Skip to main contentSkip to search
Powered by Zoomin Software. For more details please contactZoomin
Product Documentation | ServiceNowProduct Documentation | ServiceNow
Product Documentation | ServiceNow
  • Home
  • Technical Documentation
  • Release Notes
  • API Implementation
  • Accessibility
  • EnglishDeutsch日本語한국어FrançaisPortuguês
  • CommunityAsk questions, give advice, and connect with fellow ServiceNow professionals.
    DeveloperBuild, test, and deploy applications
    DocumentationFind detailed information about ServiceNow products, apps, features, and releases.
    ImpactAccelerate ROI and amplify your expertise.
    LearningBuild skills with instructor-led and online training.
    PartnerGrow your business with promotions, news, and marketing tools
    ServiceNowLearn about ServiceNow products & solutions.
    StoreDownload certified apps and integrations that complement ServiceNow.
    SupportManage your instances, access self-help, and get technical support.

Washington DC Platform security

Filters

Clear All Filters
Versions
Products
Clear All Filters

Access Control List Rules

Watch
Save as PDF
Save topicSave topic & subtopicsSave entire publication
Share this page
Share to emailCopy latest version URL
Feedback
Print
Table of contents
  • Secure your instance
  • Platform Security
    • Certificates
      • Exploring Certificates
      • Generating an LDAP client certificate
        • Generating a server certificate
      • Uploading a certificate to an instance
        • Uploading a trusted server certificate
    • Code Signing
      • Exploring Code Signing
      • Configuring Code Signing
        • Load required key pairs and certificates for Code Signing
        • Prepare Circle of Trust certificates
        • Import and install certificates for Circle of Trust
        • Turn on Code Signing
        • Create Code Signing key pairs and certificates
        • Specify custom rules in ECC firewall
        • Change your Root of Trust configuration
          • Migrate signatures to use a customer certificate
          • Disable ServiceNow Root of Trust
        • Turn off Code Signing
      • Using Code Signing
        • Standalone signing tool
          • Using the Signing Tool
          • Signing Tool arguments
        • Sign the JDBC data source records in the production instance
        • Sign the REST and SOAP messages in the production instance
        • Sign the Integration Hub integration steps in the production instance
        • Sign specific records or attachments
          • Create a job to sign specific records or attachments on a trusted instance
          • Sign specific records or attachments on a production instance
      • Code Signing reference
        • Properties installed with Code Signing
        • Troubleshooting and accessing logs
    • Security Roles
      • Explicit Roles
      • Elevated privilege roles
        • Security_admin role
        • Elevate to a privileged role
        • Force administrators to manually elevate
    • Security Center
      • Overview
      • Security hardening
        • Hardening score comparison
          • Hardening compliance score trend
        • Hardening settings details
        • Increase hardening compliance score
        • All settings
      • Security scanner
        • Scan comparison
        • Scan checks
        • Create new suite
          • Clone the auditor suite
        • Scan findings
      • Security metrics
        • My security metrics dashboard
          • Configure security metrics to send email when thresholds are triggered
          • Customize the security metrics dashboard
        • All security metrics
        • Adaptive authentication security metrics
        • Privileged Users
        • Users
        • Privileged Identity
        • Authentication metrics
        • Integration Accounts
        • Export
        • Antivirus
        • Email
        • Active Sessions
        • Session management
      • Customer Actions
        • Implement steps for customer actions
        • View activity of Customer Actions
      • Security Best Practices
        • Complete a security best practice
        • View activity of a best practice
        • View data of completed best practices
        • Apply filters to the security best practices table
      • Security learning
    • Instance Security Center
      • Instance Security Center to ServiceNow Security Center migration
        • Hardening setting updates for SSC
        • Security KPI and metrics updates for SSC
        • Security scanner updates in SSC
        • New security features in SSC
      • Monitor security events
        • Configure the security event ribbon
        • Set preferences for security event notifications
      • Check the daily compliance score and configure security property settings
        • Adjust instance security settings to increase compliance
        • How Daily Compliance score, trend, and graph data is refreshed
        • PCI compliance score dashboard
        • PCI configuration controls score dashboard
      • Scan for incorrect security definitions
      • Monitor instance metrics
        • User metrics
        • Export metrics
          • Export metrics settings
        • Authentication Metrics
        • Adaptive authentication metrics
        • Email metrics
          • Designate email domains as untrusted or trusted
        • Antivirus metrics
        • MFA metrics dashboard
      • Activate the ISC Virtual Agent interface
      • Other settings and security resources
        • Logging, auditing, and errors
          • Disabling SQL error messages
        • Other security hardening resources
      • Instance Security Hardening Settings
        • Access Control
          • Access to GlideSystemUserSession scriptable API
          • Authorization for script execution
          • Basic auth: JSONv2 requests
          • Basic auth: SOAP requests
          • Block access for delegated developer
          • Check UI action before execution
          • Contextual Security: Role Management plugin
          • CSV request authorization
          • Default deny
          • Double check inbound transactions
          • Enable ACLs to control live profile details
          • Enabling AJAXGlideRecord ACL checking
          • Excel request authorization
          • Explicit Role plugin
          • Import request authorization
          • PDF request authorization
          • Performance monitoring (ACL)
          • Performance monitoring IP restriction
          • Privacy on client-callable script includes
          • Disable public access to favorites [Updated in Security Center 1.3]
          • Restrict access to specific IP ranges
          • RSS request authorization
          • SAML 2.0 web browsr SSO profile
          • Script request authorization
          • Security jump start (ACL rules)
          • SNC Access Control plugin
          • SOAP content type checkin
          • Strict IP restriction
          • Unload request authorization
          • WSDL request authorization
          • XML request authorization
          • XSD request authorization
        • Attachments
          • Downloadable MIME types
          • Enable exclusion list for attachments
          • Enable file download restrictions
          • Enforce strict user image upload
          • Force download MIME types
          • Restrict file extensions
          • Restrict unauthenticated access to attachments
