Multifactor authentication Multifactor authentication, also known as two-step verification, is a security requirement that asserts a user enter more than one set of credentials to authenticate to an instance. The basic level of authentication to an instance is local database authentication—the user enters a username and password combination. Multifactor authentication, in contrast, gives administrators and users the ability to require a second level of authentication—the user must enter a passcode or token in addition to the password. A mobile application on a user mobile device generates the passcode. Users can require multifactor authentication for their own login credentials. Administrators can require multifactor authentication for any user login credentials. Multifactor authentication supports only the Google Authentication mechanism as the token provider. Users should install the recommended Google Authenticator application to their mobile devices. Supported authentication methods You can use multifactor authentication in combination with the following authentication methods: Local Database Authentication (native ServiceNow authentication) SSO with the LDAP integration Authentication methods that are not supported Multifactor authentication is not supported in combination with the following authentication methods: SSO SAML SSO Digest Authentication flow Note: If a user is required to perform a password change while multifactor authentication is enabled on the user profile, the user does not need to enter the authorization code. The user or administrator goes to a user profile in the instances and initiates multifactor authentication. The instance displays a QR code and a QC code number. The user takes a photo of the code with the Google Authenticator application on their mobile device, or manually enters the QC code number in the authenticator application.. A passcode is sent to the user's mobile device. The user enters the passcode to enable multifactor authentication. The next time the user tries to log in, the user looks at the Google Authenticator application to get the latest passcode. The user enters the username and password and appends the passcode to the password. If the username and password + passcode combination are correct, the user is authenticated to the instance. Activate multifactor authenticatorAdministrators can activate the Integration- Multifactor Integration plugin, which is not active by default.Configure multifactor authenticationYou can enable multifactor authentication on the instance and specify how many times users can skip the additional passcode requirement.Require multifactor authentication for a userYou can require multifactor authentication for any user record in the system that you have access to. Set up multifactor authentication upon initial loginIf your administrator enabled multifactor authentication on your profile but you have not yet set up the application, you can set it up upon login.Log on with multifactor authenticationAfter multifactor authentication is enabled for your User profile, you can log in with the addition of the passcode that the Google Authenticator app gives you. Set up multifactor authentication on your own profileYou can set up multifactor authentication on your own User profile.Disable multifactor authentication on your User profileUsers can disable multifactor authentication on their own user profile.Disable multifactor authentication on the User tableYou can disable multifactor authentication for the users that you have access to on the User table.