Security Attributes

Yokohama Platform security
Release
yokohama
ft:locale
en-US
ft:publication_title
Yokohama Platform security
ft:clusterId
psec
bundleId
psec
workflow
Platform
  • Secure your instance
  • ServiceNow Vault
  • Platform Security
  • Security Center
  • Security Center landing page
  • Security configuration console
  • Security hardening
  • All settings
  • Hardening settings details
  • Filter hardening settings
  • Hardening compliance score trend
  • Increase score
  • Hardening score comparison
  • Security scanner
  • Scan findings
  • Security scan comparison
  • Auditor suite findings
  • Scan checks
  • Scan suites
  • Access Controls Auditor checks
  • Auditor checks
  • Create a scan suite
  • Clone the access controls auditor suite
  • View the Access Controls Auditor Suite
  • Reschedule a scan suite
  • Scan results
  • Customer Actions
  • Implement Customer Actions
  • View Customer Actions
  • Security monitoring console
  • Security Event Notifications
  • Create custom policies
  • Modify policiesY
  • Configure policy preferences
  • Create custom email
  • Security Event Notifications history
  • Security metrics
  • Customize the dashboard
  • Configure email notifications on threshold triggers
  • All Security Metrics
  • Active Sessions
  • Adaptive authentication Security Metrics
  • Antivirus
  • Data Classification
  • Authentication metrics
  • Email
  • Export
  • Integration Accounts
  • Privileged Identity
  • Privileged Users
  • Session management
  • Users
  • Security posture console
  • Security Best Practices
  • Complete a best practice
  • View activity of a best practice
  • View data of completed best practices
  • Filters the security best practices table
  • Best Practices
  • Security posture dashboards
  • Security learning
  • Security Tasks
  • Automatic Security Task generation
  • Edit Security Tasks
  • Export Security Tasks
  • Security banner announcements
  • Instance Security Center
  • Instance Security Center to ServiceNow Security Center migration
  • Monitor security events
  • Configure the security event ribbon
  • Set preferences for security event notifications
  • Check the daily compliance score and configure security property settings
  • Adjust instance security settings to increase compliance
  • How Daily Compliance score, trend, and graph data is refreshed
  • PCI compliance score dashboard
  • PCI configuration controls score dashboard
  • Scan for incorrect security definitions
  • Monitor instance metrics
  • User metrics
  • Export metrics
  • Export metrics settings
  • Authentication Metrics
  • Adaptive authentication metrics
  • Email metrics
  • Designate email domains as untrusted or trusted
  • Antivirus metrics
  • MFA metrics dashboard
  • Activate the ISC Virtual Agent interface
  • Hardening settings
  • Baseline versions
  • New hardening settings
  • New hardening settings for baseline version 6.0
  • New hardening settings for baseline version 5.0
  • New hardening settings for baseline version 4.0
  • New hardening settings for baseline version 2.0
  • Updated hardening settings
  • Updated hardening settings for baseline version 6.0
  • Updated hardening settings for baseline version 5.0
  • Updated hardening settings for baseline version 4.0
  • Updated hardening settings for baseline version 2.0
  • Deleted hardening settings
  • Deleted hardening settings for baseline version 6.0
  • Deleted hardening settings for baseline version 5.0
  • Deleted hardening settings for baseline version 4.0
  • Deleted hardening settings for baseline version 2.0
  • Access control
  • Anti-CSRF token validation time [New in Security Center 1.3]
  • Apply domain separation on dot walked fields [Updated in Security Center 1.3, 1.5, and 2.0]
  • Enable scoped admin application ACLs [Updated in Security Center 1.3]
  • Enable work order management query rules for service organizations [New in Security Center 1.5 and updated in 2.0]
  • Block access for delegated developers
  • Block Expired Anti-CSRF Tokens [Updated in Security Center 1.5]
  • Check UI action conditions before execution
  • Configure event management assignment group admin roles [New in Security Center 1.5]
  • Configure Service Portal Widgets Allow List [New in Security Center 2.0]
  • Configure Service Portal Widgets Table Allow List [New in Security Center 2.0]
  • Deny internal access to explicit external roles [Updated in Security Center 1.3 and 1.5]
  • Deny unauthorized access to request items [Updated in Security Center 1.3]
  • Enable Anti-CSRF token [New in Security Center 1.3, updated in 1.5, and removed in 2.0]
  • Ensure archive table ACLs are checked [New in Security Center 1.3 and updated in 1.5]
  • Enforce ACL on HR Lifecycle Events Data [New in Security Center 2.0]
  • Enforce application specific ACLs only for application data
  • Enable contextual security plugin [Updated in Security Center 1.3]
  • Enforce security scope license and permit playbook [New in Security Center 1.5 and updated in 2.0]
  • Enforce Security Scope for Agent Workspace for HR Case Management [New in Security Center 1.5 and updated in 2.0]
  • Prevent Users From Accepting Warning To Bypass CSRF Validation [Updated in Security Center 1.3 and 1.5]
  • Enforce ACL on HR Core Data [New in Security Center 2.0]
  • Enforce ACL on HR Virtual Agent Data [New in Security Center 2.0]
  • Enforce Read Roles for Catalog Variable Search
  • Enforce Security Scope for Service Application Information [New in Security Center 2.0]
  • Enable Cross Scope Privilege Checks on Service Portal Form
  • Restrict delegated developers read access [Updated in Security Center 1.3]
  • Disable inbound emails for locked out users
  • Display recommendations for high risk UI pages
  • Double check inbound transactions [Updated in Security Center 1.3]
  • Enable ACLs to Control Live Profile Details [Updated in Security Center 1.3]
  • Enable ACLs for Encoded Query in Simple List Widget [New in Security Center 2.0]
  • Enable URL allowlist for cross-origin iframe communication
  • Enforce application scope restrictions [New in Security Center 1.3 and removed in 1.5]
  • Enforce security rules to sharing dashboards [New in Security Center 1.3]
  • Enforce scope security for public sector digital services [New in Security Center 1.3]
  • Enforce scoped ACL access for information request playbooks [New in Security Center 1.3 and updated in 1.5]
  • Enforce strict elevate privilege [New in Security Center 1.3]
  • Require AJAXGlideRecord ACL checking [Updated in Security Center 1.3]
  • Enforce field level ACLs in GlideRecordSandbox
  • Enforce GroupBy ACLs
  • Ensure dashboards creation/deletion requires access check [New in Security Center 1.3 and updated in 2.0]
  • Enforce oauth state parameter validation
  • Enforce Strict User Image Upload
  • Exclude Sensitive Tables and Fields from Data Generation
  • Restrict email domains for external user registration [Updated in Security Center 1.3, 1.5, and 2.0]
  • Enable High Security Plugin [Updated in Security Center 1.3]
  • Honor Admin Override ACLs
  • Prevent inactive users from logging in [New in Security Center 1.5]
  • Prevent Unauthenticated Access to Virtual Agent Embedded Web Client
  • Restrict JSONP requests to trusted URLs [Updated in Security Center 1.3]
  • Disable raw database query execution [Updated in Security Center 1.3 and removed in 2.0]
  • Hide user comments on articles [New in Security Center 1.3]
  • Require authentication by default for client-callable script includes [Updated in Security Center 1.3]
  • Enforce production instance behavior [Updated in Security Center 1.3 and 1.5]
  • Restrict access to background script [Updated in Security Center 1.3 and 2.0]
  • Restrict access to emails with empty target table
  • Restrict access to specific IP ranges plugin [Updated in Security Center 1.3]
  • Restrict knowledge bases access [New in Security Center 1.3]
  • Restrict permissions for CMDB model [Updated in Security Center 1.3 and 1.5]
  • Restrict unauthenticated access to attachments
  • Restrict access to custom journal entries [Updated in Security Center 1.3 and removed in 2.0]
