Create a cryptographic module
  • Create a cryptographic specification
  • Configure key lifecycle states
  • Generate a ServiceNow cryptographic key
  • Create a module access policy
  • Create a granular role module access policy for symmetric encryption
  • Create a cryptographic module life-cycle policy
  • Create module life-cycle policy exceptions
  • Key Management Framework Reference
  • Key Management Framework key life-cycle states
  • Roles installed with Key Management Framework
  • Module access policy visualization
  • Module access policy debugger
  • Encryption and Key Management subscription bundle
  • Key management actions
  • View and manage keys
  • Rotate keys
  • Import a key from a web service
  • Key Management Framework Health
  • Prepare your instance for GlideEncrypter deprecation
  • GlideEncrypter deprecation
  • Deprecate GlideEncrypter usage of 3DES for password2 fields
  • Key Management Framework Resource Exchange
  • Key Management Framework Key Exchange
  • Configure Key Exchange
  • Rekey ciphertext with Key Exchange
  • Recurring Key Exchange walkthrough
  • Infrastructure Security
  • Generate a Certificate Signing Request
  • Password2 encryption with the Key Management Framework (KMF)
  • Certificates
  • Exploring Certificates
  • Generating an LDAP client certificate
  • Generating a server certificate
  • Uploading a certificate to an instance
  • Uploading a trusted server certificate
  • Field Encryption
  • Exploring Field Encryption
  • Configuring Field Encryption
  • Activate Field Encryption
  • Role requirements for Field Encryption
  • Configure Field Encryption modules
  • Cryptographic specifications for Field Encryption
  • Module keys for Field Encryption
  • Module lifecycle policy exceptions for Field Encryption
  • Configure Customer-supplied keys for Field Encryption Enterprise
  • Configure properties for customer-supplied key
  • Wrap your customer-supplied key
  • Upload your customer-supplied key
  • Configure encrypted field configurations for fields or attachments
  • Configure multi-module encrypted field configurations
  • Configure module access policies for field encryption
  • Migrating to Field Encryption
  • Field Encryption migration status page
  • Migrate from Edge Encryption to Field Encryption
  • Configure Field Encryption for your Edge Encrypted fields
  • Field Encryption and system clones
  • Prevent users from attaching unencrypted files
  • Using Field Encryption
  • Create cryptographic module for Field Encryption
  • Using multiple encryption modules
  • Encrypt data using Row Conditions
  • Encrypt data using the Multiple Modules feature
  • Create a cryptographic specification for Field Encryption
  • Configure advanced algorithms for Field Encryption Enterprise
  • Using customer supplied keys with Field Encryption Enterprise
  • Configure properties for customer-supplied keys
  • Wrap your customer-supplied key
  • Configure and upload your customer supplied key
  • Encrypting fields and attachments
  • Set encrypted field configurations
  • Script access for cryptographic modules
  • Configure script access to encrypted data
  • View declined cryptographic module usage requests
  • Schedule mass encryption, decryption, and rekeying jobs
  • Run mass encryption or decryption
  • Upload attachments for encryption
  • Field Encryption Enterprise examples
  • Field Encryption Enterprise
  • Column Level Encryption
  • Exploring Column Level Encryption
  • Column Level Encryption Guided Tour
  • Configuring Column Level Encryption
  • Activate Column Level Encryption Enterprise
  • Migrating to Column Level Encryption Enterprise
  • Column Level Encryption migration status page
  • Prevent users from attaching unencrypted files
  • Using Column Level Encryption
  • Create cryptographic module for Column Level Encryption
  • Encrypt data using the Multiple Modules feature
  • Create a cryptographic specification for Column Level Encryption
  • Configure advanced algorithms for Column Level Encryption Enterprise
  • Using customer supplied keys with Column Level Encryption Enterprise
  • Configure properties for customer-supplied keys
  • Wrap your customer-supplied key
  • Configure and upload your customer supplied key
