User administration Manage the individuals who can access ServiceNow by defining them as users in the system and assigning them to groups. Use the session control options to terminate ServiceNow sessions, for example when system maintenance is required. Create roles that provide selective access to ServiceNow functionality, then assign the roles to groups when all associated users need to access that functionality, or to individual users. Administrative rolesIn previous versions of the product, a great many administrative tasks and rights were granted through the admin role. The rights to change business rules, client scripts, and UI policy, and to create script includes were all controlled by this role. In the current system, a family of more granular administrative roles allows the granting of more specific rights to individual users without granting the broader privileges of the admin role.RolesRoles control access to features and capabilities in applications and modules.GroupsA group is a set of users who share a common purpose.User self-registrationThe User Registration Request plugin provides the ability for unregistered users to request access to a ServiceNow instance. An administrator can activate the plugin.Impersonate a userAdministrators can impersonate other authenticated users for testing purposes. Manage user sessionsThe ServiceNow platform provides the ability to view and terminate individual user sessions, lock out users from the system, and make users inactive..System UsageThe System Usage modules track usage for ServiceNow applications and for ServiceNow Store apps.Skills ManagementThe Skills Management feature enables an administrator to assign configured competencies, called skills, to groups or individual users. These skills can then be used to determine who can be assigned to particular tasks. AuthenticationServiceNow authentication validates the identity of a user who accesses an instance, and then authorizes the user to features that match the user's role or job function.Enable external authenticationYou can enable external authentication on your instance.Multifactor authenticationMultifactor authentication, also known as two-step verification, is a security requirement that asserts a user enter more than one set of credentials to authenticate to an instance. LDAP integrationAn LDAP integration allows your instance to use your existing LDAP server as the master source of user data.Multiple provider single sign-onThe multiple provider single sign-on (multi-SSO) feature allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication.SAML 2.0The Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between security domains.OKTA SSO integrationAdministrators can enable the Okta SSO integration to provide single sign-on access to instances through Okta. Digest token authenticationThe digest token authentication passes user credentials and a digest token within an unencrypted HTTP header.OAuth 2.0Your instance supports Open Authorization (OAuth) 2.0.Normalization Data ServicesThe Normalization Data Services Client plugin helps maintain consistency for table fields that refer to a company name.