          • Specify denied extensions
          • Specify denied file types
          • Specify downloadable file types
          • Upload MIME type restriction
        • Email security (instance security hardening)
          • Convert inbound email HTML
          • Email scoring and filtering
          • Restrict access to emails with empty target table
          • Restrict emails by domain for user creation
        • Input validation
          • Allow embedded HTML code
          • Allow JavaScript tags in embedded HTML
          • Check Unsanitized Html (instance security hardening)
          • Client generated scripts sandbox
          • Enable AJAXEvaluate
          • Escape Excel formula
          • Escape HTML
          • Escape Javascript
          • Escape Jelly
          • Escape XML
          • HTML sanitizer
          • Jelly/JS interpolation
          • SOAP request strict security
        • Secure communications
          • Certificate trust
          • Disabling SSLv2/SSLv3
          • HTTP client hostname verification
          • Revoked certificate verification
        • Security best practices
          • Auto set Content Type options [Removed in Security Center 1.3.3]
          • Cache-Control HTTP header value
          • Enforce security on reports
          • High security plugin
          • Individual login IDs
          • Mobile UI obfuscation
          • Patches and updates
          • Remove demo data
        • Security inclusion listing
          • Check allow list member calls
          • Check allow list package calls
          • Enable URL allow list for cross-origin iframe communication
          • Enforce relative links
          • Packages call removal tool
          • Specify URL allow list for cross-origin iframe communication
          • URL allow list for logout redirects
          • Virtual agent embedded client content security policy
          • Virtual agent embedded client X-Frame-Options
          • X-Frame-Options: SAMEORIGIN
          • XML external entity processing validation
            • For XMLDocument and XMLUtil parsing
              • Setting entity expansion threshold
              • XMLdoc/XMLUtil entity validation with allow list
            • For XMLDocument2 parsers
              • Disable entity expansion
              • XMLdoc2 entity validation with allow list
          • XML external entity processing - allow list
        • Session management
          • Absolute session timeout
          • Anti-CSRF token
          • Change default credentials
          • Cookie HTTP only
          • CSRF strict validation
          • Disable password-less authentication
          • Enable multi-factor authentication (MFA)
          • Set role-based multi-factor authentication criteria
          • Enforce strong passwords
          • Managing failed login attempts
          • Password field auto-complete
          • Remove credentials from welcome page
          • Remove remember me
          • Rotate HTTP session identifiers
          • Secure session cookies
          • Security referral policy
          • Session activity timeout
          • Session window timeout
          • Set complex default password
        • Other settings and security resources
          • Logging, auditing, and errors
            • Disabling SQL error messages
          • MID server secure deployment guide
            • Physical security
            • Virtual infrastructure security
            • Operating system security
            • Network security
              • Firewall
            • Administration and Management
              • Create an account with a mid_server role
              • Setting up a MID server on a Windows host
              • Windows Discovery and Orchestration credentials
              • Linux Discovery and Orchestration credentials
              • Encrypt MID server login credentials
              • Set the minimum size of DH Group to 2048 bits
              • Disable outbound SSL
              • Disable weaker algorithms
          • Revertible behavior
            • Safe override
            • No DB override
          • Deprecated security properties
            • Collection mode override (deprecated)
            • SMTP authentication (deprecated)
          • Using JavaScript Content Access Control
          • Other security hardening resources
    • Hardening settings
      • Hardening settings baseline
        • New hardening settings for baseline version 4.0
          • New hardening settings for baseline version 2.0
        • Updated hardening settings for baseline version 4.0
          • Updated hardening settings
        • Deleted hardening settings for baseline version 4.0
          • Deleted hardening settings
      • Access control
        • Anti-CSRF token validation time [New in Security Center 1.3]
        • Apply domain separation on dot walked fields [Updated in Security Center 1.3 and 1.5]
        • Enable scoped admin application ACLs [Updated in Security Center 1.3]
        • Enable work order management query rules for service organizations [New in Security Center 1.5]
        • Block access for delegated developers
        • Block Expired Anti-CSRF Tokens [Updated in Security Center 1.5]
        • Check UI action conditions before execution
        • Configure event management assignment group admin roles [New in Security Center 1.5]
        • Deny internal access to explicit external roles [Updated in Security Center 1.3 and 1.5]
        • Deny unauthorized access to request items [Updated in Security Center 1.3]
        • Enable Anti-CSRF token [New in Security Center 1.3 and updated in 1.5]
        • Ensure archive table ACLs are checked [New in Security Center 1.3 and updated in 1.5]
        • Enable contextual security plugin [Updated in Security Center 1.3]
        • Enforce security scope license and permit playbook [New in Security Center 1.5]
        • Enforce Security Scope for Agent Workspace for HR Case Management [New in Security Center 1.5]
        • Prevent Users From Accepting Warning To Bypass CSRF Validation [Updated in Security Center 1.3 and 1.5]
        • Restrict delegated developers read access [Updated in Security Center 1.3]
        • Disable inbound emails for locked out users
        • Double check inbound transactions [Updated in Security Center 1.3]
        • Enable ACLs to Control Live Profile Details [Updated in Security Center 1.3]
        • Enable URL allowlist for cross-origin iframe communication
        • Enforce application scope restrictions [New in Security Center 1.3 and removed in 1.5]
        • Enforce security rules to sharing dashboards [New in Security Center 1.3]
        • Enforce scope security for public sector digital services [New in Security Center 1.3]
        • Enforce scoped ACL access for information request playbooks [New in Security Center 1.3 and updated in 1.5]
        • Enforce strict elevate privilege [New in Security Center 1.3]
        • Require AJAXGlideRecord ACL checking [Updated in Security Center 1.3]
        • Enforce field level ACLs in GlideRecordSandbox
        • Enforce credential alias usage [New in Security Center 1.3 and updated in 1.5]
        • Enforce GroupBy ACLs
        • Ensure dashboards creation/deletion requires access check [New in Security Center 1.3]
        • Enforce oauth state parameter validation
        • Enforce Strict User Image Upload