  • Encrypting fields and attachments
  • Set encrypted field configurations
  • Script access for cryptographic modules
  • Configure script access to encrypted data
  • View declined cryptographic module usage requests
  • Schedule mass encryption, decryption, and rekeying jobs
  • Run mass encryption or decryption
  • Column Level Encryption Enterprise
  • Column Level Encryption Enterprise walkthrough
  • Attachment encryption walkthrough
  • Column Level Encryption Enterprise
  • Cloud Encryption with Key Management
  • Key management operations
  • Quorum Control Policy
  • Configure Quorum Control Policy Settings
  • Manage Quorum Control
  • Approve or deny a quorum control request
  • Approve or deny a quorum request
  • Key management transactions
  • Cloud Encryption logging
  • Tamper Detection
  • Full disk encryption
  • Edge Encryption
  • Exploring Edge Encryption
  • Edge Encryption components
  • Edge Encryption clients
  • Key management for Edge Encryption
  • SafeNet key versioning
  • Encryption configurations and patterns
  • Installed with Edge Encryption
  • Planning for Edge Encryption
  • System requirements
  • Sizing your environment
  • Calculate the order-preserving and tokenization database size
  • Edge Encryption limitations
  • Installing Edge Encryption
  • Request Edge Encryption
  • Set up an Edge Encryption user account
  • Download the Edge Encryption proxy server
  • Install the Edge Encryption proxy server using the interactive installer
  • Install the proxy server (interactive installer)
  • Configure CyberArk properties protection
  • Configure the signature key
  • Configure the HTTPS certificate
  • Configure the AES 128-bit encryption key
  • Configure the AES 256-bit encryption key
  • Update SSL certificate
  • Configure the proxy database
  • Launch the proxy server
  • Verify and troubleshoot proxy server installation
  • Install the Edge Encryption proxy server using the command line installer
  • Install the proxy server (command line installer)
  • Create and configure the RSA key pair for the digital signature
  • Import and configure the certificate for secure SSL connection
  • Set up a keystore and encryption keys
  • Set up a Java KeyStore keystore
  • Create encryption keys using the Java KeyStore keytool
  • Set up a SafeNet KeySecure keystore
  • Set up Unbound Technology keys
  • Create an encryption key stored in a file
  • Configure encryption keys on the instance
  • Configure additional properties
  • Configure a web proxy
  • Set proxy server memory limits
  • Start the proxy
  • Obfuscate passwords in the properties file
  • Manually add an additional proxy
  • Authenticate a proxy server
  • Stop the proxy
  • Uninstall the proxy on Linux
  • Uninstall the proxy on Windows
  • Set up multiple provider SSO
  • Edge Encryption proxy server properties
  • CyberArk integration with the Edge proxy server
  • Using a load balancer with the Edge proxy server
  • Upgrading Edge Encryption
  • Schedule proxy server upgrade
  • Manually upgrade a proxy server running on Linux
  • Manually upgrade a proxy server running on Windows
  • Roll back a proxy server upgrade
  • Configuring Edge Encryption
  • Rotate encryption keys
  • Encrypt fields using encryption configurations
  • Encrypt attachments using standard encryption
  • Change a field or attachment's encryption type
  • Tokenize strings using encryption patterns
  • Repair or recover order-preserving encrypted data
  • Configure the IP address deny list
  • Encrypt data from a record producer
  • Define a custom encryption rule
  • Inspect the client request
  • Create an encryption rule
  • Encryption rule conditions
  • Encryption rule actions
  • Encryption rule objects and APIs
  • request
  • POST and URL parameter APIs
  • XML APIs
  • XMLContent
  • XMLElementIterator
  • XMLElement
  • JSON APIs
  • JsonNode
  • JsonNodeIterator
  • print(String message)
  • Prohibited keywords
  • Edge Encryption dictionary attributes
  • Domain separation and Edge Encryption
  • Data integration with Edge Encryption
  • ODBC driver integration
  • MID Server integration
  • Diagnostics and performance
  • Increase debug logging for the proxy
  • Database Encryption
