Home
IT Hub

ServiceNow: Customizing Login Processes for Improved Security

ServiceNow
Reco Security Experts
Updated
July 10, 2024
July 10, 2024

Customizing Login Processes for Improved Security in ServiceNow

Securing access to enterprise applications is critical for protecting sensitive data and maintaining operational integrity. ServiceNow has many customization possibilities for improving login security. This article discusses many strategies and best practices for modifying login processes in ServiceNow to improve security and safeguard business assets.

Multi-Factor Authentication (MFA)

Implementing Multi-Factor Authentication (MFA) is one of the most effective ways to enhance login security. MFA requires users to provide two or more verification factors to gain access, significantly reducing the risk of unauthorized access. 

Note: The Integration - Multi-Factor Authentication (com.snc.integration.multifactor.authentication) plugin is installed by default on your instance but must be enabled by an administrator using a system property.

Steps to Implement MFA in ServiceNow

  1. Navigate to Multi-Factor Authentication > Properties.
  2. Toggle the switch on the MFA settings page to enable Multi-Factor Authentication for your instance. You can also change the properties below to customize MFA to meet your security requirements.

The screenshot above displays the Multi-Factor Authentication Properties in ServiceNow.

Property Description
A number of times a user can bypass Multi-Factor authentication.
(glide.authenticate.multifactor.setup.bypass.count)
Number of times that a user can choose to skip the setup of MFA. Your users can still log in to the instance even if they don't have their mobile device with them. If you disable this feature and then re-enable it, the counter starts over again. The default is 3.
The time (in minutes) for the one-time code sent to the user's email address is valid for.
(glide.multifactor.onetime.code.validity)
Number of minutes that the reset code is valid. The default is 10.
The code needs additional time in seconds to be valid to accommodate the clock skew. The maximum value is 60 seconds.
(glide.authenticate.multifactor.clock_skew)
Number of additional seconds that the reset code is valid. The maximum is 60. The default is 10.
Use this property to prevent login issues where the user cannot enter the correct code in the default time allotted.
Enable the remember browser feature for Multi-Factor authentication.
(glide.authenticate.multifactor.remember.browser.enable)
Set your instance to prompt a user for MFA when they log in from a new device or browser. The default is yes.
Validity of browser fingerprint in hours.
(glide.authenticate.multifactor.browser.fingerprint.validity)
After MFA remembers the browser, the user is not challenged for MFA in the same browser for this duration. The default is 8 hours.
Maximum number of browsers a user can remember.
(glide.authenticate.multifactor.remembered.browser.max.count)
The number of browsers MFA remembers for this user.
The default value of the remember-browser check box is on the validate Multi-Factor page.
(glide.authenticate.multifactor.remember.browser.default)
The default value of the remember-browser check box in the validate Multi-Factor page.
Enable web authentication (FIDO2) based MFA.
(glide.webauthn.enabled)
An option to enable passwordless authentication methods such as hardware key and biometric authentication.


Single Sign-On (SSO) Integration

External SSO allows organizations to use several SSO identity providers (IdPs) to manage and retain local database (basic) authentication.

The integration supports any combination of local and external authentication methods on a single instance:

  • SAML 2.0
  • Digest Authentication
  • OpenID Connect

To set up a multi-provider SSO, you must perform several steps, including configuring properties, creating identity providers (IdPs), and configuring users to use SSO.

Steps to Implement SSO in ServiceNow

1. Navigate to System Definition > Plugins, and install the Single Sign-on (SSO) product.

This screenshot shows the Single Sign-on (SSO) product in ServiceNow.

2. Navigate to Multi-Provider SSO > Administration > Properties, and then configure Multi-Provider SSO properties. To enable multiple-provider SSO, you first need to allow SSO to account recovery. To configure that, click on the "page" of the warning to be redirected to the Account Recovery Properties.

This screenshot shows the Multiple-Provider SSO Properties in ServiceNow, with the "enable multiple-provider SSO" field currently disabled.

3. When you click the link, you will be redirected to this page; check "Enable account recovery" and follow the steps.

A screenshot of Account Recovery Properties in ServiceNow shows options to enable and configure secure account recovery.

4. Configure the Multi-Factor Authentication to your account. 

This screenshot shows the successful configuration settings for account recovery in Multi-Provider SSO in ServiceNow.

5. Once you configure the account recovery, you can enable the Multi-Provider SSO.

This screenshot shows the Multiple-Provider SSO Properties with the "enable multiple-provider SSO" field enabled.

6. Navigate to Multi-Provider SSO > Identity Providers and click on "New.” Here, you can select the kind of SSO you want to create. Complete the fields with the information.

This screenshot shows the Identity Providers, and to create a new SSO, click “new.”

This screenshot shows that you can log in to ServiceNow with Google.

Password Policies

Strong password policies are fundamental to securing login processes. ServiceNow allows administrators to enforce robust password requirements and excluded passwords.

Steps to Implement Password Policies in ServiceNow

1. Navigate to Password Policy > Password Policies. Click on "New."

This screenshot shows ServiceNow's password policies.

2. Define your password policy.

This screenshot shows the steps for the password policy criteria.

If you want to customize it, select the "Password Strength Preset" field to custom and add your conditions. You can test your password policy by clicking the "Test Your Password" button at the top.

A screenshot displaying password policy criteria with the Password Strength Preset set to Custom.

Steps to add Excluded Passwords in ServiceNow

1. Navigate to Password Policy > Excluded Passwords. And click on "New".

A screenshot displaying a list of excluded passwords.

2. Add the password that you want to exclude, and save it.

Conclusion

Customizing login processes in ServiceNow is crucial for improving security and securing company information. Organizations may significantly minimize the risk of unwanted access and protect their digital assets by implementing multi-factor authentication, single sign-on, role-based access control, and strong password restrictions. Regularly checking and updating these security procedures is critical to avoid emerging threats and maintain a secure IT environment.

Explore More
See more articles from our Hub