        • Restrict email domains for external user registration [Updated in Security Center 1.3 and 1.5]
        • Enable High Security Plugin [Updated in Security Center 1.3]
        • Honor Admin Override ACLs
        • Prevent inactive users from logging in [New in Security Center 1.5]
        • Restrict JSONP requests to trusted URLs [Updated in Security Center 1.3]
        • Disable raw database query execution [Updated in Security Center 1.3]
        • Hide user comments on articles [New in Security Center 1.3]
        • Require authentication by default for client-callable script includes [Updated in Security Center 1.3]
        • Enforce production instance behavior [Updated in Security Center 1.3 and 1.5]
        • Restrict access to background script [Updated in Security Center 1.3]
        • Restrict access to emails with empty target table
        • Restrict access to specific IP ranges plugin [Updated in Security Center 1.3]
        • Restrict knowledge bases access [New in Security Center 1.3]
        • Restrict permissions for CMDB model [Updated in Security Center 1.3 and 1.5]
        • Restrict unauthenticated access to attachments
        • Restrict access to custom journal entries [Updated in Securty Center 1.3]
        • Restrict flow context read access [New in Security Center 1.5]
        • Enable security jump start plugin (ACL Rules) [Updated in Security Center 1.3]
        • Use of secure insert multiple operation within import set API [New in Security Center 1.3]
        • Enforce SOAP request strict security [Updated in Security Center 1.3]
        • Required jms connection factories [New in Security Center 1.3 and updated in 1.5]
        • Review extraneous explicit role access control conditions [Removed in Security Center 1.5]
        • Set guest user for soap requests [Updated in Security Center 1.3]
        • Enable SNC access control plugin [Updated in Security Center 1.3]
      • API and web service
        • Validate SOAP content type [Updated in Security Center 1.3]
        • Require authorization for pdf requests [Updated in Security Center 1.3]
        • Require Authentication on Event Management HTTP Processor [New in Security Center 1.3 and updated in 1.5]
        • Require authorization for SOAP requests [Updated in Security Center 1.3 and 1.5]
        • Require authorization for unload requests [Updated in Security Center 1.3]
        • Require authorization for csv requests [Updated in Security Center 1.3]
        • Require authorization for excel requests [Updated in Security Center 1.3]
        • Require authorization for import requests [Updated in Security Center 1.3]
        • Require authorization for JSONv2 request [Updated in Security Center 1.3]
        • Require authorization for WSDL request [Updated in Security Center 1.3 and 1.5]
        • Require authorization for XML requests [Updated in Security Center 1.3]
        • Require authorization for XML output requests [Updated in Security Center 1.3]
        • Require Authorization for XSD Requests [Updated in Security Center 1.3]
        • Require authorization for script requests [Updated in Security Center 1.3]
        • Require authorization for SCHEMA requests [Updated in Security Center 1.3]
        • Require authorization for RSS requests [Updated in Security Center 1.3]
        • Require authorization for API requests [Updated in Security Center 1.3]
      • Architecture, design, and threat modeling
        • Certificate based authentication not enforced [New in Security Center 1.3]
        • Check impersonation on ACL evaluation in HR App [New in Security Center 1.3 and updated in 1.5]
        • Disable unauthenticated published reports
        • Enforce field ACLs for inbound query requests
        • Enforce read ACLs on report views
        • Define allowed ServiceNow internal IP addresses [Updated in Security Center 1.3 and 1.5]
        • Disable legacy JQuery behavior [Updated in Securty Center 1.3]
        • Enable GlideRecord Scope Fencing Legacy Behavior [New in Security Center 1.3 and updated in 1.5]
        • Disable legacy AngularJS behavior [Updated in Security Center 1.3]
        • Disable public access to favorites [Updated in Security Center 1.3]
        • Require authorization for data broker rest API [Updated in Security Center 1.3]
        • Deny by default with empty ACLs [Updated in Securty Center 1.3]
      • Authentication
        • Activate role-based multi-factor authentication [Updated in Security Center 1.3]
        • Enable account recovery (Plugin Applicability: Multiple Provider Single Sign-On) [Updated in Security Center 1.3 and 1.5]
        • Require obfuscation of classic mobile app UI [Updated in Security Center 1.3]
        • Disable password-less authentication
        • Do not apply password policy at login [Updated in Security Center 1.5]
        • Enable blacklisted passwords validation check
        • Enable Captcha for External User Registration [Updated in Security Center 1.3 and 1.5]
        • Enable CAPTCHA in password reset
        • Enable email OTP for multi-factor authentication
        • Enable password reset policy checks
        • Enable policy based session access for mobile [New in Security Center 1.5]
        • Enable SSL in LDAP authentication [Updated in Security Center 1.5]
        • Minimize external user registration link expiration duration [Updated in Security Center 1.3 and 1.5]
        • Managing unlock timeout after failed logins [Updated in Security Center 1.3]
        • Maximize failed login unlock timeout duration [Updated in Security Center 1.3]
        • Require obfuscation of mobile app UI [Updated in Security Center 1.3]
        • Notify users during password reset/change process [Removed in Security Center 1.5]
        • Remove credentials from Welcome page
        • Minimize reset password max SMS per day [Updated in Security Center 1.3]
        • Minimize reset password request expiration duration [Updated in Security Center 1.3]
        • Minimize reset password request max attempt allowance [Updated in Security Center 1.3]
        • Minimize reset password request max attempts window duration [Updated in Security Center 1.3]
        • Maximize reset password request retry window duration [Updated in Security Center 1.3]
        • Minimize reset password request success window duration [Updated in Securty Center 1.3]
        • Maximize reset password request unlock window duration [Updated in Security Center 1.3]
        • Maximize reset password SMS complexity [Updated in Security Center 1.3]
        • Minimize reset password SMS expiracy duration [Updated in Security Center 1.3]
        • Maximize reset password SMS pause window duration [Updated in Security Center 1.3]
        • Maximize reset password verification delay duration [Updated in Security Center 1.3]
        • Minimize SAML notBefore or notOnOrAfter constraint duration [Updated in Security Center 1.3 and 1.5]
        • Disable creating users from incoming emails [Updated in Securty Center 1.3]
        • Activate role based multi-factor authentication [Updated in Security Center 1.3]
        • Set minimal password length
        • Set OTP lifetime for password reset to 12 hours or less [Updated in Security Center 1.3]
        • Minimize one-time out of band verifier lifetime duration [Updated in Security Center 1.3]
        • Enforce device encryption and passcode requirements [New in Security Center 1.3]
