Restrict email domains for external user registration [Updated in Security Center 1.3 and 1.5]
Use the sn_ext_usr_reg.allowed_email_domains property to list acceptable external email domains.
The sn_ext_usr_reg.allowed_email_domains property defines which email addresses are allowed to self-register to a ServiceNow instance. If sn_ext_usr_reg.allowed_email_domains is not set with a list of acceptable domains, then users with any email address are allowed to register accounts on the instances. If not defined, malicious actors could perform registration using emails addresses from unwanted domains to gain authenticated access to the instance.
More information
| Attribute | Description |
|---|---|
| Property name | sn_ext_usr_reg.allowed_email_domains |
| Configuration type | System Properties (/sys_properties_list.do), Communities Properties |
| Category | Access control |
| Purpose | List email domains to allow user email for registration. |
| Recommended value | Set as a non-empty value |
| Configuration type | String |
| Security risk | (High) Malicious actors could perform registration using emails addresses from unwanted domains. Ensure that sn_ext_usr_reg.allowed_email_domains is not set to an empty value. |
| Security risk rating | 7.5 |
| References | Communities |
To learn more about adding or creating a system property, see Add a system property.