Use session validation context to restrict access to ServiceNow® when hijackers copy a user's session cookies from one device to another to impersonate the session or restricts the user's session access if they’re using an insecure network.

Before you begin

Role required: adaptive_auth_admin

To use the session validation, you must perform the following steps:

Procedure

1. Navigate to All > Adaptive Authentication > Authentication Policies > All Policies.
2. Select the Session Validation Policy in the Policies (sys_authentication_policy_list.do) page.
3. Specify the Policy Inputs and Policy Conditions.
4. Set the conditions to true or false for the filters that you’ve added.
5. Select the Active check box to activate the policy after you set up the Session Validation Policy is set up with policy inputs and conditions.
6. Select a Force AuthnRequest check box for the default identity provider in the sso_properties table if the instance has SSO configured.
7. Navigate to All > Adaptive Authentication > Authentication Policies > Properties.
8. Set the system property session.validation.enabled to Yes.
   

Result

The Session Validation feature is activated. You can configure the policy inputs and conditions for the policy to use the feature. To learn more, see Tutorial: Configuring session validation.