Soft PIN authentication

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Soft PIN authentication

    Soft PIN is a six-digit numeric personal identification number used to verify a caller's identity during AI voice agent sessions in ServiceNow. It is designed for low-risk caller verification scenarios, such as confirming returning users before granting access to self-service tasks. Soft PIN can function as a single authentication factor or be combined within a multi-factor authentication flow.

    Show full answer Show less

    Given its medium assurance level, Soft PIN is not recommended as the sole factor for sensitive operations. Instead, it should be combined with higher-assurance factors like Okta Verify push notifications or time-based one-time passwords (TOTP) for enhanced security.

    Key Features

    • User Enrollment: Users must enroll by setting a Soft PIN before use and can re-enroll anytime to change their PIN.
    • Authentication Process: During an AI voice agent session, the agent prompts the caller to enter their Soft PIN via text or voice input. The system validates this input against the enrolled PIN and communicates the result to the orchestrator.
    • Enrollment Rules: The PIN must be exactly six digits, disallow repeating any digit more than twice consecutively, prohibit ascending or descending numeric sequences longer than two digits, and cannot match any of the user’s previous five PINs.
    • System Availability: Soft PIN enrollment is available only if the Now Assist for Platform plugin (sngenaiplatform) is installed and the system property glide.authfactors.Soft PIN.enrollment.enabled is set to true (default). If either condition is unmet, enrollment is disabled and hidden from users.

    Key Outcomes

    • Enables straightforward caller verification for low-risk scenarios within AI voice agent services.
    • Supports flexible authentication flows, either as a single factor or combined with stronger factors for improved security.
    • Ensures PIN complexity and history rules to reduce risk of simple or reused PINs.
    • Provides administrators control over enrollment availability through plugin installation and system property settings.

    Soft PIN is a six-digit numeric PIN that verifies a caller's identity during an AI voice agent session.

    When to use Soft PIN

    Soft PIN is appropriate for low-risk caller verification, such as confirming a returning user before granting access to self-service tasks.

    Soft PIN can be configured as a single factor, the first factor in a multi-factor authentication flow, or a second factor.

    Soft PIN is a medium-assurance factor and is not suitable as the only authentication factor for sensitive operations. For those flows, combine Soft PIN with a higher-assurance factor such as Okta Verify push notification or a time-based one-time password (TOTP). For guidance on combining factors, see Explore authentication factors for AI voice agents.

    How Soft PIN works

    Each user enrolls a Soft PIN before it can be used for authentication. Users can change their PIN by re-enrolling at any time.

    When Soft PIN is selected as an authentication factor for an AI voice agent service, the agent prompts the caller for the PIN during the session. The platform validates the response against the user's enrolled PIN and returns the result to the orchestrator.

    Note:
    Soft PIN supports both Text and Voice input.

    Enrollment rules

    The system enforces the following rules on the chosen PIN:
    Table 1. Enrollment rules
    Rule Behavior
    Length Exactly six digits.
    Repetition No single digit can repeat more than twice consecutively. For example, 111234 is rejected.
    Sequences Ascending or descending numeric sequences longer than two digits aren't allowed. For example, 123456 and 987654 are rejected.
    History The new PIN can't match any of the user's previous five PINs.

    Limitations

    A six-digit numeric PIN provides lower assurance than time-based codes or push notifications. PINs are vulnerable to reuse, observation, and social engineering.

    Availability

    The administrator manages the following conditions on the instance. Soft PIN enrollment is available when both are met:

    • Install Now Assist for Platform sn_genai_platform for activating AI voice agents.
    • The system property glide.auth_factors.Soft PIN.enrollment.enabled is set to true (default).

    When the plugin is not installed, no Soft PIN module exists on the instance and the enrollment URL is not available. When the plugin is installed but the property is set to false, the enrollment option is hidden from the user profile, the navigation menu, and the Service Portal. Users who navigate directly to the enrollment URL see the following message:

    Soft PIN enrollment is not available at this time. Please contact your administrator for more details.

    Table 2. System property
    Property Description Default state
    glide.auth_factors.Soft PIN.enrollment.enabled Controls whether the Soft PIN enrollment option appears in the user profile, the navigation menu, and the Service Portal. Requires the AI Voice Agents plugin. true