  • Exploring Database Encryption
  • Requesting database key rotation
  • Database Encryption with Customer Controlled Switch
  • Access Management
  • Zero Trust Access
  • Explore ZTA
  • Activate ZTA
  • Configure Session Access role
  • System properties
  • Session Access Audits
  • Tutorial: Use ZTA
  • Configure IDP attribute for Session Access
  • ZTA for Mobile
  • Continuous Authentication (CA)
  • Explore CA
  • Policies
  • Metrics
  • System properties
  • Pre-work for CA
  • Activate CA
  • Configure CA
  • Tutorial: Configure CA for a Table
  • Tutorial: Configure CA for a Data Class
  • High Assurance
  • SSO Login
  • Non-SSO login
  • Audit logs
  • Domain separation for service providers
  • Exploring domain separation
  • Delegating configuration options to customers
  • Domain assignment
  • Visibility domains and Contains domains
  • Domain scope
  • Concepts for service providers
  • Global queue v.2
  • Service provider connector
  • Installed with domain separation
  • Application support for domain separation
  • Recommended practices for service providers
  • Domain separation explained
  • Value proposition
  • Definition of domain separation
  • Domain separation hierarchies
  • Context and domain separation
  • Segregating and securing data
  • Cross tenant intelligence
  • Alternatives to domain separation
  • Evaluating the need for domain separation
  • Benefits of domain separation
  • How a database query works with domain separation
  • Domain separation levels of support
  • Service provider reference architecture
  • Decision trees
  • Dedicated instances
  • Hybrid solution
  • Service Integration Management (SIAM)
  • Domain separation terms
  • Domain-separate a custom table
  • Customizing domain properties and themes
  • Managing domain separation for specific uses
  • Configuring domain separation with the domain picker
  • Performance considerations
  • Setting up domain hierarchies
  • Checking domain logs for errors and warnings
  • Importance of the Default domain
  • Contains queries and domain access
  • Domain paths query method
  • Slow queries and SQL debugging
  • Before Query business rules
  • Avoiding domain path in scripts
  • Domain assignments
  • CSM plugin
  • Domain Separation Help
  • Setup and administration
  • Request domain separation
  • Domain separation plugin
  • Domain system properties and user preferences
  • Create a domain
  • Make a domain the default
  • Manually manage the domain for particular records
  • Domain Separated Tables
  • Domain Override Viewer
  • Enable or disable a domain
  • Add a domain field to a table
  • View domain relationships
  • Select a primary domain
  • Create Contains relationships between domains
  • Expand domain scope
  • Add domains to a visibility domains list
  • Grant visibility domains to an individual user
  • Create a domain-specific choice list
  • Advanced administration
  • Use domain selection menus
  • Enable domain selection menus in Core UI
  • Restrict access to the domain picker
  • Application properties
  • Domain Migration Tool
  • Process administration
  • Example: Domain specific applications
  • Enable logging and debug messages
  • View a real-time domain message
  • View a historical domain message
  • Troubleshoot domain separation errors
  • Post-Production Domain Separation Activation Utility
  • Domain Job Management
  • Delete by domain
  • Domain Separation Center
  • Configure the Domain Separation Center
  • Configure audits
  • Schedule audits
  • Execute audits immediately
  • View audits with warnings and errors
  • View running and pending results
  • View inactive audits
  • Authentication
  • Adaptive authentication
  • Activate adaptive authentication
  • Filter criteria
  • IP Filter
  • Create IP filter criteria
  • Role Filter
  • Create role filter criteria
  • Group Filter
  • Create group filter criteria
  • Location Filter
  • Activate Location Based Access
  • Create location filter criteria
  • Tutorial: Use Location Filter criteria
  • Use Location Filter in Pre Authentication Context
  • Use Location Filter Post Authentication Context
  • Use Location Filter in MFA Context
  • Use Location Filter for Session Access
  • Identity Provider Attributes Filter
