The ServiceNow® Authentication application supports many authentication mechanisms that enable you to validate the identity of users. Authentication was enhanced and updated in the Vancouver release.

Identity and Authentication highlights for the Vancouver release

  • Audit the users across multiple instances based on user name and email and provide a unique id (federated ID) to the user across instances.
  • Use the ServiceNow® Access Analyzer to determine who has access to what based on instance-defined access controls to enable administrators, developers, and support agents determine what access controls are governing access to a resource (tables), fields, or records.
  • Configure the session access policy to reduce the roles or privileges of the particular session based on the risk related with the session using filter criteria like on the IP, Location, Identity attribute with the zero trust access policy.
  • Configure the authentication policies to restrict access, reduce roles, or enforce MFA based on Geo-location access.
  • Configure the authentication policies to restrict access, reduce roles, or enforce MFA based on Identity Provider attributes that are received from the SAML response.

See Identity and Authentication for more information.

Important information for upgrading Authentication to Vancouver

Authentication report_view access control lists (ACLs) that govern who can see reports in dashboards and elsewhere are enabled by default in the Vancouver release. For more information, see Report_view access control.

New in the Vancouver release

Exploring Federated ID
Audit the users across instances based on the user name and email. Provide a unique ID to the user across instances.
Access Analyzer
Use the ServiceNow® Access Analyzer self-service tool designed for admins, developers, and support agents to examine who has access to what on the Now Platform.
Important: Access Analyzer is available in the ServiceNow Store. For more information, visit ServiceNow Store.
Zero Trust Access
The Zero Trust access - Session Access policy enables administrators to use the Adaptive Authentication policy to reduce the roles or privileges of the particular session.
Note: Zero Trust Access is a paid feature that can be used within Authentication.
Location Filter
The Location filter is a filter criteria in the Adaptive Authentication that the admins can use while crafting the authentication policies based on the physical location of the device accessing the instance.
Note: Location Filter is a paid feature that can be used within Authentication.
Identity Provider Attributes Filter
The Identity Provider (IDP) Attributes received from the SAML response from the Identity Provider can be used as a filter criteria for authentication.

Changed in this release

Access policy for System/Export Processors
Additional processors are added to use the processor access policy to secure non-public processors.
Mobile Authentication App specific auto-redirect IDP
The login URL field is added to the Mobile App OAuth Configuration, which enables admins to configure mobile app specific login experience.

Deprecations

  • The MultiSSO v1 is deprecated. Upgrade to MutliSSO v2 from MultiSSO v1.

    For more information, refer to the MultiSSO v2 upgrade instructions [KB9756504] article in the Now Support knowledge base.

  • The SAML 1.1 and SAML 1.1 Single Sign-On - Update 1 plugin is deprecated. The SAML-based identity providers (IdP) have already migrated to SAML 2.0. To use SAML 2.0, you must install the MultiSSO and configure your identity provider.
  • The OpenID SSO plugin is deprecated. To use OpenID Connect (OIDC), you must install the MultiSSO and configure your OIDC-based identity provider.

Activation information

Authentication is a Now Platform feature that is active by default.

Related ServiceNow applications and features

Platform Security
Platform Security is built into all levels of the Now Platform. Implement the security features that are appropriate for your organization. Manage failed logins and encrypted password protection, access control rules, and audit logs.