  • Restrict flow context read access [New in Security Center 1.5]
  • Restrict Impersonation to Admin [New in Security Center 2.0]
  • Enable security jump start plugin (ACL Rules) [Updated in Security Center 1.3]
  • Use of secure insert multiple operation within import set API [New in Security Center 1.3]
  • Enforce SOAP request strict security [Updated in Security Center 1.3]
  • Required jms connection factories [New in Security Center 1.3 and updated in 1.5 and 2.0]
  • Restrict Global App Development by Role [New in Security Center 2.0]
  • Review extraneous explicit role access control conditions [Removed in Security Center 1.5]
  • Set guest user for soap requests [Updated in Security Center 1.3 and 2.0]
  • Disable public access to favorites [Updated in Security Center 1.3 and 2.0]
  • Enable SNC access control plugin [Updated in Security Center 1.3]
  • Prevent users from accepting warning to bypass CSRF validation
  • Prevent impersonating user from viewing application data
  • API and web service
  • Validate SOAP content type [Updated in Security Center 1.3]
  • Require authorization for pdf requests [Updated in Security Center 1.3]
  • Require Authentication on Event Management HTTP Processor [New in Security Center 1.3, Updated in 1.5, and removed in 2.0]
  • Require authorization for SOAP requests [Updated in Security Center 1.3, 1.5, and 2.0]
  • Require authorization for unload requests [Updated in Security Center 1.3]
  • Require authorization for csv requests [Updated in Security Center 1.3]
  • Require authorization for excel requests [Updated in Security Center 1.3]
  • Require authorization for import requests [Updated in Security Center 1.3]
  • Require authorization for JSONv2 request [Updated in Security Center 1.3]
  • Require authorization for WSDL request [Updated in Security Center 1.3 and 1.5]
  • Require authorization for XML requests [Updated in Security Center 1.3]
  • Require authorization for XML output requests [Updated in Security Center 1.3]
  • Require Authorization for XSD Requests [Updated in Security Center 1.3]
  • Require authorization for script requests [Updated in Security Center 1.3]
  • Require authorization for SCHEMA requests [Updated in Security Center 1.3]
  • Require authorization for RSS requests [Updated in Security Center 1.3]
  • Require authorization for API requests [Updated in Security Center 1.3]
  • Architecture, design, and threat modeling
  • Certificate based authentication not enforced [New in Security Center 1.3]
  • Check impersonation on ACL evaluation in HR App [New in Security Center 1.3 and updated in 1.5]
  • Disable local login for users with Single Sign-On (SSO) enabled
  • Disable unauthenticated published reports [Updated in Security Center 2.0]
  • Enforce field ACLs for inbound query requests
  • Enforce read ACLs on report views
  • Define allowed ServiceNow internal IP addresses [Updated in Security Center 1.3 and 1.5]
  • Disable legacy JQuery behavior [Updated in Securty Center 1.3]
  • Disable GlideRecord Scope Fencing Legacy Behavior [New in Security Center 1.3 and updated in 1.5 and 2.0]
  • Disable legacy AngularJS behavior [Removed in Security Center 2.2]
  • Require authorization for data broker rest API [Updated in Security Center 1.3]
  • Deny by default with empty ACLs [Updated in Security Center 1.3]
  • Set Automatic Token Cleanup for Token Credentials [New in Security Center 2.0]
  • Authentication
  • Activate role-based multi-factor authentication [Updated in Security Center 1.3]
  • Anti-CSRF token (instance security hardening)
  • Enable account recovery [Updated in Security Center 1.3 and 1.5]
  • Require obfuscation of classic mobile app UI [Updated in Security Center 1.3]
  • Disable password-less authentication
  • Do not apply password policy at login [Updated in Security Center 1.5 and removed in 2.0]
  • Enable a deny-list password validation check
  • Enable Captcha for External User Registration [Updated in Security Center 1.3 and 1.5]
  • Enable CAPTCHA for customer registration
  • Enable CAPTCHA in password reset
  • Enable email OTP for multi-factor authentication
  • Enable password reset policy checks [Updated in Security Center 2.0]
  • Enable policy based session access for mobile [New in Security Center 1.5]
  • Enable relay state in SAML requests to prevent replay attacks
  • Enable SSL in LDAP authentication [Updated in Security Center 1.5 and 2.0]
  • Enforce current password policy compliance requirements on login
  • Minimize external user registration link expiration duration [Updated in Security Center 1.3 and 1.5]
  • Managing unlock timeout after failed logins [Updated in Security Center 1.3]
  • Maximize failed login unlock timeout duration [Updated in Security Center 1.3]
  • Require obfuscation of mobile app UI [Updated in Security Center 1.3]
  • Notify users during password reset/change process [Removed in Security Center 1.5]
  • Remove credentials from Welcome page
  • Minimize reset password request expiration duration [Updated in Security Center 1.3]
  • Limit Invalid Password Reset Attempts [Updated in Security Center 1.3 and updated in 2.0]
  • Control Lockout Time for Invalid Password Reset Attempts [Updated in Security Center 1.3 and 2.0]
  • Maximize reset password request retry window duration [Updated in Security Center 1.3]
  • Maximize reset password request unlock window duration [Updated in Security Center 1.3]
  • Maximize reset password SMS complexity [Updated in Security Center 1.3]
  • Maximize reset password SMS pause window duration [Updated in Security Center 1.3]
  • Maximize reset password verification delay duration [Updated in Security Center 1.3]
  • Minimize failed login attempts for high assurance sessions
  • Minimize reset password max SMS per day [Updated in Security Center 1.3]
  • Minimize reset password request success window duration [Updated in Securty Center 1.3]
  • Minimize reset password SMS expiracy duration [Updated in Security Center 1.3]
  • Minimize SAML notBefore or notOnOrAfter constraint duration [Updated in Security Center 1.3 and 1.5]
  • Disable creating users from incoming emails [Updated in Securty Center 1.3]
  • Activate role based multi-factor authentication [Updated in Security Center 1.3]
  • Reduce allowed bypasses for multifactor setup
  • Set minimal password length [Updated in Security center 2.2]
  • Set OTP lifetime for password reset to 1 hour [Updated in Security Center 2.0]
  • Minimize one-time out of band verifier lifetime duration [Updated in Security Center 1.3]
  • Enforce device encryption and passcode requirements [New in Security Center 1.3]
  • Require captcha for guest walk-up experience in customer service application [New in Security Center 1.3 and updated in 1.5]
  • Enable SMS code notification for enrollment and verification [Updated in Security Center 1.3]
  • Business Logic
  • Limit max comments per user per day
  • Limit max subscriptions per user per day
  • Minimize SMTP Recipient Quantity [Updated in Security Center 1.3]
  • Validate remote host
  • Communications
  • Enforce certificate trust [Updated in Security Center 1.3 and removed in 2.0]
  • Disable deprecated TLS versions
  • Disable outbound SSLv2/SSLv3 connections [Updated in Security Center 1.3]
  • Do not use demo certificates for active saml configurations [Updated in Security Center 1.5]
  • Enforce OCSP check on network error [New in Security Center 1.3 and updated in 2.0]
  • Ensure minimum private key size
  • Verify certificate chain and hostname [New in Security Center 1.3 and updated in 2.0]
  • Verify certificate revocation [New in Security Center 1.3]
  • Configuration
  • Auto set content type options [Removed in Security Center 1.3.3]
  • Cache-Control HTTP Header Value [Updated in Security Center 1.3 and removed in 1.5]
  • Disable legacy JQuery UI usage
  • Disable locked form elements debugging
  • Disable MultiSSO Debugging [Updated in Security Center 1.3 and 1.5]
  • Disallow target cloning [New in Security Center 1.3]
  • Disable soap fault stack trace display
  • Enable HTTP response headers configuration