  • Attributes for SAML
  • Use as filter criteria for SAML
  • Attributes for OIDC
  • Use as filter criteria for OIDC
  • Authentication policy contexts
  • Pre authentication context
  • Post-authentication context
  • MFA context
  • Account recovery context
  • Session validation context
  • Activate Session Validation Context
  • Tutorial: Configuring session validation
  • Authentication policies
  • Configure a policy
  • Add to an authentication policy context
  • Adaptive Authentication Events
  • Configure properties
  • Tutorial: Configure adaptive authentication
  • Adaptive Authentication for Trusted Mobile Apps
  • Activate Trusted Mobile App
  • Register a trusted device
  • Manage your trusted device
  • Registration details of registered devices
  • Trusted Mobile App troubleshooting
  • API authentication
  • Certificate based authentication
  • OAuth
  • Token-based authentication
  • API Key and HMAC Authentication for inbound REST APIs
  • Activate API Key and HMAC Authentication
  • Configure API key - Token-based authentication
  • Configure HMAC - Token-based authentication
  • Cleaning up token Expiry
  • Basic authentication
  • API access policy
  • REST API access policies
  • Activate REST API access policy
  • Create an authentication profile
  • Create REST API access policy
  • API access policy prioritization
  • REST API Auth Scope
  • Activate REST API Auth Scope
  • Properties and tables
  • Configure auth scope
  • Troubleshooting
  • SOAP API access policies
  • Activate SOAP API access policy
  • Create an authentication profile
  • Create SOAP API access policy
  • Create a global API access policy to protect SOAP APIs
  • Filter criteria for APIs
  • API Authentication Policies
  • Create a policy
  • Configure global blocking policy for APIs
  • System or Export Processors
  • Activate Processor access policy
  • Configure an Authentication profile
  • Certificate-based authentication
  • Set up
  • Log in
  • Custom instance URLs
  • Activate custom URLs
  • Set as the instance URL
  • Identity Provider
  • Datacenter job information
  • Generate SP metadata for SAML/SSO
  • Custom URL errors and fixes
  • Installation exits
  • IP range based authentication
  • IP Address Access Control
  • Find denied IP addresses
  • LDAP integration
  • Understand LDAP integration
  • LDAP integration requirements
  • LDAP integration setup
  • Install the LDAP X.509 SSL certificate
  • Define an LDAP server
  • Enable an LDAP listener and set system properties
  • Specify the LDAP attributes
  • Test an LDAP connection
  • Define LDAP organizational units
  • Create a data source for LDAP
  • Auto provision LDAP users
  • LDAP integration via MID Server
  • Configure LDAP connection monitoring
  • Import binary data through a MID Server
  • Troubleshooting LDAP integration via MID Server
  • Import and map data
  • LDAP transform maps
  • LDAP scripting
  • Set choice action for reference field imports
  • Verify LDAP mapping
  • LDAP integration troubleshooting
  • View the LDAP monitor
  • LDAP error codes
  • Send a one-time password when the LDAP server is down
  • LDAP record synchronization
  • LDAP refresh filters
  • LDAP extraction
  • Inactive LDAP user accounts
  • Use the userAccountControl field
  • LDAP script examples
  • Active Directory Application Mode (ADAM)
  • Configuring an instance
  • Set up the ADAM console
  • Create containers and organizational units
  • Delegation with ADAM
  • Populating ADAM Objects
  • Testing and troubleshooting
  • Backup and recovery
  • Use LDAPS with ADAM
  • Assign the certificate to ADAM
  • Export the public key certificate
  • ADAM access account
  • Test the LDAPS connections
  • Use ADAMSync to populate ADAM
  • Define ADAM user accounts
  • Set up ADAMSync
  • Install the ADAM configuration file
  • Example ADAM configuration files
  • Configure Microsoft AD for secure LDAPS communication
  • Set up a stand-alone certificate authority
  • Generate a certificate from an internal certificate authority
  • Test the LDAPS connectivity locally
  • Export the public key certificate to trust the LDAP certificate
  • LDAP global catalog usage
  • OpenLDAP minor schema modification
  • Modify the schema
