Combined Identity and Authentication release notes for upgrades from Vancouver to Xanadu

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Identity and Authentication release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Vancouver to Xanadu.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Identity and Authentication to Xanadu

Before you upgrade to Xanadu, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Vancouver	Authentication report_view access control lists (ACLs) that govern who can see reports in dashboards and elsewhere are enabled by default in the Vancouver release. For more information, see Report_view access control.
Washington DC	No updates for this release.
Xanadu	No updates for this release.

New features

Between your current release family and Xanadu, new features were introduced for Identity and Authentication.


Release	Release notes
Vancouver	Exploring Federated ID Audit the users across instances based on the user name and email. Provide a unique ID to the user across instances. Access Analyzer Use the ServiceNow® Access Analyzer self-service tool designed for admins, developers, and support agents to examine who has access to what on the ServiceNow AI Platform. Important: Access Analyzer is available in the ServiceNow Store. For more information, visit ServiceNow Store. Zero Trust Access The Zero Trust access - Session Access policy enables administrators to use the Adaptive Authentication policy to reduce the roles or privileges of the particular session. Note: Zero Trust Access is a paid feature that can be used within Authentication. Location Filter The Location filter is a filter criteria in the Adaptive Authentication that the admins can use while crafting the authentication policies based on the physical location of the device accessing the instance. Note: Location Filter is a paid feature that can be used within Authentication. Identity Provider Attributes Filter The Identity Provider (IDP) Attributes received from the SAML response from the Identity Provider can be used as a filter criteria for authentication.
Washington DC	Access Analyzer Use the ServiceNow® Access Analyzer V2, a self-service tool designed for admins, developers, and support agents to compare user access and determine the right level of access for the users on the ServiceNow AI Platform. Important: Access Analyzer is available in the ServiceNow Store. For more information, visit ServiceNow Store. Identity and Access Audit Use the Identity and Access Audit to understand the changes made for a user, group, role, and ACL and understand the critical information about who has modified what, where and when in user accounts, groups, and roles. Session Validation Context Configure the session validation context into the adaptive authentication policy framework to evaluate authentication requests and then either deny or allow access based on IP address within a valid range as policy conditions. Session validation context provides an additional layer of protection against session or cookie hijacking. Zero Trust Access - Mobile Use the Zero Trust access - Session Access policy within the Adaptive Authentication policy to reduce the roles or privileges of the particular session in mobile. API Key and HMAC token Support API key and HMAC token for inbound REST APIs to securely authenticate inbound webhook URLs. JWT Support for OAuth Support OAuth 2.0 client authentication with private key JWT for OIDC based Single-sign-on and OAuth based Outbound Integrations. OAuth Client Credentials grant type for Inbound Integrations Support OAuth Client Credentials grant type for Inbound Integrations from a third party OAuth client to the ServiceNow® platform.
Xanadu	No updates for this release.

Changes

Between your current release family and Xanadu, some changes were made to existing Identity and Authentication features.


Release	Release notes
Vancouver	Access policy for System/Export Processors Additional processors are added to use the processor access policy to secure non-public processors. Mobile Authentication App specific auto-redirect IDP The login URL field is added to the Mobile App OAuth Configuration, which enables admins to configure mobile app specific login experience.
Washington DC	No updates for this release.
Xanadu	No updates for this release.

Removed

Between your current release family and Xanadu, some Identity and Authentication features or functionality were removed.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.

Deprecations

Between your current release family and Xanadu, some Identity and Authentication features or functionality were deprecated.


Release	Release notes
Vancouver	The MultiSSO v1 is deprecated. Upgrade to MutliSSO v2 from MultiSSO v1. For more information, refer to the MultiSSO v2 upgrade instructions [KB9756504] article in the Now Support knowledge base. The SAML 1.1 and SAML 1.1 Single Sign-On - Update 1 plugin is deprecated. The SAML-based identity providers (IdP) have already migrated to SAML 2.0. To use SAML 2.0, you must install the MultiSSO and configure your identity provider. The OpenID SSO plugin is deprecated. To use OpenID Connect (OIDC), you must install the MultiSSO and configure your OIDC-based identity provider.
Washington DC	The MultiSSO v1 is deprecated. Upgrade to MutliSSO v2 from MultiSSO v1. For more information, refer to the knowledge article MultiSSO v2 upgrade instructions [KB9756504] in the Now Support Knowledge Base. The SAML 1.1 and SAML 1.1 Single Sign-On - Update 1 plugin is deprecated. The SAML-based identity providers (IdP) have already migrated to SAML 2.0. To use SAML 2.0, you must install the MultiSSO and configure your identity provider. The OpenID SSO plugin is deprecated. To use OpenID Connect (OIDC), you must install the MultiSSO and configure your OIDC-based identity provider.
Xanadu	No updates for this release.

Activation information

Review information on how to activate Identity and Authentication.


Release	Release notes
Vancouver	Authentication is a ServiceNow AI Platform feature that is active by default.
Washington DC	Authentication is a ServiceNow AI Platform feature that is active by default.
Xanadu	No updates for this release.

Additional requirements

If any additional requirements were introduced or changed for Identity and Authentication we have noted them here.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Identity and Authentication we have noted them here.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.

Accessibility information

Review details on accessibility information for Identity and Authentication, such as specific requirements or compliance levels.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.

Localization information

If there are specific localization considerations for Identity and Authentication we have noted them here.


Release	Release notes
Vancouver	No updates for this release.
Washington DC	No updates for this release.
Xanadu	No updates for this release.

Highlight information

If there are specific highlight considerations for Identity and Authentication we have noted them here.


Release	Release notes
Vancouver	Audit the users across multiple instances based on user name and email and provide a unique id (federated ID) to the user across instances. Use the ServiceNow® Access Analyzer to determine who has access to what based on instance-defined access controls to enable administrators, developers, and support agents determine what access controls are governing access to a resource (tables), fields, or records. Configure the session access policy to reduce the roles or privileges of the particular session based on the risk related with the session using filter criteria like on the IP, Location, Identity attribute with the zero trust access policy. Configure the authentication policies to restrict access, reduce roles, or enforce MFA based on Geo-location access. Configure the authentication policies to restrict access, reduce roles, or enforce MFA based on Identity Provider attributes that are received from the SAML response. See Identity and Authentication for more information.
Washington DC	Use the ServiceNow® Access Analyzer V2 tool to compare the access of users and determine the right level of access controls is provided for the users. Use the Identity and Access Audit to understand the changes made for a user, group, role, and Access Control list (ACL). Configure Session Validation Context into the adaptive authentication policy framework to evaluate authentication requests and provide an additional layer of protection against session or cookie hijacking. Support API key and HMAC token for inbound REST APIs to securely authenticate the inbound webhook URLs. Support OAuth 2.0 client authentication with private key JWT for OIDC based Single-sign-on and OAuth based Outbound Integrations. Support OAuth Client Credentials grant type for Inbound Integrations to the ServiceNow® platform. Configure the session access policy to reduce the roles or privileges of the particular session based on the risk related with the session using filter criteria like on the IP, Location, Identity attribute with the zero trust access policy in mobile. See Identity and Authentication for more information.
Xanadu	No updates for this release.