  • Restrict performance monitoring access [Updated in Security Center 1.3]
  • Enable updated version of MultiSSO plugin [Updated in Security Center 1.3 and 1.5]
  • Enforce secure referrer policy [New in Security Center 1.3]
  • Implement the x-frame-options: SAMEORIGIN security header [Updated in Security Center 1.3]
  • Require write access to access service catalog add item page [New in Security Center 1.3]
  • Set Xframe options to prevent embedding third-party websites [Updated in Security Center 1.3]
  • Data protection
  • Remove remember me
  • Require clearing pasteboard when backgrounding mobile application [New in Security Center 1.3 and updated in 1.5]
  • Restrict HR case updates from personal emails [New in Security Center 1.3 and updated in 1.5]
  • Restrict oauth parameters to POST body [New in Security Center 1.3]
  • Error handling and logging
  • Disable logger for low privilege users in script sandbox [Updated in Security Center 1.3]
  • Disable secure cookie debugging
  • Disable SQL Error Messages [Updated in Security Center 1.3 and 1.5]
  • Enable MID audit log [New in Security Center 1.3 and updated in 1.5]
  • Enable protected tables plugin [New in Security Center 1.3]
  • Log all outbound http request fields [Removed in Security Center v1.3.2]
  • Log html sanitization [Removed in Security Center 2.0]
  • Log session audit events [New in Security Center 1.3 and updated in 1.5]
  • Log user impersonation [Updated in Security Center 1.3 and 2.0]
  • Prevent verbose HTTP request logging
  • Turn off verbose SQL error messages for import processor [Updated in Security Center 1.3]
  • File and resources
  • Disallow infected file download [Updated in Security Center 1.5 and 2.0]
  • Enable email spam scoring and filtering [Updated in Security Center 1.3]
  • Enable antivirus scan
  • Restrict downloadable files types in static content [Updated in Security Center 1.3]
  • Limit attachment size in training and prediction flows for GraphQL endpoints [New in Security Center 1.3 and updated in 1.5]
  • Limit attachment size in training and prediction flows [New in Security Center 1.3 and updated in 1.5]
  • Limit HTTP response body size [New in Security Center 1.3 and updated in 1.5]
  • Limit maximum number of attachments in email
  • Maximum allowed attachment size [Updated in Security Center 1.3]
  • Set Allowed MIME Child Types [New in Security Center 2.0]
  • Validate file mime type in AttachmentCreator soap web service [New in Security Center 1.3 and updated in 1.5]
  • Malicious code
  • Block rooted or jailbroken mobile devices
  • Enable Code Signing for application configuration data and scripts [Removed in Security Center 1.3]
  • Session management
  • Apply continuous authentication policies to mobile sessions
  • Minimize absolute session timeout duration [Updated in Security Center 1.3]
  • Define active session timeout exception roles [New in Security Center 1.3]
  • Enable UserCookie version 3.1 [Updated in Security Center 2.0]
  • Enforce password reset on api requests [Updated in Security Center 1.5]
  • Enable HTTP Only Cookie Flag [Updated in Security Center 1.3]
  • Invalidate Session After OAuth Token Expiration [New in Security Center 2.0]
  • Minimize concurrent interactive session quantity [Updated in Security Center 1.3]
  • Limit concurrent sessions across all nodes [Updated in Security Center 1.3]
  • Limit concurrent sessions plugin
  • Limit guest's active session life span [New in Security Center 1.3]
  • Limit concurrent interactive sessions [Updated in Security Center 1.3]
  • Limit integrations' active session life span [New in Security Center 1.3]
  • Limit policy based session access mobile refresh token interval [New in Security Center 1.5]
  • Limit session length for high assurance sessions
  • Limit UI active session life span [New in Security Center 1.3]
  • Proactively invalidate inactive sessions [New in Security Center 1.3 and updated in 1.5 and 2.0]
  • Rotate HTTP session identifiers
  • Minimize concurrent interactive session quantity [Updated in Security Center 1.3]
  • Minimize session activity timeout duration [Updated in Security Center 1.3]
  • Minimize session window timeout duration [Updated in Security Center 1.3]
  • Stored cryptography
  • Enable glide KMF encrypter [Removed in Security Center 1.3.2]
  • Disable use of TripleDES/3DES encryption algorithm
  • Validation, sanitization, and encoding
  • Restrict access to GlideSystemUserSession scriptable API [Updated in Security Center 1.3 and 2.0]
  • Disable JavaScript tags in embedded HTML [Updated in Security Center 1.3]
  • Enable the hardened java security manager [New in Security Center 1.3]
  • Enforce HTML Sanitization [Updated in Security Center 1.3]
  • Enable script sandbox [Updated in Security Center 1.3]
  • Disable AJAXEvaluate
  • Disable Entity Expansion within the XMLDocument2 Streaming Parser [Updated in Security Center 1.5]
  • Disable external content url [Updated in Security Center 2.0]
  • Restrict downloadable MIME types [Updated in Security Center 1.3 and 2.0]
  • Disable embedded HTML code [Updated in Security Center 1.3]
  • Enable HTML Sanitizer within Virtual Agent [Updated in Security Center 1.3 and 1.5]
  • Enable Jelly JS Interpolation Protection
  • Enable Jelly JS interpolation protection for nested expressions [Updated in Security Center 2.0]
  • Enforce relative links [Updated in Security Center 1.3 and 1.5]
  • Enforce URL allowlist check [Updated in Security Center 1.3, 1.5, and 2.0]
  • Escape Excel Formulas [Updated in Security Center 1.3]
  • Escape HTML in list views [Updated in Security Center 1.3 and 1.5]
  • Escape JavaScript [Updated in Security Center 1.3]
  • Escape jelly script [Updated in Security Center 1.3 and 1.5]
  • Escape scripts in scratchpad [Updated in Security Center 1.3]
  • Escape XML markup [Updated in Security Center 1.3]
  • Escape xml response
  • Enable HTML Sanitizer [Updated in Security Center 1.3]
  • Restrict allowed Java packages [Updated in Security Center 1.3]
  • Packages call removal tool
  • Unset LDAP Initial distinguished name [Updated in Security Center 1.3 and removed in 2.0]
  • Enforce strict security of session cookies [Updated in Security Center 1.3]
  • Minimize Entity Expansion Threshold for GlideXMLUtil Scriptable [Updated in Security Center 1.3, 1.5, and 2.0]
  • Prevent Empty ACL Creation [New in Security Center 2.0]
  • Define restricted downloadable MIME types [Updated in Security Center 1.3, 1.5, and 2.0]
  • Restrict uploaded MIME types [Updated in Security Center 1.3 and 2.0]
  • Restrict XML external entities [Updated in Security Center 1.3 and 2.0]
  • Require XMLdoc2 entity validation with allowlistDisable entity expansion [Updated in Security Center 1.3]
  • Sanitize All Translated HTML Fields [New in Security Center 2.0]
  • Sanitize HTML in the Description Fields of the Impact Workspace Module
  • Set safe content security policy for svg files [New in Security Center 1.3]
  • Log Export Service (LES)
  • Exploring Log Export Service (LES)
  • Log sources
  • Administering Log Export Service (LES)
  • Create a log source configuration
  • Create source type and multi topics in the LES source table
  • Update system property
  • Configuring Log Export Service (LES)
  • Kafka consumer
  • MID server consumer
  • Set up a secure connection to the Hermes Messaging Service for LES
  • Using Log Export Service (LES)
  • Log Export Service (LES) references
  • Log Export Service roles
  • Logs
  • System logs
  • System log
  • Transaction logs
  • Client transaction timings
  • Push logs
  • System email log and mailboxes
  • Event logs
  • Import logs
  • System Diagnostics module
  • Customer Updates table
  • Log history
  • Use the log file browser
  • Enhanced logging security
  • Avoid log tampering
  • Configuring the log protection plugin
  • Create log protection property
  • Logging, auditing, and errors
  • Disabling SQL error messages
  • Secrets Management
  • Exploring Secrets Management
  • About client-side Secrets Management
  • Configuring client accessible secrets
  • Create encryption keys and certificate