  • Record LDAP deletions
  • Limit concurrent sessions
  • Explore limit concurrent sessions
  • Configure the plugin
  • Set a limit by user or role
  • Disable a limit by user or role
  • Local authentication
  • Login and authentication security
  • Explore Login and authentication security
  • Define login scenarios
  • Employee self-service portal
  • Specify a login landing page
  • Specify lockout for failed login attempts
  • Make UI pages public or private
  • Password complexity requirements
  • Explore Password complexity requirements
  • Enable password policies on your instance
  • Password policy properties
  • Configure your password policy
  • Configure password for a user
  • Exclude passwords on your instance
  • Unsupported password characters
  • Password Reset
  • Modify notification email
  • Configure properties
  • Remember me
  • Configure the logout confirmation prompt
  • Implement a nonce
  • Nonce process flow
  • Implement a nonce
  • Multi-factor authentication
  • MFA enforcement
  • Changes due to the MFA enforcement
  • MFA enforcement properties
  • Troubleshooting MFA enforcement
  • Frequently asked questions
  • MFA enforcement requirements – What and Why
  • MFA enforcement scope
  • MFA enforcement timeline
  • MFA enforcement exception
  • MFA metrics
  • MFA types
  • MFA reset
  • Explore Multi-factor authentication
  • Configure MFA
  • MFA context
  • MFA verification methods
  • Web Authentication
  • Configuring with Biometrics
  • Authenticator configuration options
  • MFA factor policies
  • FIDO2 as an MFA factor
  • Configure FIDO2 as an MFA factor
  • SMS as an MFA factor
  • Activate the MFA with SMS plugin
  • Configure SMS as an MFA factor
  • Multi-factor authentication Providers
  • Configure MFA Provider
  • Vonage Provider custom configuration (Tutorial)
  • Email as an MFA factor
  • Configure Email as an MFA factor
  • MFA system properties
  • MFA criteria
  • Configure user-based multi-factor criteria
  • Configure role-based multi-factor criteria
  • Configure adaptive authentication policy-based multi-factor criteria
  • MFA with SSO
  • Configuring MFA with SSO
  • Reset MFA for users
  • MFA References
  • MFA Metrics
  • Using MFA
  • Set up MFA
  • Set up MFA on your user profile
  • Log in with MFA
  • Authenticator Applications
  • Change an Authenticator app
  • Web Authentication
  • Register a biometric authenticator
  • Register a hardware security key
  • MFA Dashboard
  • User Metrics
  • Log in Metrics
  • MFA Guided Setup
  • Multi-Provider single sign-on (SSO)
  • Activate Multi-Provider SSO
  • Properties, tables, and scripts
  • Multi-Provider SSO configurations
  • Configure Multi-Provider SSO properties
  • Create an external identity provider
  • Generate instance service provider (SP) metadata for SAML
  • Configure users for Multi-Provider SSO
  • Test IdP connections
  • Common IdP connection errors
  • Troubleshoot script issues with SAML
  • Log in using Multi-Provider SSO
  • Enable users to choose the identity provider for login
  • Use Service Portal with Multi-Provider SSO to redirect a URL
  • Account recovery (ACR)
  • Configure an ACR user
  • Account recovery properties
  • E-signature for Multi-Provider SSO
  • Activate Approval with e-Signature plugin
  • Use Multi-Provider SSO to set up an SSO approval for a SAML 2.0 authentication
  • SSO approval for an OIDC authentication
  • OIDC as a SSO identity provider
  • Create an OIDC configuration for SSO
  • Use Facebook-based SSO
  • Configure a Facebook-based SSO
  • SAML
  • Multi-Provider SSO (SAML) IdP authentication flow
  • Identity Provider (IdP) system properties
  • Set the IdP issuer URL
  • Set the AuthnRequest service URL
  • Set the SingleLogoutRequest service URL
  • (Optional) Enable signed logout requests
  • Service Provider (SP) system properties
  • Set the instance URL for SAML
  • Set the audience URL for SAML
  • Set up a NameID policy for SAML
  • Determine what User table field matches the NameID token
  • Set the IdP NameID policy
  • Values in the User table field for SAML
  • (Optional) Enable providing an authentication context class for SAML
  • (Optional) Set keystore properties for signing logout requests for SAML