        • Require captcha for guest walk-up experience in customer service application [New in Security Center 1.3 and updated in 1.5]
        • Enable SMS code notification for enrollment and verification [Updated in Security Center 1.3]
      • Business Logic
        • Limit max comments per user per day
        • Limit max subscriptions per user per day
        • Minimize SMTP Recipient Quantity [Updated in Security Center 1.3]
        • Validate remote host
      • Communications
        • Enforce certificate trust [Updated in Security Center 1.3]
        • Disable outbound SSLv2/SSLv3 connections [Updated in Security Center 1.3]
        • Do not use demo certificates for active saml configurations [Updated in Security Center 1.5]
        • Enforce OCSP check on network error [New in Security Center 1.3]
        • Verify certificate chain and hostname [New in Security Center 1.3]
        • Verify certificate revocation [New in Security Center 1.3]
      • Configuration
        • Auto set content type options [Removed in Security Center 1.3.3]
        • Cache-Control HTTP Header Value [Updated in Security Center 1.3 and removed in 1.5]
        • Disable chat server debugging
        • Disable locked form elements debugging
        • Disable MultiSSO Debugging [Updated in Security Center 1.3 and 1.5]
        • Disallow target cloning [New in Security Center 1.3]
        • Disable soap fault stack trace display
        • Restrict performance monitoring access
        • Enable updated version of MultiSSO plugin [Updated in Security Center 1.3 and 1.5]
        • Enforce secure referrer policy [New in Security Center 1.3]
        • Implement the x-frame-options: SAMEORIGIN security header [Updated in Security Center 1.3]
        • Require write access to access service catalog add item page [New in Security Center 1.3]
        • Set Xframe options to prevent embedding third-party websites [Updated in Security Center 1.3]
      • Data protection
        • Remove remember me
        • Require clearing pasteboard when backgrounding mobile application [New in Security Center 1.3 and updated in 1.5]
        • Restrict HR case updates from personal emails [New in Security Center 1.3 and updated in 1.5]
        • Restrict oauth parameters to post body [New in Security Center 1.3]
      • Error handling and logging
        • Disable logger for low privilege users in script sandbox [Updated in Security Center 1.3]
        • Disable secure cookie debugging
        • Disable SQL Error Messages [Updated in Security Center 1.3 and 1.5]
        • Enable MID audit log [New in Security Center 1.3 and updated in 1.5]
        • Enable protected tables plugin [New in Security Center 1.3]
        • Log all outbound http request fields [Removed in Security Center v1.3.2]
        • Log html sanitization
        • Log session audit events [New in Security Center 1.3 and updated in 1.5]
        • Log user impersonation [Updated in Security Center 1.3]
        • Turn off verbose SQL error messages for import processor [Updated in Security Center 1.3]
      • File and resources
        • Disallow infected file download [Updated in Security Center 1.5]
        • Enable email spam scoring and filtering [Updated in Security Center 1.3]
        • Enable antivirus scan
        • Restrict downloadable files types in static content [Updated in Security Center 1.3]
        • Limit attachment size in training and prediction flows for GraphQL endpoints [New in Security Center 1.3 and updated in 1.5]
        • Limit attachment size in training and prediction flows [New in Security Center 1.3 and updated in 1.5]
        • Limit HTTP response body size [New in Security Center 1.3 and updated in 1.5]
        • Limit maximum number of attachments in email
        • Maximum allowed attachment size [Updated in Security Center 1.3]
        • Validate file mime type in AttachmentCreator soap web service [New in Security Center 1.3 and updated in 1.5]
      • Malicious code
        • Block rooted or jailbroken mobile devices
        • Enable Code Signing for application configuration data and scripts [Removed in Security Center 1.3]
        • Disable ServiceNow root of trust [Removed in Security Center 1.5]
      • Session management
        • Minimize absolute session timeout duration [Updated in Security Center 1.3]
        • Define active session timeout exception roles [New in Security Center 1.3]
        • Enable UserCookie version 3.1 [Updated in Security Center 1.3]
        • Enforce password reset on api requests [Updated in Security Center 1.5]
        • Enable HTTP Only Cookie Flag [Updated in Security Center 1.3]
        • Minimize concurrent interactive session quantity [Updated in Security Center 1.3]
        • Limit concurrent sessions across all nodes [Updated in Security Center 1.3]
        • Limit concurrent sessions plugin
        • Limit guest's active session life span [New in Security Center 1.3]
        • Limit concurrent interactive sessions [Updated in Security Center 1.3]
        • Limit integrations' active session life span [New in Security Center 1.3]
        • Limit policy based session access mobile refresh token interval [New in Security Center 1.5]
        • Limit UI active session life span [New in Security Center 1.3]
        • Proactively invalidate inactive sessions [New in Security Center 1.3 and updated in 1.5]
        • Rotate HTTP session identifiers
        • Minimize concurrent interactive session quantity [Updated in Security Center 1.3]
        • Minimize session activity timeout duration [Updated in Security Center 1.3]
        • Minimize session window timeout duration [Updated in Security Center 1.3]
      • Stored cryptography
        • Enable glide KMF encrypter [Removed in Security Center 1.3.2]
      • Validation, sanitization, and encoding
        • Restrict access to GlideSystemUserSession scriptable API [Updated in Security Center 1.3]
        • Disable JavaScript tags in embedded HTML [Updated in Security Center 1.3]
        • Enable the hardened java security manager [New in Security Center 1.3]
        • Enforce HTML Sanitization [Updated in Security Center 1.3]
        • Enforce client generated scripts sandbox [Updated in Securty Center 1.3]
        • Convert Inbound Email Images to Attachments [Updated in Security Center 1.3 and removed in 1.5]
        • Disable AJAXEvaluate
        • Disable Entity Expansion within the XMLDocument2 Streaming Parser [Updated in Security Center 1.5]
        • Disable external content url
        • Define restricted downloadable MIME types [Updated in Security Center 1.3 and 1.5]
        • Disable embedded HTML code [Updated in Security Center 1.3]
        • Enable HTML Sanitizer within Virtual Agent [Updated in Security Center 1.3 and 1.5]
        • Enable Jelly JS Interpolation Protection
        • Enable Jelly JS interpolation protection for nested expressions
        • Enforce relative links [Updated in Security Center 1.3 and 1.5]
        • Enforce URL allowlist check [Updated in Security Center 1.3 and 1.5]
        • Escape Excel Formulas [Updated in Security Center 1.3]
        • Escape HTML in list views [Updated in Security Center 1.3 and 1.5]
        • Escape JavaScript [Updated in Security Center 1.3]
        • Escape jelly script [Updated in Security Center 1.3 and 1.5]
        • Escape scripts in scratchpad [Updated in Security Center 1.3]
        • Escape XML markup [Updated in Security Center 1.3]