  • Add your certificate to the ServiceNow Trusted Key Store
  • Create a secret group
  • Upload the public/private keypair to the MID Server
  • Create credentials
  • Configure Flow Designer to manage the integration
  • Test the end-to-end client-side encrypted secrets integration
  • Test a Windows Management Instrumentation credential encrypted with Secrets Management
  • Cloning and Secrets Management
  • Secrets Management dashboard
  • Secrets management roles
  • Create a secret group cryptographic module
  • Create a basic secret group
  • Create a secret group with criteria
  • Upload a public key
  • Run jobs
  • Code Signing
  • Exploring Code Signing
  • Configuring Code Signing
  • Assign the Code Signing Administrator Role
  • Configure Code Signing Enterprise on your trusted instance
  • Upload your Code Signing configuration file to your protected instance
  • Configure Code Signing Enterprise on your protected instance
  • Turn on certificate validation
  • Create Code Signing key pairs and certificates
  • Turn off Code Signing
  • Specify custom rules in ECC firewall
  • Change your Root of Trust configuration
  • Migrate signatures to use a customer certificate
  • Disable ServiceNow Root of Trust
  • Using Code Signing
  • Standalone signing tool
  • Using the Signing Tool
  • Signing Tool arguments
  • Sign the JDBC data source records in the protected instance
  • Sign the REST and SOAP messages in the production instance
  • Sign the existing REST and SOAP messages
  • Sign new REST and SOAP messages
  • Sign specific records or attachments
  • Sign the flows, subflows, and actions in the protected instance
  • Code Signing reference
  • Properties installed with Code Signing
  • Roles installed with Code Signing
  • Troubleshooting and accessing logs
  • Antivirus Scanning
  • Exploring Antivirus Scanning
  • Configuring Antivirus Scanning
  • Reviewing quarantined files
  • Reviewing antivirus activity
  • Knowing about Dictionary attributes for Antivirus Scanning
  • HTML sanitizer
  • Exploring HTML sanitizer
  • Configuring HTML sanitizer
  • Enabling HTML sanitizer
  • Enabling sanitization on individual fields
  • Enabling HTML Sanitizer logging
  • Auditing
  • Exploring Auditing
  • Configuring auditing for a table
  • Enabling inclusion list auditing for a table
  • Exclude a field from being audited (exclusion listing)
  • Including a table field in auditing (inclusion listing)
  • Enable auditing for a system table
  • Viewing Sys Audit and Audit Relationship Change tables
  • Knowing about History sets
  • Differences Between Audit and History Sets
  • Control access to history
  • Change the number of history entries
  • History List
  • History Calendar
  • History Timeline
  • View timeline of changes to related records
  • Export a snapshot of a CI
  • Compare CI snapshots
  • Tracking changes to reference fields
  • Tracking inserts
  • Tracking CI Relationships
  • High Security Settings
  • Exploring High Security Settings
  • Configuring Script sandbox property
  • Activating High Security Settings
  • Virtual Private Network (VPN)
  • Exploring Virtual Private Network (VPN)
  • Activating a VPN service
  • Configuring an address for VPN communication
  • Platform Privacy
  • Data Privacy
  • Exploring Data Privacy
  • Domain separation and data privacy
  • Supported field types for anonymization
  • Data privacy roles
  • Data privacy (Classic)
  • Activate data privacy (Classic)
  • Installed with data privacy (Classic)
  • Data privacy (Classic) configuration
  • Create a data privacy technique configuration
  • Create a data privacy policy
  • Configure a data privacy job
  • Data privacy job rollback
  • Roll back a data privacy job
  • Data privacy clone
  • Configure data privacy clone request
  • Data privacy (Store)
  • Data privacy overview
  • Activate data privacy
  • Data classification
  • Create data classifications
  • Classify data
  • Real time anonymization
  • Data channels for real-time anonymization policies
  • Real time anonymization failures
  • Data Privacy for Now Assist
  • Exploring Data Privacy for Now Assist
  • Configuring Data Privacy for Now Assist
  • Data Discovery
  • Exploring Data Discovery
  • Activating Data Discovery
  • Classify data in Data Discovery Findings page
  • Data Discovery jobs
  • Configure a Data Discovery job
  • Attachment scanning in Data Discovery jobs
  • Configure Data Discovery patterns
  • Default data patterns
  • Configure Data Discovery target table
  • Activate parallel jobs for Data Discovery
  • Data Discovery roles
  • Data Discovery job results
  • Data Discovery supported data types
  • Scanning with Granular Configuration
  • Granular Findings
  • Contextual based discovery
  • Data Classification
  • Exploring Data Classification
  • Installing Data Classification plugin demo data
  • Creating data classifications
  • Assigning data classifications to dictionary entries
  • Analyzing data classifications using the Overview dashboard
  • Domain separation and Data Classification
  • Data anonymization
  • Create anonymization techniques
  • Create anonymization policies
  • Configure data anonymization clone request
  • Create anonymization job
  • Activate parallel jobs for data anonymization
  • Encryption
  • Key Management Framework
  • Exploring the Key Management Framework
  • Cryptographic module overview
  • Cryptographic specification
  • Module access policy overview
  • Instance level keys in the Key Management Framework
  • Configuring the Key Management Framework
  • Configure field encryption settings to select key type
  • Create a cryptographic module
  • Create a cryptographic specification
  • Configure key lifecycle states
  • Generate a ServiceNow cryptographic key
  • Create a module access policy
  • Create a cryptographic module life-cycle policy
  • Create module life-cycle policy exceptions
  • Key Management Framework Reference
  • Key Management Framework key life-cycle states
  • Roles installed with Key Management Framework
  • Module access policy visualization
  • Module access policy debugger
  • Encryption and Key Management subscription bundle
  • Key management actions
  • View and manage keys
  • Rotate keys
  • Import a key from a web service
  • Key Management Framework Health
  • Prepare your instance for GlideEncrypter deprecation
  • Deprecate GlideEncrypter usage of 3DES for password2 fields
  • Key Management Framework Resource Exchange
  • Key Management Framework Key Exchange
  • Configure Key Exchange
  • Rekey ciphertext with Key Exchange
  • Recurring Key Exchange walkthrough
  • Infrastructure Security
  • Generate a Certificate Signing Request
  • Password2 encryption with the Key Management Framework (KMF)
  • Certificates
  • Exploring Certificates
  • Generating an LDAP client certificate
  • Generating a server certificate
  • Uploading a certificate to an instance
  • Uploading a trusted server certificate
  • Field Encryption
  • Exploring Field Encryption
  • Configuring Field Encryption
  • Activate Field Encryption Enterprise
  • Role requirements for Field Encryption
  • Configure Field Encryption modules
  • Cryptographic specifications for Field Encryption
  • Module keys for Field Encryption
  • Module lifecycle policy exceptions for Field Encryption
  • Configure Customer-supplied keys for Field Encryption Enterprise
  • Configure properties for customer-supplied key
  • Wrap your customer-supplied key
  • Upload your customer-supplied key
  • Configure encrypted field configurations for fields or attachments
  • Configure multi-module encrypted field configurations
  • Configure module access policies for field encryption
  • Migrating to Field Encryption
  • Field Encryption migration status page
  • Migrate from Edge Encryption to Field Encryption
  • Configure Field Encryption for your Edge Encrypted fields
  • Field Encryption and system clones
  • Prevent users from attaching unencrypted files
  • Using Field Encryption
  • Create cryptographic module for Field Encryption
  • Using multiple encryption modules