  • Create a service provider key store for SAML
  • Install a service provider keystore for signing SAML requests
  • Create self-signed BCFKS keystore for SAML
  • (Optional) Advanced SAML properties
  • Install the identity provider certificate
  • Replace a missing certificate for SAML
  • Test the SAML integration
  • Multi-SSO (SAML 2.0) errors and fixes
  • Redirect single sign-on (SSO) logins
  • Clone an instance with a SAML integration
  • SAML 2.0 concepts
  • Typical SAML process flow (diagram)
  • Login (AuthnRequest) process flow
  • Logout (LogoutRequest) process flow
  • URL information for an SSO provider
  • SAML 2.0 configuration using Multi-Provider SSO
  • X.509 certificates for SAML
  • SAML Guided Tour
  • Integrating SAML 2.0 with other features
  • Add deep linking support for SAML
  • ADFS integration with SAML 2.0
  • Set up ADFS for SAML
  • Set up the instance for ADFS
  • Configure an ADFS relying party
  • Configure the ADFS relying party claim rules
  • Create a SAML logout endpoint
  • Test the ADFS configuration
  • (Workaround) Enable service provider-initiated authentication
  • (Workaround) Support Kerberos authentication
  • Azure AD Integration with SAML 2.0
  • Add ServiceNow from the gallery
  • Configure Azure AD SSO
  • Create an Azure AD test user
  • Assign the Azure AD test user
  • Configure ServiceNow
  • Email links with external authentication
  • Add E-Signature support for SAML
  • Migrating an existing SAML 1.1 integration to SAML 2.0
  • Update your existing SAML 2.0 integration
  • Sample SAML 2 responses after the update
  • SAML user provisioning
  • Administer SAML user provisioning
  • SAML 2.0 troubleshooting
  • Monitor the event queue for login activities
  • Event queue login events
  • OAuth authentication
  • OAuth 2.0
  • Set up OAuth
  • Activate OAuth
  • Set the OAuth property
  • Change OAuth password parameter
  • OAuth inbound
  • Inbound integrations
  • Authorization Code Grant
  • Authorization Workflow
  • Configuration
  • Client Credentials Grant
  • Client Credentials Workflow
  • Configuration
  • Third Party Token Grant
  • User Token Flow
  • Service Token Flow
  • Configuration
  • JWT Grant
  • Workflow
  • Configuration
  • ROPC Grant
  • Password Grant Flow
  • Configuration
  • Old inbound integrations experience
  • OAuth authorization code grant flow
  • Authorize access to an OAuth endpoint using auth code flow
  • Authorization code flow state parameter requirement
  • Authorization code flow example: ServiceNow instance as authorization server
  • Create an endpoint for clients to access the instance
  • OAuth API response parameters
  • OAuth API request parameters
  • Create an OAuth JWT API endpoint for external clients (machine to machine integration)
  • Configure an OAuth OIDC provider for accepting third-party token
  • Configure client type for OAuth and SSO records
  • OAuth implicit grants
  • Client Credentials
  • Create the Client Credentials system property
  • Add the OAuth Application User
  • Manage OAuth tokens
  • Revoke an OAuth token
  • OAuth outbound
  • Connect to a third-party OAuth provider
  • JWT Bearer
  • Set up OAuth provider with JWT Bearer grant type
  • Generate a JSON Web Token (JWT)
  • OAuth client APIs
  • OAuth parameters for default profile support
  • Private Key JWT Support for OAuth 2.0 Client Authentication
  • Configure Private Key JWT for OIDC based SSO
  • Configure Private Key JWT for Outbound OAuth
  • Create an outbound REST message
  • Personal authentication
  • Configuration
  • Get OAuth Token
  • Generate Auth URL
  • Activate Dashboard
  • Self-register to ServiceNow instance
  • Explore Self-register
  • Activate External User Self-Registration
  • External roles in self-registration
  • Configure a user registration configuration for external users
  • Configure Google reCAPTCHA for external user self-registration
  • Default registration form fields
  • Add a custom registration form field
  • Enable external user self-registration for Service Portal
  • Verify user self-registration requests
  • Token based authentication (User logins)
  • Time limited authentication
  • Explore Time limited authentication
  • Activate time limited authentication
