Soft PIN authentication

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Soft PIN authentication

    Soft PIN is a six-digit numeric personal identification number used to verify a caller's identity during AI voice agent sessions in ServiceNow. It is designed for low-risk caller verification scenarios, such as confirming returning users before granting access to self-service tasks. Soft PIN can serve as a single authentication factor or be combined as part of a multi-factor authentication (MFA) flow.

    Show full answer Show less

    Because Soft PIN is a medium-assurance factor, it is not recommended as the sole authentication method for sensitive operations. For such cases, it should be combined with higher-assurance factors like Okta Verify push notifications or time-based one-time passwords (TOTP).

    Key Features

    • Enrollment: Users must enroll a Soft PIN before use and may re-enroll at any time to change their PIN.
    • Validation: During an AI voice agent session, callers are prompted to enter their PIN via voice or text input. The platform validates the PIN against the user's enrolled PIN and returns authentication results to the orchestrator.
    • Enrollment Rules: The PIN must be exactly six digits, cannot have any digit repeated more than twice consecutively, cannot contain ascending or descending sequences longer than two digits, and cannot match any of the user’s previous five PINs.
    • Security Considerations: Soft PINs provide lower assurance compared to time-based codes or push notifications and are vulnerable to reuse, observation, and social engineering.
    • Availability: Enrollment is available only if the AI Voice Agents plugin (sngenaiplatform) is installed and the system property glide.authfactors.Soft PIN.enrollment.enabled is set to true. If disabled, enrollment options are hidden and users cannot access the enrollment URL.

    Practical Implications for ServiceNow Customers

    • Use Soft PIN for straightforward, low-risk caller verification scenarios to enhance user experience with AI voice agents.
    • For sensitive operations, configure Soft PIN alongside stronger authentication factors to ensure higher security.
    • Ensure your instance has the AI Voice Agents plugin installed and verify the related system property is enabled to allow Soft PIN enrollment and usage.
    • Educate users on enrollment rules to reduce failed authentication attempts and improve security compliance.

    Soft PIN is a six-digit numeric PIN that verifies a caller's identity during an AI voice agent session.

    When to use Soft PIN

    Soft PIN is appropriate for low-risk caller verification, such as confirming a returning user before granting access to self-service tasks.

    Soft PIN can be configured as a single factor, the first factor in a multi-factor authentication flow, or a second factor.

    Soft PIN is a medium-assurance factor and is not suitable as the only authentication factor for sensitive operations. For those flows, combine Soft PIN with a higher-assurance factor such as Okta Verify push notification or a time-based one-time password (TOTP). For guidance on combining factors, see Explore authentication factors for AI voice agents.

    How Soft PIN works

    Each user enrolls a Soft PIN before it can be used for authentication. Users can change their PIN by re-enrolling at any time.

    When Soft PIN is selected as an authentication factor for an AI voice agent service, the agent prompts the caller for the PIN during the session. The platform validates the response against the user's enrolled PIN and returns the result to the orchestrator.

    Note:
    Soft PIN supports both Text and Voice input.

    Enrollment rules

    The system enforces the following rules on the chosen PIN:
    Table 1. Enrollment rules
    Rule Behavior
    Length Exactly six digits.
    Repetition No single digit can repeat more than twice consecutively. For example, 111234 is rejected.
    Sequences Ascending or descending numeric sequences longer than two digits aren't allowed. For example, 123456 and 987654 are rejected.
    History The new PIN can't match any of the user's previous five PINs.

    Limitations

    A six-digit numeric PIN provides lower assurance than time-based codes or push notifications. PINs are vulnerable to reuse, observation, and social engineering.

    Availability

    The administrator manages the following conditions on the instance. Soft PIN enrollment is available when both are met:

    • Install Now Assist for Platform sn_genai_platform for activating AI voice agents.
    • The system property glide.auth_factors.Soft PIN.enrollment.enabled is set to true (default).

    When the plugin is not installed, no Soft PIN module exists on the instance and the enrollment URL is not available. When the plugin is installed but the property is set to false, the enrollment option is hidden from the user profile, the navigation menu, and the Service Portal. Users who navigate directly to the enrollment URL see the following message:

    Soft PIN enrollment is not available at this time. Please contact your administrator for more details.

    Table 2. System property
    Property Description Default state
    glide.auth_factors.Soft PIN.enrollment.enabled Controls whether the Soft PIN enrollment option appears in the user profile, the navigation menu, and the Service Portal. Requires the AI Voice Agents plugin. true