        • Escape xml response
        • Enable HTML Sanitizer [Updated in Security Center 1.3]
        • Restrict allowed Java packages [Updated in Security Center 1.3]
          • Packages call removal tool
        • Unset LDAP Initial distinguished name [Updated in Securty Center 1.3]
        • Enforce strict security of session cookies [Updated in Security Center 1.3]
        • Minimize Entity Expansion Threshold for GlideXMLUtil Scriptable [Updated in Security Center 1.3 and 1.5]
        • Restrict Downloadable MIME types [Updated in Security Center 1.3]
        • Restrict uploaded MIME types [Updated in Securty Center 1.3]
        • Restrict XML external entities [Updated in Security Center 1.3]
        • Require XMLdoc2 entity validation with allowlistDisable entity expansion [Updated in Security Center 1.3]
        • Set safe content security policy for svg files [New in Security Center 1.3]
    • Encryption and Key Management
      • Encryption and Key Management subscription bundle
      • Key Management Framework Reference
        • Cryptographic module overview
        • Module access policy overview
        • Instance level keys in the Key Management Framework
        • Cryptographic specification
        • Key Management Framework key lifecycle states
        • Roles installed with Key Management Framework
        • Configure field encryption settings to select key type
        • Create a cryptographic module
          • Create a cryptographic specification
          • Configure key lifecycle states
          • Generate a ServiceNow cryptographic key
        • Create a module access policy
        • Module access policy visualization
        • Module access policy debugger
        • Create a cryptographic module life-cycle policy
          • Create module lifecycle policy exceptions
      • Key management actions
        • View and manage keys
        • Rotate keys
      • Import a key from a web service
      • Key Management Framework Health
      • Prepare your instance for GlideEncrypter deprecation
      • Deprecate GlideEncrypter usage of 3DES for password2 fields
      • Key Management Framework Resource Exchange
        • Key Management Framework Key Exchange
        • Configure Key Exchange
        • Rekey ciphertext with Key Exchange
        • Recurring Key Exchange walkthrough
      • Column Level Encryption
        • Prevent users from attaching unencrypted files
        • Column Level Encryption Guided Tour
      • Column Level Encryption Enterprise
        • Activate Column Level Encryption Enterprise
        • Migrating to Column Level Encryption Enterprise
        • Column Level Encryption migration status page
        • Create cryptographic module for Column Level Encryption
        • Using multiple encryption modules
        • Create a cryptographic specification for Column Level Encryption
        • Configure advanced algorithms for Column Level Encryption Enterprise
        • Configure properties for customer-supplied keys
          • Wrap your customer-supplied key
          • Configure and upload your customer supplied key
        • Encrypting fields and attachments
          • Set encrypted field configurations
          • Script access for cryptographic modules
            • Configure script access to encrypted data
              • View declined cryptographic module usage requests
          • Schedule mass encryption, decryption, and rekeying jobs
          • Run mass encryption or decryption
        • Column Level Encryption Enterprise examples
      • Infrastructure Security
        • Generate a Certificate Signing Request
      • Password2 encryption with the Key Management Framework (KMF)
      • Cloud Encryption with Key Management
        • Key management operations
        • Quorum Control Policy
          • Configure Quorum Control Policy Settings
          • Manage Quorum Control
            • Approve or deny a quorum control request
        • Key management transactions
        • Cloud Encryption logging
        • Tamper Detection
      • Database Encryption
        • Exploring Database Encryption
        • Requesting database key rotation
        • Database Encryption with Customer-Controlled Switch
      • Full disk encryption
      • Edge Encryption
        • Exploring Edge Encryption
          • Edge Encryption components
          • Edge Encryption clients
          • Key management for Edge Encryption
            • SafeNet key versioning for Edge Encryption
          • Encryption configurations and patterns
          • Installed with Edge Encryption
        • Planning for Edge Encryption
          • Edge Encryption system requirements
          • Sizing your Edge Encryption environment
          • Calculate the order-preserving and tokenization database size
          • Edge Encryption limitations
        • Installing Edge Encryption
          • Request Edge Encryption
          • Set up an Edge Encryption user account
          • Download the Edge Encryption proxy server
          • Install the Edge Encryption proxy server using the interactive installer
            • Install the Edge Encryption proxy server (interactive installer)
            • Configure CyberArk properties protection
            • Configure the signature key
            • Configure the HTTPS certificate
            • Configure the AES 128-bit encryption key
            • Configure the AES 256-bit encryption key
            • Update SSL certificate
            • Configure the Edge Encryption proxy database
            • Launch the Edge Encryption proxy server
            • Verify and troubleshoot the Edge Encryption proxy server installation
          • Install the Edge Encryption proxy server using the command line installer
            • Install the Edge Encryption proxy server (command line installer)
            • Create and configure the RSA key pair for the digital signature
            • Import and configure the certificate for secure SSL connection
            • Set up a keystore and encryption keys
              • Set up a Java KeyStore keystore
                • Create encryption keys using the Java KeyStore keytool
              • Set up a SafeNet KeySecure keystore
              • Set up Unbound Technology keys
              • Create an encryption key stored in a file
            • Configure encryption keys on the instance
            • Configure additional properties in the Edge Encryption properties file
            • Configure a web proxy
            • Set the proxy server initial memory limit and upper bound memory limit
            • Start the Edge Encryption proxy
            • Obfuscate passwords in the properties file
            • Manually add an additional proxy
          • Authenticate an Edge Encryption proxy server
          • Stop the Edge Encryption proxy
          • Uninstall the Edge Encryption proxy on Linux
          • Uninstall the Edge Encryption proxy on Windows
          • Set up multiple provider SSO with Edge Encryption
          • Edge Encryption proxy server properties
          • CyberArk integration with the Edge proxy server
          • Using a load balancer with the Edge proxy server
        • Upgrading Edge Encryption
          • Schedule an Edge Encryption proxy server upgrade
          • Manually upgrade an Edge Encryption proxy server running on Linux
          • Manually upgrade an Edge Encryption proxy server running on Windows
          • Roll back an Edge Encryption proxy server upgrade