  • Time limited authentication with SMS - Twilio Tutorial
  • Digest token authentication
  • Explore Digest token authentication
  • Configure the digest properties for multi-provider single sign-on (SSO)
  • Sample digest token implementations
  • Sample Java digest algorithm for encryption
  • Sample C
  • Web service security
  • Explore Web service security
  • Configure mutual authentication
  • Access Control List Rules
  • Explore Access Control Lists
  • ACL rule types
  • Datatype ACL
  • Create a datatype ACL
  • ACL control of function fields
  • Security jump-start - ACL rules plugin
  • Configure an ACL rule
  • Deny-Unless ACL
  • Query ACLs
  • Secure records in an embedded list
  • Related record access
  • Contextual Security Manager
  • Prevent duplicate entries with Contextual Security: Role Management V2
  • Upgrade to Contextual Security: Role Management V2
  • Enable role auditing with Contextual Security: Role Management V2
  • Double-check form submission
  • Default deny property
  • Advanced ACL configuration
  • Provide external users access to a table
  • Apply ACL script conditions to reference fields
  • Apply ACLs to AJAXGlideRecord (client-side Glide record)
  • Evaluate the admin override at the access level
  • ACL debugging tools
  • ACL troubleshooting reference
  • ACL configuration watcher
  • Show ACL execution plan
  • Use the ACL configuration watcher
  • Access analyzer
  • Explore Access analyzer
  • Use Access analyzer
  • Use Evaluate access
  • View permissions for a user
  • View permissions for a role
  • View permissions for a group
  • Export Access Analyzer queries
  • Compare user records
  • Compare user access
  • View the previously searched criteria in Access Analyzer
  • Permission evaluation
  • Frequently Asked Questions
  • Access Analyzer Debug logs
  • Access Simulator
  • Exploring Access Simulator
  • Configuring the Access Simulator (Take actions)
  • Using the Access Simulator
  • Adding Roles to users
  • Removing Roles from users
  • Adding users to Groups
  • Removing users from Groups
  • Frequently Asked Questions
  • Access Insights
  • Explore Access Insights
  • Configure Access Insights
  • Use Access Insights
  • Security Attributes
  • Security Attributes fundamentals
  • Create Security Attributes
  • OOB (Out-of-Box) Security Attributes
  • Compound Security Attributes
  • Security Attribute Scope
  • Field Query Roles and Restrictions
  • Configure a Field Query Role
  • Configure Field Query Restrictions
  • Scripting Governance Tool
  • Explore Scripting Governance Tool
  • Use Scripting Governance Tool
  • Scan for users who have scripted
  • Remove users from the Conditional Script Writer group
  • Manage Scripting Governance Tool
  • Machine identity access controls
  • Create a machine identity access control
  • Data filtration
  • Explore Data filtration
  • Activate data filtration
  • Create data filtration rules
  • Add a data filter for your data filtration rule
  • Add subject attributes to your data filtration rule
  • Create subject criteria
  • Create a subject criteria input
  • Create a subject criteria condition
  • Data filtration debugging
  • Security data filters
  • Create a security data filter
  • Default security filters
  • Security Roles
  • Explicit Roles
  • Elevated privilege roles
  • Security_admin role
  • Elevate to a privileged role
  • Force administrators to manually elevate
  • Connections and Credentials
  • Explore credentials, connections, and aliases
  • Scope protections
  • Domain separation and Credentials and Connections
  • Connection & Credential configuration templates
  • Configure a template for OAuth JWT Bearer grant type
  • Create a configuration template
  • Get started with connections
  • Create a basic connection for PowerShell and SSH
  • Create an HTTP(s) connection
  • Create a JDBC connection
  • Create a JMS connection
  • Create connection attributes for IntegrationHub
  • Get started with credentials
  • Create a Connection & Credential alias
  • Set up OAuth integration via MID Server
  • Credential aliases for Discovery
  • Credential aliases for Orchestration activities
  • Create and test your credentials
  • Ansible Tower credentials
  • API key credentials
