Explore Continuous Authentication

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Explore Continuous Authentication

    ServiceNow's Continuous Authentication (CA) extends user verification beyond initial login, continuously validating user identity throughout the session. Built on a zero trust access security model, CA enforces strict identity verification to protect access to sensitive resources such as Personally Identifiable Information (PII) and confidential data.

    Show full answer Show less

    CA embodies zero trust principles by explicitly verifying every user and device, enforcing least privilege access, and assuming breach scenarios for proactive security measures. This approach helps detect and mitigate risks even after initial authentication, enhancing overall security posture.

    Administrators implement CA by creating security policies at the table or data class level. These policies can mandate step-up authentication (using ServiceNow MFA) or re-authentication (via Identity Provider SSO mechanisms like SAML or OIDC) whenever users attempt to access protected data within an active session.

    Note: To enable CA, the Zero Trust - Continuous Authentication plugin must be installed and licensed.

    Key Features

    • Step-up Authentication: Enforce additional authentication steps during active sessions based on resource sensitivity or user activity.
    • Re-authentication Policies: Configure policies requiring periodic re-verification or re-authentication before granting access to sensitive data.
    • Role-Based Access: Distinct roles for managing CA including CA Admin (full configuration and dashboard access), Policy Admin (policy management), and Auditor (view-only access to metrics and logs).
    • Modular Management: Dedicated modules for managing CA policies, viewing performance metrics, and customizing system properties to align with organizational zero trust requirements.

    Benefits

    • Enhanced Security: Continuous user verification reduces exposure to unauthorized access and enables rapid threat detection.
    • Reduced Risk of Account Takeover: Even if initial session credentials are compromised, enforced re-authentication limits attacker access to sensitive information.

    Use Cases

    • Require re-authentication before accessing sensitive or PII data.
    • Implement periodic re-authentication or step-up authentication during sessions based on policy.
    • Support multi-factor authentication and single sign-on integration as part of step-up or re-authentication workflows.

    Getting Started

    To configure Continuous Authentication, assign the caadmin role, then create or modify policies and adjust system properties as needed. Utilize the Policies, Metrics, and System Properties modules to manage and monitor CA effectiveness.

    ServiceNow's continuous authentication (CA) enables you to reverify and authenticate a user if they access resources that are protected by you.

    ServiceNow's continuous authentication is a security mechanism designed to verify a user's identity not just at the initial login, but throughout the user's entire session. CA is built on ServiceNow's zero trust access security architecture that aims to enhance security by ensuring that the user remains who they claim to be, even after the initial authentication process.

    CA works on the following zero trust access principles:

    • Verify explicitly: No implicit trust for any user, device, or system within a network, regardless of location. Every user and device must be explicitly authenticated and authorized, regardless of location or past access.
    • Use least privilege access: Grant only the minimum access or permissions needed to perform specific tasks and limit potential damage from compromised accounts or systems."
    • Assume breach: Instead of relying only on prevention, assume breach and focus on proactive detection, containment, and response.

    CA provides the ability to enforce step-up authentication or re-authentication based on the data users are accessing and activities they are performing​. It be opted by administrators for creating security policies at a table or data class level.

    You can enforce step-up authentication (MFA) or re-authentication (SSO - SAML or OIDC) within a logged-in session whenever there is an attempt by the user to access Personally Identifiable Information (PII) and sensitive data.

    Note:
    You must install the Zero Trust - Continuous Authentication (com.snc.zero_trust_continuous_authentication) for opting CA which requires a license.

    Benefits

    Following are the some of the benefits of using CA:

    • Enhanced Security: By continuously verifying the user's identity, the system can detect and respond to potential security threats more quickly.
    • Reduced Risk of Account Takeover: Even if an attacker gains access to a user's session, continuous authentication can help prevent them from accessing confidential data.

    Use cases

    Following are some of the use cases for using CA:

    • Enforce re-authentication before allowing access to sensitive data using different policies.
    • Enforce periodic re-authentication or step-up authentication using different policies:
      • Use re-authentication that can include IdP's MFA, IdP's SSO.
      • Use step up authentication with ServiceNow's MFA.

    Roles in CA

    CA has the following roles:

    • CA Admin (ca_admin): Ability to create, edit, and view CA policies. Configure CA properties and view dashboards (Metrics) of CA.
    • Policy Admin (ca_policy_admin): Ability to create, edit, and view CA policies..
    • Auditor (ca_auditor): Ability to view dashboards (Metrics) of CA. And policies, and logs of CA.

    To configure CA you must elevate your role to ca_admin and perform the policy configurations.

    Note:
    All these 3 roles are elevated roles.

    Modules in CA

    Following are the different modules within CA:

    • Policies: View the different continuous authentication policies that are created.
    • Metrics: View the different metrics for continuous authentication for KPI purposes and understand the usage of CA within your organization.
    • System Properties: Use system properties to enable and customize continuous authentication (CA) to meet your zero trust access security requirements.