        • Configuring Edge Encryption
          • Rotate encryption keys
          • Encrypt fields using encryption configurations
          • Encrypt attachments using standard encryption
          • Change a field or attachment's encryption type
          • Tokenize strings using encryption patterns
          • Repair or recover order-preserving encrypted data
          • Configure the IP address deny list
          • Encrypt data from a record producer
          • Define a custom encryption rule
            • Inspect the client request
            • Create an encryption rule
            • Encryption rule conditions
            • Encryption rule actions
            • Encryption rule objects and APIs
              • request
              • POST and URL parameter APIs
              • XML APIs
                • XMLContent
                • XMLElementIterator
                • XMLElement
              • JSON APIs
                • JsonNode
                • JsonNodeIterator
              • print(String message)
              • Prohibited keywords
          • Edge Encryption dictionary attributes
          • Domain separation and Edge Encryption
          • Data integration with Edge Encryption
            • Edge Encryption ODBC driver integration
            • Edge Encryption MID Server integration
          • Edge Encryption diagnostics and performance
          • Increase debug logging for the Edge Encryption proxy
    • Logs
      • System logs
        • System log
        • Transaction logs
          • Client transaction timings
        • Push logs
        • System email log and mailboxes
        • Event logs
        • Import logs
        • System Diagnostics module
        • Customer Updates table
        • Log history
        • Use the log file browser
        • Enhanced logging security
        • Avoid log tampering
          • Configuring the log protection plugin
          • Create log protection property
      • Log Export Service (LES)
        • Log Export Service roles
        • Log sources
        • Create a log source configuration
        • Kafka consumer
        • MID server consumer
        • Set up a secure connection to the Hermes Messaging Service for LES
        • Review daily log export by source report
      • Logging, auditing, and errors
        • Disabling SQL error messages
    • Secrets Management
      • Exploring Secrets Management
        • Understanding client side Secrets Management
      • Configuring client accessible secrets
        • Create encryption keys and certificate
        • Add your certificate to the ServiceNow Trusted Key Store
        • Create a secret group with criteria
        • Create credentials and test credential encryption
        • Upload the public/private keypair to the MID Server
        • Configure Flow Designer to manage the integration
        • Test the end-to-end client-side encrypted secrets integration
        • Test a Windows Management Instrumentation credential encrypted with Secrets Management
      • Secrets management dashboard
        • Secrets management roles
        • Create a secret group cryptographic module
        • Create a basic secret group
        • Create a secret group with criteria
        • Upload a public key for Secrets Management
        • Run secrets management security jobs
    • ServiceNow Vault
  • Platform Privacy
    • Access Control List Rules
      • Exploring Access Control Lists
        • ACL rule types
        • ACL control of function fields
        • Security jump-start - ACL rules plugin
      • Configuring an ACL rule
        • Query ACLs
        • Secure records in an embedded list
      • Contextual Security Manager
        • Prevent duplicate entries with Contextual Security: Role Management V2
        • Upgrade to Contextual Security: Role Management V2
        • Enable role auditing with Contextual Security: Role Management V2
        • Double-check form submission
        • Default deny property
      • Advanced ACL configuration
        • Provide external users access to a table
        • Apply ACL script conditions to reference fields
        • Apply ACLs to AJAXGlideRecord (client-side Glide record)
        • Evaluate the admin override at the access level
        • ACL debugging tools
          • ACL troubleshooting reference
          • ACL configuration watcher
            • Show ACL execution plan
            • Use the ACL configuration watcher
    • Security Attributes Homepage
      • Security Attributes Fundamentals
      • Create Security Attributes
        • OOB(Out-of-Box) Security Attributes
        • Compound Security Attributes
      • Security Attribute Scope
    • Field Query Roles and Restrictions
      • Configure a Field Query Role
      • Configure Field Query Restrictions
    • Data Classification
      • Exploring Data Classification
      • Installing Data Classification plugin demo data
      • Creating data classifications
      • Assigning data classifications to dictionary entries
      • Analyzing data classifications using the Overview dashboard
      • Domain separation and Data Classification
    • Data filtration
      • Exploring Data filtration
      • Activating data filtration
      • Creating data filtration rules
        • Add a data filter for your data filtration rule
        • Add subject attributes to your data filtration rule
      • Creating subject criteria
        • Create a subject criteria input
        • Create a subject criteria condition
      • Data filtration debugging
    • Data Privacy
      • Exploring Data Privacy
      • Domain separation and data privacy
      • Supported field types for anonymization
      • Data privacy roles
      • Data privacy (Classic)
        • Activate data privacy (Classic)
        • Installed with data privacy (Classic)
        • Data privacy (Classic) configuration
          • Create a data privacy technique configuration
          • Create a data privacy policy
          • Configure a data privacy job
          • Data privacy job rollback
            • Roll back a data privacy job
        • Data privacy clone
          • Configure data privacy clone request
      • Data privacy
        • Data privacy overview
        • Activate data privacy
        • Data classification
          • Create data classifications
          • Classify data
        • Data anonymization
          • Create anonymization techniques
          • Create anonymization policies
            • Configure data anonymization clone request
          • Create anonymization job
          • Data privacy job rollback
            • Roll back a data privacy job
        • Data Privacy API
    • Data Discovery
      • Exploring Data Discovery
      • Activating Data Discovery
      • Classify data in Data Discovery Findings page
      • Data Discovery jobs
        • Configure a Data Discovery job
        • Configure Data Discovery patterns
          • Default data patterns
        • Configure Data Discovery target table
      • Data Discovery roles
      • Data Discovery job results
      • Data Discovery API
      • Data Discovery supported data types
    • Domain separation for service providers
      • Exploring domain separation
        • Configuration that can be delegated to internal or external customers
        • Domain assignment
        • Visibility domains and Contains domains
        • Domain scope
        • Concepts for service providers
