Multi-factor Authentication context

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Multi-factor Authentication context

    The Multi-factor Authentication (MFA) context in ServiceNow allows you to define how and when MFA is enforced during user login through a policy-driven approach. This context determines whether users must provide a second form of verification but does not deny access like pre- or post-authentication policies. The selected MFA policy in this context overrides any user or role-based MFA settings.

    Show full answer Show less

    Key Features

    • MFA Policy Context Access: Found under All > Multi-factor Authentication > MFA Context, it lets you configure MFA enforcement behavior.
    • Default Policy Options:
      • Step-Up MFA Policy: MFA is enforced only when specific policy conditions evaluate to true.
      • Step-Down MFA Policy: MFA is enforced by default but can be bypassed if policy conditions evaluate to true.
    • Policy Configuration: You can add or edit policy inputs via the referenced Authentication Policy record linked within the MFA context.
    • Policy Inputs and Conditions: Displayed for reference but must be edited directly within the policy record.
    • SSO Integration: MFA with Single Sign-On (SSO) login is supported when the system property glide.authenticate.mfa.with.multisso.enabled is set to true.
    • Scope of Enforcement: MFA context policies apply to user logins only and do not affect API authentication, basic auth, or OAuth resource owner password credential grants.

    Practical Use

    By configuring the MFA context with a step-up or step-down policy, you gain granular control over when MFA is required, balancing security and user experience. This ensures that MFA is enforced based on dynamic conditions rather than a blanket rule, enabling you to tailor authentication rigor to specific scenarios.

    Additional Information

    MFA factor policies define the actual authentication methods users must use and are key to strengthening your security posture. These policies can be customized to meet organizational requirements for additional verification beyond passwords.

    The Multi-factor Authentication (MFA) policy context uses a policy to define how and when MFA is enforced during the login process.

    MFA context record

    The MFA policy context defines whether your users must provide a second form of authentication when logging in. This context does not deny access to your instance as the post-authentication and pre-authentication policies. The policy you select in this context takes precedence over user or role-based configurations for multi-factor authentication.

    To access the MFA context, navigate to All > Multi-factor Authentication > MFA Context.

    Use the fields in the Post-authentication policy context record to define how your instance uses your policy.

    Note:
    • If the default policy is Step-Up MFA Policy, users will be shown with Multi-factor Authentication if policy configured in Step-Up MFA Policy evaluates to true. Policy takes precedence over the user or role based configuration.
    • MFA with SSO login will only be available if glide.authenticate.mfa.with.multisso.enabled Property is set to true.
    • You can navigate to the Authentication Policy record to Add or Edit the 'Policy Input(s)' to the referenced Policy field (Step-Up MFA Policy or Step-Down MFA Policy).
    • MFA context policy applies only for user log ins. It does not apply for API authentication, basic auth, and OAuth resource owner password credential grant.
    Table 1. MFA context form
    Field Description
    Name Name of the policy context. This field is static and cannot be changed.
    Description Description of the context
    Default Policy Defines the default behavior of this context when evaluating the policy. Select from the following options.
    Step-Up MFA Policy
    Enforces MFA to users when the policy conditions defined in the Step-Up MFA Policy field evaluate to true.
    Step-Down MFA Policy
    Enforces MFA by default. MFA is not enforced only when the policy conditions defined in the Step-Down MFA Policy field evaluate to true.
    Step-Up MFA Policy The policy used for this context uses. This field appears only when the Default Policy field is set to Step-Up MFA Policy.
    Step-Down MFA Policy The policy used for this context uses. This field appears only when the Default Policy field is set to Step-Down MFA Policy.

    Policy inputs and conditions

    The Policy Input and Policy Conditions tabs display the inputs and conditions of the policy selected in the Step-Up MFA Policy or Step-Down MFA Policy field. These tabs serve as a reference, but cannot be used to change the policy inputs or conditions. To modify your policy settings, navigate to the policy using the reference icon (Reference icon) next to the Step-Up MFA Policy or Step-Down MFA Policy field.

    Note:
    Policy conditions can be created from here, but as a good practise it is recommended to add new policy conditions from policy page.
    This example shows an MFA context record configured using a step-up MFA policy. This default policy means that MFA is enforced only when the conditions defined in the policy evaluate to true. The context uses a policy called Step-Up MFA policy. That policy has a set of inputs and conditions that are displayed in the Policy Input and Policy Condition tabs.
    Figure 1. MFA policy context form
    MFA policy context record

    MFA factor policies

    MFA factor policies are a critical component of an organization's security posture, enabling you to enforce additional verification steps beyond passwords. These policies define the authentication methods that users must employ to access providing a flexible and customizable approach to authentication. For more information, see Multi-Factor Authentication factor policies.