  • Create a cryptographic specification for Field Encryption
  • Configure advanced algorithms for Field Encryption Enterprise
  • Using customer supplied keys with Field Encryption Enterprise
  • Configure properties for customer-supplied keys
  • Wrap your customer-supplied key
  • Configure and upload your customer supplied key
  • Encrypting fields and attachments
  • Set encrypted field configurations
  • Script access for cryptographic modules
  • Configure script access to encrypted data
  • View declined cryptographic module usage requests
  • Schedule mass encryption, decryption, and rekeying jobs
  • Run mass encryption or decryption
  • Field Encryption Enterprise examples
  • Field Encryption Enterprise
  • Column Level Encryption
  • Exploring Column Level Encryption
  • Column Level Encryption Guided Tour
  • Configuring Column Level Encryption
  • Configuring Column Level Encryption
  • Activate Column Level Encryption Enterprise
  • Migrating to Column Level Encryption Enterprise
  • Column Level Encryption migration status page
  • Prevent users from attaching unencrypted files
  • Using Column Level Encryption
  • Create cryptographic module for Column Level Encryption
  • Using multiple encryption modules
  • Create a cryptographic specification for Column Level Encryption Enterprise
  • Configure advanced algorithms for Column Level Encryption Enterprise
  • Configure properties for customer-supplied keys
  • Wrap your customer-supplied key
  • Configure and upload your customer supplied key
  • Encrypting fields and attachments
  • Set encrypted field configurations
  • Script access for cryptographic modules
  • Configure script access to encrypted data
  • View declined cryptographic module usage requests
  • Schedule mass encryption, decryption, and rekeying jobs
  • Run mass encryption or decryption
  • Column Level Encryption examples
  • Column Level Encryption Enterprise walkthrough
  • Attachment encryption walkthrough
  • Column Level Encryption Enterprise
  • Cloud Encryption with Key Management
  • Key management operations
  • Quorum Control Policy
  • Configure Quorum Control Policy Settings
  • Manage Quorum Control
  • Approve or deny a quorum control request
  • Approve or deny a quorum request
  • Key management transactions
  • Cloud Encryption logging
  • Tamper Detection
  • Full disk encryption
  • Edge Encryption
  • Exploring Edge Encryption
  • Edge Encryption components
  • Edge Encryption clients
  • Key management for Edge Encryption
  • SafeNet key versioning for Edge Encryption
  • Encryption configurations and patterns
  • Installed with Edge Encryption
  • Planning for Edge Encryption
  • Edge Encryption system requirements
  • Sizing your Edge Encryption environment
  • Calculate the order-preserving and tokenization database size
  • Edge Encryption limitations
  • Installing Edge Encryption
  • Request Edge Encryption
  • Set up an Edge Encryption user account
  • Download the Edge Encryption proxy server
  • Install the Edge Encryption proxy server using the interactive installer
  • Install the Edge Encryption proxy server (interactive installer)
  • Configure CyberArk properties protection
  • Configure the signature key
  • Configure the HTTPS certificate
  • Configure the AES 128-bit encryption key
  • Configure the AES 256-bit encryption key
  • Update SSL certificate
  • Configure the Edge Encryption proxy database
  • Launch the Edge Encryption proxy server
  • Verify and troubleshoot the Edge Encryption proxy server installation
  • Install the Edge Encryption proxy server using the command line installer
  • Install the Edge Encryption proxy server (command line installer)
  • Create and configure the RSA key pair for the digital signature
  • Import and configure the certificate for secure SSL connection
  • Set up a keystore and encryption keys
  • Set up a Java KeyStore keystore
  • Create encryption keys using the Java KeyStore keytool
  • Set up a SafeNet KeySecure keystore
  • Set up Unbound Technology keys
  • Create an encryption key stored in a file
  • Configure encryption keys on the instance
  • Configure additional properties in the Edge Encryption properties file
  • Configure a web proxy
  • Set the proxy server initial memory limit and upper bound memory limit
  • Start the Edge Encryption proxy
  • Obfuscate passwords in the properties file
  • Manually add an additional proxy
  • Authenticate an Edge Encryption proxy server
  • Stop the Edge Encryption proxy
  • Uninstall the Edge Encryption proxy on Linux
  • Uninstall the Edge Encryption proxy on Windows
  • Set up multiple provider SSO with Edge Encryption
  • Edge Encryption proxy server properties
  • CyberArk integration with the Edge proxy server
  • Using a load balancer with the Edge proxy server
  • Upgrading Edge Encryption
  • Schedule an Edge Encryption proxy server upgrade
  • Manually upgrade an Edge Encryption proxy server running on Linux
  • Manually upgrade an Edge Encryption proxy server running on Windows
  • Roll back an Edge Encryption proxy server upgrade
  • Configuring Edge Encryption
  • Rotate encryption keys
  • Encrypt fields using encryption configurations
  • Encrypt attachments using standard encryption
  • Change a field or attachment's encryption type
  • Tokenize strings using encryption patterns
  • Repair or recover order-preserving encrypted data
  • Configure the IP address deny list
  • Encrypt data from a record producer
  • Define a custom encryption rule
  • Inspect the client request
  • Create an encryption rule
  • Encryption rule conditions
  • Encryption rule actions
  • Encryption rule objects and APIs
  • request
  • POST and URL parameter APIs
  • XML APIs
  • XMLContent
  • XMLElementIterator
  • XMLElement
  • JSON APIs
  • JsonNode
  • JsonNodeIterator
  • print(String message)
  • Prohibited keywords
  • Edge Encryption dictionary attributes
  • Domain separation and Edge Encryption
  • Data integration with Edge Encryption
  • Edge Encryption ODBC driver integration
  • Edge Encryption MID Server integration
  • Edge Encryption diagnostics and performance
  • Increase debug logging for the Edge Encryption proxy
  • Database Encryption
  • Exploring Database Encryption
  • Requesting database key rotation
  • Database Encryption with Customer Controlled Switch
  • Access Management
  • Zero Trust Access
  • Exploring Zero Trust Access
  • Activating Zero Trust Access
  • Configuring Session Access role
  • Zero Trust Access system properties
  • Session Access Audits
  • Tutorial: Use Zero Trust Access
  • Configure IDP attribute for Session Access
  • Zero Trust Access for Mobile
  • Continuous Authentication
  • Exploring Continuous Authentication
  • Policies
  • Metrics
  • System properties
  • Pre-work for Continuous Authentication
  • Activating Continuous Authentication
  • Configuring Continuous Authentication
  • Tutorial: Configure Continuous Authentication for a Table
  • Tutorial: Configure Continuous Authentication for a Data Class
  • High Assurance Continuous Authentication
  • High Assurance for SSO Login
  • High Assurance session for non-SSO login
  • Continuous Authentication audit logs
  • Domain separation for service providers
  • Exploring domain separation
  • Configuration that can be delegated to internal or external customers
  • Domain assignment
  • Visibility domains and Contains domains
  • Domain scope
  • Concepts for service providers
  • Global queue v.2
  • Service provider connector
  • Installed with domain separation
  • Application support for domain separation
  • Domain separation recommended practices for service providers
  • Domain separation explained
  • Domain separation value proposition
  • Definition of domain separation
  • Domain separation hierarchies
  • Context and domain separation
  • Segregating and securing data with domain separation
  • Cross tenant intelligence
  • Alternatives to domain separation
  • Evaluating the need for domain separation
  • Benefits of domain separation
  • How a database query works with domain separation
  • Domain separation levels of support
  • Service provider reference architecture