          • Global queue v.2
          • Service provider connector
        • Installed with domain separation
      • Application support for domain separation
      • Domain separation recommended practices for service providers
        • Domain separation explained
          • Domain separation value proposition
          • Definition of domain separation
        • Domain separation hierarchies
        • Context and domain separation
        • Segregating and securing data with domain separation
          • Cross tenant intelligence
        • Alternatives to domain separation
        • Evaluating the need for domain separation
        • Benefits of domain separation
        • How a database query works with domain separation
        • Domain separation levels of support
        • Service provider reference architecture
          • Service provider reference architecture decision trees
          • Service provider reference architecture for dedicated instances
          • Service provider reference architecture for hybrid
          • Service provider reference architecture for Service Integration Management (SIAM)
        • Domain separation terms
        • Domain-separate a custom table
        • Customizing domain properties and themes
        • Managing domain separation for specific uses
        • Configuring domain separation with the domain picker
        • Domain separation performance considerations
        • Setting up domain hierarchies
        • Checking domain logs for errors and warnings
        • Importance of the Default domain
        • Contains queries and domain access
        • Domain paths query method
        • Slow queries and SQL debugging
        • Before Query business rules
        • Avoiding domain path in scripts
        • Domain assignments
        • Domain separation and the Customer Service Management (CSM) plugin
      • Domain Separation Help
      • Domain separation setup and administration
        • Configuration that can be delegated to internal or external customers
        • Request domain separation
        • Domain separation plugin
        • Domain system properties and user preferences
        • Create a domain
        • Make a domain the default
        • Manually manage the domain for particular records
        • Domain Separated Tables
        • Domain Override Viewer
        • Enable or disable a domain
        • Add a domain field to a table
        • View domain relationships
          • Select a primary domain
          • Create Contains relationships between domains
          • Expand domain scope
            • Add domains to a visibility domains list
            • Grant visibility domains to an individual user
        • Create a domain-specific choice list
        • Advanced domain separation administration
          • Use domain selection menus
            • Enable domain selection menus in Core UI
            • Restrict access to the domain picker
          • Domain separation application properties
        • Domain Migration Tool
        • Process administration
          • Sample process administration with domain specific applications
        • Enable verbose domain logging and debug messages
          • View a real-time domain message
          • View a historical domain message
          • Troubleshoot domain separation errors
      • Domain Separation Center
        • Configure the Domain Separation Center
        • Configure audits
        • Schedule audits
        • Execute audits immediately
        • View audits with warnings and errors
        • View running and pending results
        • View inactive audits
  • Identity
    • Access Analyzer
      • Exploring Access Analyzer
      • Using Access Analyzer
        • Using Evaluate access
          • View permissions for a user
          • View permissions for a role
          • View permissions for a group
          • Export Access Analyzer queries
        • Comparing user records
        • Comparing user access
        • Viewing Access Analyzer queries - Previously searched criteria
      • Permission evaluation
      • Frequently Asked Questions
        • Access Analyzer Debug logs
    • Global Identity
      • Exploring Federated ID
      • Accessing Federated ID Criteria
      • Updating ID fields
    • Identity and Access Audit
      • Exploring Identity and Access Audit
      • Identity Audit Results
        • User Trails
        • Group Trails
        • Role Trails
        • ACL Trails
      • Security Auditable Fields
        • Configuring Tables and Fields
        • Configure Retention Period
      • Fields supported and not supported for Identity Access and Audit
    • Identity Center
      • Exploring Identity Center
      • Activating the Identity Center
      • Identity Center for users
        • View Active Sessions
        • View Login History
        • View Registered Mobile Devices
      • Identity Metrics for administrators
    • System for Cross-domain Identity Management (SCIM)
      • SCIM Provider
        • Exploring SCIM Provider
        • Activating the SCIM plugin
        • Tutorial: Configure SCIM for user provisioning with a Provider
          • Provisioning user using Basic Authentication
          • Provisioning user using OAuth
          • SCIM Troubleshooting
        • SCIM customization
          • SCIM customization properties and schemas
          • Create a SCIM Extension schema
          • Create a SCIM ETL definition
          • Handling unmapped fields
        • Creating a source definition
      • SCIM Client
        • Exploring SCIM Client
        • Activate the SCIM Client plugin
        • SCIM Client properties, tables, scriptable APIs, and logs
        • Create a REST message
        • Create a SCIM Provider
        • Create a SCIM Provider Resource Mapping
          • Create a SCIM attribute mapping
          • Attribute Mapping references
        • SCIM Client troubleshooting
  • Access Management
    • Authentication
      • Adaptive authentication
        • Activate adaptive authentication
        • Filter criteria
          • IP Filter
            • Create IP filter criteria
          • Role Filter
            • Create role filter criteria
          • Group Filter
            • Create group filter criteria
          • Location Filter
            • Activate Location Based Access
            • Create location filter criteria
            • Tutorial: Use Location Filter criteria
              • Use Location Filter in Pre Authentication Context
              • Use Location Filter Post Authentication Context
              • Use Location Filter in MFA Context
              • Use Location Filter for Session Access
          • Identity Provider Attributes Filter
            • Use Identity Provider Attribute as Filter Criteria
        • Authentication policy contexts
          • Pre authentication context
          • Post-authentication context
          • MFA (Multi-Factor Authentication) context
          • Account recovery context
          • Session Validation Context
            • Activate Session Validation Context
            • Tutorial: Configuring Session Validation
        • Authentication policies
          • Configure an authentication policy
          • Add an authentication policy to an authentication policy context
        • Configure adaptive authentication properties
          • Tutorial: Configure adaptive authentication
        • Adaptive Authentication for Trusted Mobile Apps
