Authentication ServiceNow authentication validates the identity of a user who accesses an instance, and then authorizes the user to features that match the user's role or job function. Available authentication methods You can use several different methods to authenticate users. User credentials are matched to different saved credentials for each method. Authentication methods Description Local database The username and password in their user record in the instance database. Multi-provider Single Sign-on (Multi-SSO) and SAML 2.0 The username and password configured in identity providers, which have a matching user account in the database. LDAP The username and password in their LDAP account, which has a matching user account in the database. OAuth 2.0 The username and password of OAuth identity provider, which has a matching user account in the database. Digest Token An encrypted digest of the username and password in the user record. Multifactor The username and password in the database and a passcode sent to the user's mobile device that has Google Authenticator installed. Note: You can use SAML and Digest Authentication through the Multiple Provider SSO application. Multiple-Provider single sign-on (SSO)The Multi-Provider SSO feature allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication.LDAP integrationAn LDAP integration allows your instance to use your existing LDAP server as the master source of user data.SAML 2.0The Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between security domains.OAuth 2.0OAuth 2.0 allows users to access instance resources through external clients by obtaining a token rather than by entering login credentials with each resource request.Digest token authenticationThe digest token authentication passes user credentials and a digest token within an unencrypted HTTP header.Multifactor authenticationMultifactor authentication, also known as two-step verification, is a security requirement that asserts a user enter more than one set of credentials to authenticate to an instance. OKTA SSO integrationAdministrators can enable the Okta SSO integration to provide single sign-on access to instances through Okta. Enable external authenticationYou can enable external authentication on your instance.Limit concurrent sessionsYou can limit the number of concurrent interactive sessions for a user or role on an instance across all nodes.