  • Service provider reference architecture decision trees
  • Service provider reference architecture for dedicated instances
  • Service provider reference architecture for hybrid
  • Service provider reference architecture for Service Integration Management (SIAM)
  • Domain separation terms
  • Domain-separate a custom table
  • Customizing domain properties and themes
  • Managing domain separation for specific uses
  • Configuring domain separation with the domain picker
  • Domain separation performance considerations
  • Setting up domain hierarchies
  • Checking domain logs for errors and warnings
  • Importance of the Default domain
  • Contains queries and domain access
  • Domain paths query method
  • Slow queries and SQL debugging
  • Before Query business rules
  • Avoiding domain path in scripts
  • Domain assignments
  • Domain separation and the Customer Service Management (CSM) plugin
  • Domain Separation Help
  • Domain separation setup and administration
  • Request domain separation
  • Domain separation plugin
  • Domain system properties and user preferences
  • Create a domain
  • Make a domain the default
  • Manually manage the domain for particular records
  • Domain Separated Tables
  • Domain Override Viewer
  • Enable or disable a domain
  • Add a domain field to a table
  • View domain relationships
  • Select a primary domain
  • Create Contains relationships between domains
  • Expand domain scope
  • Add domains to a visibility domains list
  • Grant visibility domains to an individual user
  • Create a domain-specific choice list
  • Advanced domain separation administration
  • Use domain selection menus
  • Enable domain selection menus in Core UI
  • Restrict access to the domain picker
  • Domain separation application properties
  • Domain Migration Tool
  • Process administration
  • Sample process administration with domain specific applications
  • Enable verbose domain logging and debug messages
  • View a real-time domain message
  • View a historical domain message
  • Troubleshoot domain separation errors
  • Post-Production Domain Separation Activation Utility
  • Domain Separation Center
  • Configure the Domain Separation Center
  • Configure audits
  • Schedule audits
  • Execute audits immediately
  • View audits with warnings and errors
  • View running and pending results
  • View inactive audits
  • Authentication
  • Adaptive authentication
  • Activate adaptive authentication
  • Filter criteria
  • IP Filter
  • Create IP filter criteria
  • Role Filter
  • Create role filter criteria
  • Group Filter
  • Create group filter criteria
  • Location Filter
  • Activate Location Based Access
  • Create location filter criteria
  • Tutorial: Use Location Filter criteria
  • Use Location Filter in Pre Authentication Context
  • Use Location Filter Post Authentication Context
  • Use Location Filter in MFA Context
  • Use Location Filter for Session Access
  • Identity Provider Attributes Filter
  • Attributes for SAML
  • Use Identity Provider Attribute as Filter Criteria
  • Attributes for OIDC
  • Use as filter criteria for OIDC
  • Authentication policy contexts
  • Pre authentication context
  • Post-authentication context
  • MFA (Multi-Factor Authentication) context
  • Account recovery context
  • Session validation context
  • Activate Session Validation Context
  • Tutorial: Configuring session validation
  • Authentication policies
  • Configure an authentication policy
  • Add an authentication policy to an authentication policy context
  • Adaptive Authentication Events
  • Configure adaptive authentication properties
  • Tutorial: Configure adaptive authentication
  • Adaptive Authentication for Trusted Mobile Apps
  • Activate Trusted Mobile App
  • Register a trusted device
  • Manage your trusted device
  • Registration details of registered devices
  • Trusted Mobile App troubleshooting
  • API Authentication
  • Certificate based authentication
  • OAuth
  • Token-based authentication
  • API Key and HMAC Authentication for inbound REST APIs
  • Activate API Key and HMAC Authentication
  • Configure API key - Token-based authentication
  • Configure HMAC - Token-based authentication
  • Cleaning up token Expiry
  • Basic authentication
  • API access policy
  • REST API access policies
  • Activate REST API access policy
  • Create an authentication profile
  • Create REST API access policy
  • API access policy prioritization
  • REST API Auth Scope
  • Activate REST API Auth Scope
  • Properties and tables
  • Configure REST API Auth scope
  • REST API scope troubleshooting
  • SOAP API access policies
  • Activate SOAP API access policy
  • Create an authentication profile
  • Create SOAP API access policy
  • Create a global API access policy to protect SOAP APIs
  • Filter criteria for APIs
  • API Authentication Policies
  • Create an API authentication policy
  • Configure global blocking policy for APIs
  • Access policy for System/Export Processors
  • Activate Processor access policy
  • Configure Authentication profile for Processor
  • Authentication factors
  • Explore authentication factors
  • Configure authentication factors
  • TOTP authentication
  • Push notification - Okta verify
  • Configure push notification (Okta Verify)
  • SoftPIN authentication
  • Configure Soft PIN
  • SMS OTP authentication
  • Knowledge-based authentication
  • Configure KBA
  • Create KBA questions
  • Create KBA answers
  • Map KBA questions to answers
  • Assign KBA questions to your AI voice agent service
  • Certificate-based authentication
  • Set up Certificate-based authentication
  • Log in using Certificate-based authentication
  • Custom URLs association to your instance
  • Activate custom URLs
  • Set a custom URL as the instance URL
  • Custom URL with Identity Provider
  • Custom URL datacenter job information
  • Generate SP metadata for SAML/SSO custom URL installations
  • Custom URL errors and fixes
  • Installation exits
  • IP range based authentication
  • IP Address Access Control
  • Find denied IP addresses
  • LDAP integration
  • Understanding LDAP integration
  • LDAP integration requirements
  • LDAP integration setup
  • Install the LDAP X.509 SSL certificate
  • Define an LDAP server
  • Enable an LDAP listener and set system properties
  • Specify the LDAP attributes
  • Test an LDAP connection
  • Define LDAP organizational units
  • Create a data source for LDAP
  • Auto provision LDAP users
  • LDAP integration via MID Server
  • Configure LDAP connection monitoring
  • Import binary data through a MID Server
  • Troubleshooting LDAP integration via MID Server
  • Import and map data
  • LDAP transform maps
  • LDAP scripting
  • Set choice action for reference field imports
  • Verify LDAP mapping
  • LDAP integration troubleshooting
  • View the LDAP monitor
  • LDAP error codes
  • Send a one-time password when the LDAP server is down
  • LDAP record synchronization
  • LDAP refresh filters
  • LDAP extraction
  • Inactive LDAP user accounts
  • Find inactive LDAP accounts by using the userAccountControl field
  • LDAP script examples
  • Active Directory Application Mode (ADAM)
  • Configuring an instance with ADAM
  • Set up the ADAM console
  • Create containers and organizational units for ADAM
  • Delegation with ADAM
  • Populating ADAM Objects
  • Testing and troubleshooting ADAM setup
  • Backup and recovery with ADAM
  • Use LDAPS with ADAM
  • Assign the certificate to ADAM
  • Export the public key certificate
  • Active Directory Application Mode (ADAM) Access Account
  • Test the LDAPS connections
  • Use ADAMSync to populate ADAM
  • Define ADAM user accounts
  • Set up ADAMSync
  • Install the ADAM configuration file
  • Example ADAM configuration files
  • Configure Microsoft Active Directory for secure LDAPS communication
  • Set up a stand-alone certificate authority for active directory
  • Generate a certificate from an internal certificate authority
  • Test the LDAPS connectivity locally
  • Export the public key certificate to trust the LDAP certificate
  • LDAP global catalog usage
