Combined Identity and Authentication release notes for upgrades from Washington DC to Xanadu

  • Release version: Xanadu
  • Updated June 16, 2026
  • 4 minutes to read

    • Consolidated page of all release notes for Identity and Authentication from Washington DC to Xanadu.

    How to use this page

    To help you prepare for your upgrade, we have combined the cross-family Identity and Authentication release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Washington DC to Xanadu.

    Tip:
    If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

    Important information for upgrading Identity and Authentication to Xanadu

    Before you upgrade to Xanadu, review these pre- and post-upgrade tasks and complete the tasks as needed.

    Release Release notes

    Washington DC

    		 No updates for this release.

    Xanadu

    		 No updates for this release.

    New features

    Between your current release family and Xanadu, new features were introduced for Identity and Authentication.

    Release Release notes

    Washington DC
    Access Analyzer
    Use the ServiceNow® Access Analyzer V2, a self-service tool designed for admins, developers, and support agents to compare user access and determine the right level of access for the users on the ServiceNow AI Platform.
    Important:
    Access Analyzer is available in the ServiceNow Store. For more information, visit ServiceNow Store.
    Identity and Access Audit
    Use the Identity and Access Audit to understand the changes made for a user, group, role, and ACL and understand the critical information about who has modified what, where and when in user accounts, groups, and roles.
    Session Validation Context
    Configure the session validation context into the adaptive authentication policy framework to evaluate authentication requests and then either deny or allow access based on IP address within a valid range as policy conditions. Session validation context provides an additional layer of protection against session or cookie hijacking.
    Zero Trust Access - Mobile
    Use the Zero Trust access - Session Access policy within the Adaptive Authentication policy to reduce the roles or privileges of the particular session in mobile.
    API Key and HMAC token
    Support API key and HMAC token for inbound REST APIs to securely authenticate inbound webhook URLs.
    JWT Support for OAuth
    Support OAuth 2.0 client authentication with private key JWT for OIDC based Single-sign-on and OAuth based Outbound Integrations.
    OAuth Client Credentials grant type for Inbound Integrations
    Support OAuth Client Credentials grant type for Inbound Integrations from a third party OAuth client to the ServiceNow® platform.

    Xanadu

    		 No updates for this release.

    Changes

    Between your current release family and Xanadu, some changes were made to existing Identity and Authentication features.

    Release Release notes

    Washington DC

    		 No updates for this release.

    Xanadu

    		 No updates for this release.

    Removed

    Between your current release family and Xanadu, some Identity and Authentication features or functionality were removed.

    Release Release notes

    Washington DC

    		 No updates for this release.

    Xanadu

    		 No updates for this release.

    Deprecations

    Between your current release family and Xanadu, some Identity and Authentication features or functionality were deprecated.

    Release Release notes

    Washington DC
    • The MultiSSO v1 is deprecated. Upgrade to MutliSSO v2 from MultiSSO v1.

      For more information, refer to the knowledge article MultiSSO v2 upgrade instructions [KB9756504] in the Now Support Knowledge Base.

    • The SAML 1.1 and SAML 1.1 Single Sign-On - Update 1 plugin is deprecated. The SAML-based identity providers (IdP) have already migrated to SAML 2.0. To use SAML 2.0, you must install the MultiSSO and configure your identity provider.
    • The OpenID SSO plugin is deprecated. To use OpenID Connect (OIDC), you must install the MultiSSO and configure your OIDC-based identity provider.

    Xanadu

    		 No updates for this release.

    Activation information

    Review information on how to activate Identity and Authentication.

    Release Release notes

    Washington DC

    Authentication is a ServiceNow AI Platform feature that is active by default.

    Xanadu

    		 No updates for this release.

    Additional requirements

    If any additional requirements were introduced or changed for Identity and Authentication we have noted them here.

    Release Release notes

    Washington DC

    		 No updates for this release.

    Xanadu

    		 No updates for this release.

    Browser requirements

    If any specific browser requirements were introduced or changed for Identity and Authentication we have noted them here.

    Release Release notes

    Washington DC

    		 No updates for this release.

    Xanadu

    		 No updates for this release.

    Accessibility information

    Review details on accessibility information for Identity and Authentication, such as specific requirements or compliance levels.

    Release Release notes

    Washington DC

    		 No updates for this release.

    Xanadu

    		 No updates for this release.

    Localization information

    If there are specific localization considerations for Identity and Authentication we have noted them here.

    Release Release notes

    Washington DC

    		 No updates for this release.

    Xanadu

    		 No updates for this release.

    Highlight information

    If there are specific highlight considerations for Identity and Authentication we have noted them here.

    Release Release notes

    Washington DC
    • Use the ServiceNow® Access Analyzer V2 tool to compare the access of users and determine the right level of access controls is provided for the users.
    • Use the Identity and Access Audit to understand the changes made for a user, group, role, and Access Control list (ACL).
    • Configure Session Validation Context into the adaptive authentication policy framework to evaluate authentication requests and provide an additional layer of protection against session or cookie hijacking.
    • Support API key and HMAC token for inbound REST APIs to securely authenticate the inbound webhook URLs.
    • Support OAuth 2.0 client authentication with private key JWT for OIDC based Single-sign-on and OAuth based Outbound Integrations.
    • Support OAuth Client Credentials grant type for Inbound Integrations to the ServiceNow® platform.
    • Configure the session access policy to reduce the roles or privileges of the particular session based on the risk related with the session using filter criteria like on the IP, Location, Identity attribute with the zero trust access policy in mobile.

    See Identity and Authentication for more information.

    Xanadu

    		 No updates for this release.