  • Applicative credentials
  • Basic authentication credentials
  • Chef server credentials
  • CIM credentials
  • Cloud credentials
  • Container image repository credentials
  • Infoblox credentials
  • JDBC credentials
  • JMS credentials
  • OAuth 2.0 credentials
  • SAP credentials
  • SNMP credentials
  • SSH credentials
  • VMware credentials
  • Windows credentials
  • Credential affinity for Discovery and Orchestration
  • Credentials troubleshooting
  • External credential storage
  • Request external credential storage for Discovery and Orchestration
  • External credential storage configuration
  • CyberArk credential storage integration
  • CyberArk integration configuration
  • Configure the CyberArk vault and install the AIM API
  • Import the CyberArk JAR file
  • Configure the MID Server for CyberArk AIM
  • Configure the MID Server for CyberArk CCP
  • Configure CyberArk for SNMPv2 credentials
  • Configure the CyberArk credential identifier
  • Configure AWS credentials on a CyberArk vault
  • Configure Azure credentials on a CyberArk vault
  • OAuth 2.0 authentication via MID Server using external credential storage
  • Configure a JAR file and credential identifiers
  • Configure CyberArk
  • Configure OAuth 2.0 credentials on CyberArk
  • Configure a connection to send OAuth request via the MID Server using external vault
  • Authentication Algorithms
  • Configure an authentication algorithm
  • Configure an Amazon Signature based Custom Algorithm
  • Configure a custom authentication algorithm
  • Check IP service affinity for Discovery and Orchestration
  • ServiceNow access control
  • Explore ServiceNow access control
  • Activate ServiceNow access control
  • Configure ServiceNow access control
  • Audit logging
  • Identity
  • Global Identity
  • Explore Federated ID
  • Access Federated ID Criteria
  • Update ID fields
  • Identity and Access Audit
  • Explore Identity and Access Audit
  • Identity Audit Results
  • User Trails
  • Group Trails
  • Role Trails
  • ACL Trails
  • Security Auditable Fields
  • Configure Tables and Fields
  • Configure Retention Period
  • Supported and unsupported fields
  • Identity Center
  • Explore Identity Center
  • Activate the Identity Center
  • Identity Center for users
  • Viewing Active Sessions
  • Viewing Login History
  • Viewing Registered Mobile Devices
  • Identity Metrics for administrators
  • Machine Identity Console
  • Explore Machine Identity Console
  • Inbound integrations
  • Security findings
  • Accounts with no login for 100 days
  • Accounts using Basic Authentication
  • Integration accounts with Web Service Access set to false
  • Accounts performing both UI and API login
  • Metrics
  • Machine Identity Console Settings
  • Activate Machine Identity Console
  • Use Machine Identity Console
  • System for Cross-domain Identity Management (SCIM)
  • SCIM Provider
  • Explore SCIM Provider
  • Activate the SCIM plugin
  • Tutorial: Configure SCIM for user provisioning with a Provider
  • Provision user using Basic Authentication
  • Provision user using OAuth
  • SCIM Troubleshooting
  • SCIM customization
  • SCIM customization properties and schemas
  • Create a SCIM Extension schema
  • Create a SCIM ETL definition
  • Handle unmapped fields
  • Creating a source definition
  • SCIM Client
  • Explore SCIM Client
  • Activate the SCIM Client plugin
  • SCIM Client properties, tables, scriptable APIs, and logs
  • Create a REST message
  • Create a SCIM Provider
  • Create a SCIM Provider Resource Mapping
  • Create a SCIM attribute mapping
  • Attribute Mapping references
  • Troubleshoot SCIM Client
  • Access observer
  • Configure access observation
  • Review Access Observer logs
  • Granular Admin Roles
  • Additional resources
  • Virtual infrastructure security
  • Operating system security
  • Network security

Digest token authentication

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • The digest token authentication passes user credentials and a digest token within an unencrypted HTTP header.

    Explore

    Learn the features and business value of Digest token authentication.

    Configure

    Understand how to configure Digest token authentication.
    Back to home page