  • OpenLDAP minor schema modification
  • Modify the OpenLDAP schema
  • Record LDAP deletions
  • Limit concurrent sessions
  • Exploring limit concurrent sessions
  • Activating and configuring limit concurrent sessions plugin
  • Setting a concurrent session limit by user or role
  • Disabling a concurrent session limit by user or role
  • Local Authentication
  • Login and authentication security
  • Exploring Login and authentication security
  • Defining login scenarios
  • Logins and the employee self-service portal
  • Specify a login landing page
  • Specify lockout for failed login attempts
  • Make UI pages public or private
  • Password complexity requirements
  • Exploring Password complexity requirements
  • Enabling password policies on your instance
  • Password policy properties
  • Configuring your password policy
  • Configuring password for a user
  • Excluding passwords through password policies on your instance
  • Unsupported password characters
  • Password Reset
  • Modify the Password Reset notification email text
  • Configuring Password Reset properties
  • Remember me
  • Configuring the logout confirmation prompt
  • Implementing a nonce
  • Nonce process flow
  • Implement a nonce
  • Multi-factor authentication
  • MFA enforcement
  • Changes due to the MFA enforcement
  • MFA enforcement properties
  • Troubleshooting MFA enforcement
  • Frequently asked questions - MFA enforcement
  • MFA enforcement requirements – What and Why
  • MFA enforcement scope
  • MFA enforcement timeline
  • MFA enforcement exception
  • MFA metrics
  • MFA types
  • Reset MFA
  • Exploring Multi-factor authentication
  • Configure Multi-factor authentication
  • MFA verification methods
  • Web Authentication - MFA
  • Configure MFA with Biometrics
  • Authenticator configuration options
  • Multi-factor authentication with SMS
  • Active the MFA with SMS plugin
  • Configure SMS as MFA factor
  • Multi-factor authentication Providers
  • Configure MFA Provider
  • Vonage Provider custom configuration (Tutorial)
  • Multi-factor authentication with Email
  • Configure Email as MFA factor
  • MFA system properties
  • Multi-factor authentication criteria
  • Configure user-based multi-factor criteria
  • Configure role-based multi-factor criteria
  • Configure adaptive authentication policy-based multi-factor criteria
  • Configure Multi-factor authentication with Single Sign-On
  • Configure MFA with SSO
  • Reset MFA for users
  • Reference topic - Multi-factor authentication
  • Using MFA
  • Set up MFA
  • Set up MFA on your user profile
  • Log in with multi-factor authentication
  • Authenticator Applications
  • Change Authenticator app
  • Web Authentication
  • Register a biometric authenticator
  • Register a hardware security key
  • MFA Metrics
  • Multi-Provider Single sign-on (SSO)
  • Activate Multi-Provider SSO plugin
  • Multi-Provider SSO properties, tables, and scripts
  • Multi-Provider SSO configurations
  • Configure Multi-Provider SSO properties
  • Create an external identity provider
  • Generate instance service provider (SP) metadata for SAML
  • Configure users for Multi-Provider SSO
  • Testing IdP connections
  • Common IdP connection errors
  • Troubleshoot script issues with SAML
  • Log in using Multi-Provider SSO
  • Enable users to choose the identity provider for login
  • Use Service Portal with Multi-Provider SSO to redirect a URL
  • Account recovery (ACR)
  • Configure an account recovery user
  • Account recovery properties
  • E-signature for Multi-Provider SSO
  • Activate Approval with e-Signature plugin
  • Use Multi-Provider SSO to set up an SSO approval for a SAML 2.0 authentication
  • SSO approval for an OIDC authentication
  • OIDC as a SSO identity provider
  • Create an OpenID Connect (OIDC) configuration for Single Sign-On (SSO)
  • Use Facebook-based Single Sign-On (SSO)
  • Configure a Facebook-based Single Sign-On (SSO)
  • SAML
  • Multi-Provider SSO (SAML) IdP authentication flow
  • Identity Provider (IdP) system properties
  • Set the IdP issuer URL
  • Set the AuthnRequest service URL
  • Set the SingleLogoutRequest service URL
  • (Optional) Enable signed logout requests
  • Service Provider (SP) system properties
  • Set the instance URL for SAML
  • Set the audience URL for SAML
  • Set up a NameID policy for SAML
  • Determine what User table field matches the NameID token
  • Set the IdP NameID policy
  • Values in the User table field for SAML
  • (Optional) Enable providing an authentication context class for SAML
  • (Optional) Set keystore properties for signing logout requests for SAML
  • Create a service provider key store for SAML
  • Install a service provider keystore for signing SAML requests
  • Create self-signed BCFKS keystore for SAML
  • (Optional) Advanced SAML properties
  • Install the identity provider certificate
  • Replacing a missing certificate for SAML
  • Test the SAML integration
  • Multi-SSO (SAML 2.0) errors and fixes
  • Redirect single sign-on (SSO) logins
  • Clone an instance with a SAML integration
  • SAML 2.0 concepts
  • Typical SAML process flow (diagram)
  • Login (AuthnRequest) process flow
  • Logout (LogoutRequest) process flow
  • URL information for an SSO provider
  • SAML 2.0 configuration using Multi-Provider SSO
  • X.509 certificates for SAML
  • SAML Guided Tour
  • Integrating SAML 2.0 with other features
  • Add deep linking support for SAML
  • ADFS integration with SAML 2.0
  • Set up ADFS for SAML
  • Set up the instance for ADFS
  • Configure an ADFS relying party
  • Configure the ADFS relying party claim rules
  • Create a SAML logout endpoint
  • Test the ADFS configuration
  • (Workaround) Enable service provider-initiated authentication
  • (Workaround) Support Kerberos authentication
  • Azure AD Integration with SAML 2.0
  • Add ServiceNow from the gallery
  • Configure Azure AD SSO
  • Create an Azure AD test user
  • Assign the Azure AD test user
  • Configure ServiceNow
  • Email links with external authentication
  • Add E-Signature support for SAML
  • Migrating an existing SAML 1.1 integration to SAML 2.0
  • Update your existing SAML 2.0 integration
  • Sample SAML 2 responses after the update
  • SAML user provisioning
  • Administer SAML user provisioning
  • SAML 2.0 troubleshooting
  • Monitor the event queue for login activities
  • Event queue login events
  • OAuth authentication
  • OAuth 2.0
  • Set up OAuth
  • Activate OAuth
  • Set the OAuth property
  • Change OAuth password parameter
  • OAuth Inbound
  • OAuth authorization code grant flow
  • Authorize access to an OAuth endpoint using auth code flow
  • Authorization code flow state parameter requirement
  • Authorization code flow example: ServiceNow instance as authorization server
  • Create an endpoint for clients to access the instance
  • OAuth API response parameters
  • OAuth API request parameters
  • Create an OAuth JWT API endpoint for external clients (machine to machine integration)
  • Configure an OAuth OIDC provider for accepting third-party token
  • Configure client type for OAuth and SSO records
  • OAuth implicit grants
  • Manage OAuth tokens
  • Revoke an OAuth token
  • Client Credentials
  • Create the Client Credentials system property
  • Add the OAuth Application User
  • OAuth Outbound
  • Connect to a third-party OAuth provider
  • JWT Bearer
  • Set up OAuth provider with JWT Bearer grant type
  • Generate a JSON Web Token (JWT)
  • OAuth client APIs
  • OAuth parameters for default profile support
  • Private Key JWT Support for OAuth 2.0 Client Authentication
  • Configure Private Key JWT for OIDC based SSO
  • Configure Private Key JWT for Outbound OAuth
  • Create an outbound REST message
  • Self-register to ServiceNow instance
  • Exploring Self-register
  • Activating External User Self-Registration
  • External roles in self-registration
  • Configuring a user registration configuration for external users
  • Configure Google reCAPTCHA for external user self-registration
  • Default registration form fields
  • Add a custom registration form field
  • Enabling external user self-registration for Service Portal
