Two script actions are available that enable a site administrator to manage the number of times a user can provide an incorrect password before being locked out from the ServiceNow AI Platform. You can enable either of these script actions to manage failed login attempts.

Help secure your instance against brute force attacks by defining a time period during which a user cannot attempt to log in after being locked out. The glide.user.unlock_timeout_in_mins system property unlocks the user account after the time period that is specified in it's value. If no value is specified, your instance unlocks the user account after the default period of 15 minutes.

Set the glide.user.unlock_timeout_in_mins system property value to a minimum of 15. If glide.user.unlock_timeout_in_mins does not exist, the default lockout time is set to 15 minutes.

Ensure that the SNC User Lockout Check with Auto Unlock script action (found on the Script Action [sysevent_script_action] table) is present and active. The SNC User Lockout Check with Auto Unlock script action is installed with the High Security Settings (com.glide.high_security) plugin.

More information

AttributeDescription
Configuration name
  • glide.user.unlock_timeout_in_mins (System Property)
  • sysevent_script_action (Script Action)
Configuration type System Policy > Script Actions
Category Authentication
Purpose To enforce strict policy for failed login attempts to avoid brute forcing of credentials.
Recommended value
  • 15 for the glide.user.unlock_timeout_in_mins system property
  • Active for the SNC User Lockout Check with Auto Unlock script action.
Functional impact This remediation would enable administrator of the instance to monitor and report any malicious user access. No functionality impact, only User experience change.
Security risk
  • Severity Score: 6.8
  • Security Risk Details: If the property is not configured to a secure value and the lockout duration is not enabled, then it may be easier to brute force account logins in a faster time frame. This may allow a malicious user to eventually obtain unauthorized access to the instance. Impact on the instance will be limited to the privileged of the affected user login brute-forced.

Steps to configure

  1. Navigate to System Policy > Script Actions.
  2. Search for the name *SNC User.
  3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
  4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.