Securing access to enterprise applications is critical for protecting sensitive data and maintaining operational integrity. ServiceNow has many customization possibilities for improving login security. This article discusses many strategies and best practices for modifying login processes in ServiceNow to improve security and safeguard business assets.
Implementing Multi-Factor Authentication (MFA) is one of the most effective ways to enhance login security. MFA requires users to provide two or more verification factors to gain access, significantly reducing the risk of unauthorized access.
Note: The Integration - Multi-Factor Authentication (com.snc.integration.multifactor.authentication) plugin is installed by default on your instance but must be enabled by an administrator using a system property.
Steps to Implement MFA in ServiceNow
The screenshot above displays the Multi-Factor Authentication Properties in ServiceNow.
External SSO allows organizations to use several SSO identity providers (IdPs) to manage and retain local database (basic) authentication.
The integration supports any combination of local and external authentication methods on a single instance:
To set up a multi-provider SSO, you must perform several steps, including configuring properties, creating identity providers (IdPs), and configuring users to use SSO.
Steps to Implement SSO in ServiceNow
1. Navigate to System Definition > Plugins, and install the Single Sign-on (SSO) product.
This screenshot shows the Single Sign-on (SSO) product in ServiceNow.
2. Navigate to Multi-Provider SSO > Administration > Properties, and then configure Multi-Provider SSO properties. To enable multiple-provider SSO, you first need to allow SSO to account recovery. To configure that, click on the "page" of the warning to be redirected to the Account Recovery Properties.
This screenshot shows the Multiple-Provider SSO Properties in ServiceNow, with the "enable multiple-provider SSO" field currently disabled.
3. When you click the link, you will be redirected to this page; check "Enable account recovery" and follow the steps.
A screenshot of Account Recovery Properties in ServiceNow shows options to enable and configure secure account recovery.
4. Configure the Multi-Factor Authentication to your account.
This screenshot shows the successful configuration settings for account recovery in Multi-Provider SSO in ServiceNow.
5. Once you configure the account recovery, you can enable the Multi-Provider SSO.
This screenshot shows the Multiple-Provider SSO Properties with the "enable multiple-provider SSO" field enabled.
6. Navigate to Multi-Provider SSO > Identity Providers and click on "New.” Here, you can select the kind of SSO you want to create. Complete the fields with the information.
This screenshot shows the Identity Providers, and to create a new SSO, click “new.”
This screenshot shows that you can log in to ServiceNow with Google.
Strong password policies are fundamental to securing login processes. ServiceNow allows administrators to enforce robust password requirements and excluded passwords.
Steps to Implement Password Policies in ServiceNow
1. Navigate to Password Policy > Password Policies. Click on "New."
This screenshot shows ServiceNow's password policies.
2. Define your password policy.
This screenshot shows the steps for the password policy criteria.
If you want to customize it, select the "Password Strength Preset" field to custom and add your conditions. You can test your password policy by clicking the "Test Your Password" button at the top.
A screenshot displaying password policy criteria with the Password Strength Preset set to Custom.
Steps to add Excluded Passwords in ServiceNow
1. Navigate to Password Policy > Excluded Passwords. And click on "New".
A screenshot displaying a list of excluded passwords.
2. Add the password that you want to exclude, and save it.
Customizing login processes in ServiceNow is crucial for improving security and securing company information. Organizations may significantly minimize the risk of unwanted access and protect their digital assets by implementing multi-factor authentication, single sign-on, role-based access control, and strong password restrictions. Regularly checking and updating these security procedures is critical to avoid emerging threats and maintain a secure IT environment.