  • Verify user self-registration requests
  • Token based authentication (User logins)
  • Time limited authentication
  • Exploring Time limited authentication
  • Activate time limited authentication
  • Time limited authentication with SMS - Twilio Tutorial
  • Digest token authentication
  • Exploring Digest token authentication
  • Configuring the digest properties for multi-provider single sign-on (SSO)
  • Sample digest token implementations
  • Sample Java digest algorithm for encryption
  • Sample C
  • Web service security
  • Exploring Web service security
  • Configuring mutual authentication
  • Access Control List Rules
  • Exploring Access Control Lists
  • ACL rule types
  • ACL control of function fields
  • Security jump-start - ACL rules plugin
  • Configure an ACL rule
  • Deny-Unless ACL
  • Query ACLs
  • Secure records in an embedded list
  • Related record access
  • Contextual Security Manager
  • Prevent duplicate entries with Contextual Security: Role Management V2
  • Upgrade to Contextual Security: Role Management V2
  • Enable role auditing with Contextual Security: Role Management V2
  • Double-check form submission
  • Default deny property
  • Advanced ACL configuration
  • Provide external users access to a table
  • Apply ACL script conditions to reference fields
  • Apply ACLs to AJAXGlideRecord (client-side Glide record)
  • Evaluate the admin override at the access level
  • ACL debugging tools
  • ACL troubleshooting reference
  • ACL configuration watcher
  • Show ACL execution plan
  • Use the ACL configuration watcher
  • Security Attributes
  • Security Attributes fundamentals
  • Create Security Attributes
  • OOB (Out-of-Box) Security Attributes
  • Compound Security Attributes
  • Security Attribute Scope
  • Field Query Roles and Restrictions
  • Configure a Field Query Role
  • Configure Field Query Restrictions
  • Data filtration(Legacy)
  • Exploring Data filtration
  • Activate data filtration
  • Creating data filtration rules
  • Add a data filter for your data filtration rule
  • Add subject attributes to your data filtration rule
  • Creating subject criteria
  • Create a subject criteria input
  • Create a subject criteria condition
  • Data filtration debugging
  • Security data filters
  • Create a security data filter
  • Locations of default security filters
  • Security data filter performance analysis tool
  • Security Roles
  • Explicit Roles
  • Elevated privilege roles
  • Security_admin role
  • Elevate to a privileged role
  • Force administrators to manually elevate
  • Connections and Credentials
  • Exploring credentials, connections, and aliases
  • Scope protections for Credentials and Connections
  • Domain separation and Credentials and Connections
  • Connection & Credential configuration templates
  • Configure a template for OAuth JWT Bearer grant type
  • Create a configuration template
  • Getting started with connections
  • Create a basic connection for PowerShell and SSH
  • Create an HTTP(s) connection
  • Create a JDBC connection
  • Create a JMS connection
  • Create connection attributes for IntegrationHub
  • Getting started with credentials
  • Create a Connection & Credential alias
  • Set up OAuth integration via MID Server
  • Credential aliases for Discovery
  • Credential aliases for Orchestration activities
  • Create and test your credentials
  • Ansible Tower credentials
  • API key credentials
  • Applicative credentials
  • Basic authentication credentials
  • Chef server credentials
  • CIM credentials
  • Cloud credentials
  • Container image repository credentials
  • Infoblox credentials
  • JDBC credentials
  • JMS credentials
  • OAuth 2.0 credentials
  • SAP credentials
  • SNMP credentials
  • SSH credentials
  • VMware credentials
  • Windows credentials
  • Credential affinity for Discovery and Orchestration
  • Credentials troubleshooting
  • External credential storage
  • Request external credential storage for Discovery and Orchestration
  • External credential storage configuration
  • CyberArk credential storage integration
  • CyberArk integration configuration
  • Configure the CyberArk vault and install the AIM API
  • Import the CyberArk JAR file
  • Configure the MID Server for CyberArk
  • Configure CyberArk for SNMPv2 credentials
  • Configure the CyberArk credential identifier
  • Configure AWS credentials on a CyberArk vault
  • Configure Azure credentials on a CyberArk vault
  • OAuth 2.0 authentication via MID Server using external credential storage
  • Configure a JAR file and credential identifiers
  • Configure CyberArk
  • Configure OAuth 2.0 credentials on CyberArk
  • Configure a connection to send OAuth request via the MID Server using external vault
  • Authentication Algorithms
  • Configure an authentication algorithm
  • Configure an Amazon Signature based Custom Algorithm
  • Configure a custom authentication algorithm
  • Check IP service affinity for Discovery and Orchestration
  • ServiceNow access control
  • Exploring ServiceNow access control
  • Activating ServiceNow access control
  • Configuring ServiceNow access control
  • Audit logging
  • Identity
  • Access Analyzer
  • Exploring Access Analyzer
  • Using Access Analyzer
  • Using Evaluate access
  • View permissions for a user
  • View permissions for a role
  • View permissions for a group
  • Export Access Analyzer queries
  • Comparing user records
  • Comparing user access
  • Viewing Access Analyzer queries - Previously searched criteria
  • Permission evaluation
  • Frequently Asked Questions
  • Access Analyzer Debug logs
  • Access Simulator
  • Exploring Access Simulator
  • Configuring the Access Simulator (Take actions)
  • Using the Access Simulator
  • Adding a Role to the user
  • Removing a Role from the user
  • Adding the user to a Group
  • Removing the user from a Group
  • Frequently Asked Questions
  • Access Insights
  • Explore Access Insights
  • Configure Access Insights
  • Use Access Insights
  • Global Identity
  • Exploring Federated ID
  • Accessing Federated ID Criteria
  • Updating ID fields
  • Identity Center
  • Exploring Identity Center
  • Activating the Identity Center
  • Identity Center for users
  • View Active Sessions
  • View Login History
  • View Registered Mobile Devices
  • Identity Metrics for administrators
  • System for Cross-domain Identity Management (SCIM)
  • SCIM Provider
  • Exploring SCIM Provider
  • Activating the SCIM plugin
  • Tutorial: Configure SCIM for user provisioning with a Provider
  • Provisioning user using Basic Authentication
  • Provisioning user using OAuth
  • SCIM Troubleshooting
  • SCIM customization
  • SCIM customization properties and schemas
  • Create a SCIM Extension schema
  • Create a SCIM ETL definition
  • Handling unmapped fields
  • Creating a source definition
  • SCIM Client
  • Exploring SCIM Client
  • Activate the SCIM Client plugin
  • SCIM Client properties, tables, scriptable APIs, and logs
  • Create a REST message
  • Create a SCIM Provider
  • Create a SCIM Provider Resource Mapping
  • Create a SCIM attribute mapping
  • Attribute Mapping references
  • SCIM Client troubleshooting
  • Identity and Access Audit
  • Exploring Identity and Access Audit
  • Identity Audit Results
  • User Trails
  • Group Trails
  • Role Trails
  • ACL Trails
  • Security Auditable Fields
  • Configuring Tables and Fields
  • Configure Retention Period
  • Fields supported and not supported for Identity Access and Audit
  • Access observer
  • Configure access observation
  • Review Access Observer logs
  • Additional resources for Platform Security products and solutions

Security Attributes

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Security Attributes offer a flexible alternative to access control lists.

    Get started

    Explore Security AttributesLearn fundamentals of Security Attributes

    Create Security AttributesCreate new Security Attributes

    OOB(Out-of-Box) Security AttributesExplain OOB Security Attributes

    Security Attributes LoggingReview Security Attribute logging
    Back to home page