          • Activate Trusted Mobile App
          • Register a trusted device
          • Manage your trusted device
          • Registration details of registered devices
          • Trusted Mobile App troubleshooting
      • API Authentication
        • Certificate based authentication
        • OAuth
        • Token-based authentication
          • API Key and HMAC Authentication for inbound REST APIs
            • Activate API Key and HMAC Authentication
            • Configure API key - Token-based authentication
            • Configure HMAC - Token-based authentication
      • API access policy
        • REST API access policies
          • Activate REST API access policy
          • Create an authentication profile
          • Create REST API access policy
            • API access policy prioritization
          • Filter criteria for APIs
          • API Authentication Policies
            • Create an API authentication policy
            • Configure global blocking policy for APIs
          • REST API Auth Scope
            • Activate REST API Auth Scope
            • REST API Auth Scope properties and tables
            • Configure REST API Auth scope
            • REST API scope troubleshooting
        • SOAP API access policies
          • Activate SOAP API access policy
          • Create an authentication profile
          • Create SOAP API access policy
            • Create a global API access policy to protect SOAP APIs
          • Filter criteria for APIs
          • API Authentication Policies
            • Create an API authentication policy
            • Configure global blocking policy for APIs
        • Access policy for System/Export Processors
          • Activate Processor access policy
          • Configure Authentication profile for Processor
      • Certificate-based authentication
        • Set up Certificate-based authentication
        • Log in using Certificate-based authentication
      • Custom URLs association to your instance
        • Activate custom URLs
        • Set a custom URL as the instance URL
        • Custom URL with Identity Provider
        • Custom URL datacenter job information
        • Generate SP metadata for SAML/SSO custom URL installations
        • Custom URL errors and fixes
      • LDAP integration
        • Understanding LDAP integration
        • LDAP integration requirements
        • LDAP integration setup
          • Install the LDAP X.509 SSL certificate
          • Define an LDAP server
          • Enable an LDAP listener and set system properties
          • Specify the LDAP attributes
          • Test an LDAP connection
          • Define LDAP organizational units
          • Create a data source for LDAP
          • Auto provision LDAP users
          • LDAP integration via MID Server
            • Configure LDAP connection monitoring
            • Import binary data through a MID Server
            • Troubleshooting LDAP integration via MID Server
        • Import and map data
          • LDAP transform maps
          • LDAP scripting
          • Set choice action for reference field imports
          • Verify LDAP mapping
        • LDAP integration troubleshooting
          • View the LDAP monitor
          • LDAP error codes
          • Send a one-time password when the LDAP server is down
        • LDAP record synchronization
          • LDAP refresh filters
          • LDAP extraction
          • Inactive LDAP user accounts
            • Find inactive LDAP accounts by using the userAccountControl field
          • LDAP script examples
        • Active Directory Application Mode (ADAM)
          • Configuring an instance with ADAM
          • Set up the ADAM console
          • Create containers and organizational units for ADAM
          • Delegation with ADAM
          • Populating ADAM Objects
          • Testing and troubleshooting ADAM setup
          • Backup and recovery with ADAM
          • Use LDAPS with ADAM
            • Assign the certificate to ADAM
            • Export the public key certificate
          • Active Directory Application Mode (ADAM) Access Account
          • Test the LDAPS connections
          • Use ADAMSync to populate ADAM
            • Define ADAM user accounts
            • Set up ADAMSync
            • Install the ADAM configuration file
              • Example ADAM configuration files
        • Configure Microsoft Active Directory for secure LDAPS communication
          • Set up a stand-alone certificate authority for active directory
          • Generate a certificate from an internal certificate authority
          • Test the LDAPS connectivity locally
          • Export the public key certificate to trust the LDAP certificate
        • LDAP global catalog usage
        • OpenLDAP minor schema modification
          • Modify the OpenLDAP schema
        • Record LDAP deletions
      • Limit concurrent sessions
        • Exploring limit concurrent sessions
        • Activating and configuring limit concurrent sessions plugin
        • Setting a concurrent session limit by user or role
        • Disabling a concurrent session limit by user or role
      • Multi-factor authentication (MFA)
        • Exploring Multi-factor authentication
        • Configuring MFA, supported methods, and workflow
          • Activate the MFA plugin
          • Configure user-based multi-factor criteria
          • Configure role-based multi-factor criteria
          • Reset multi-factor authentication (MFA) for users
          • Configure adaptive authentication policy-based multi-factor criteria
          • Multi-factor authentication system properties
          • Configure MFA with Biometrics
          • Authenticator configuration options
          • Multi-factor authentication with SMS
            • Active the MFA with SMS plugin
            • Configure SMS as MFA factor
            • Multi-factor authentication Providers
              • Configure MFA Provider
              • Vonage Provider custom configuration (Tutorial)
          • Multi-factor authentication with Email
            • Configure Email as MFA factor
        • Using Multi-factor authentication (MFA)
          • Setup multi-factor authentication upon initial login
          • Setup multi-factor authentication on your user profile
            • Log in with multi-factor authentication
          • Authenticator Applications
            • Change Authenticator app
          • Web Authentication
            • Activate the Web Authentication plugin
          • Register a biometric authenticator
          • Register a hardware security key
        • Multi-factor authentication with Single Sign-On
          • Configure MFA with SSO
      • Multi-Provider Single sign-on (SSO)
        • Multi-Provider SSO properties, tables, and scripts
        • Activate Multi-Provider SSO plugin
        • Multi-Provider SSO configurations
          • Multi-Provider SSO (SAML) IdP authentication flow
          • Configure Multi-Provider SSO properties
          • Create an external identity provider
            • Generate instance service provider (SP) metadata for SAML
          • Configure users for Multi-Provider SSO
          • Testing IdP connections
            • Common IdP connection errors
            • Multi-SSO (SAML 2.0) errors and fixes
            • Troubleshoot script issues with SAML
          • Log in using Multi-Provider SSO
          • Enable users to choose the identity provider for login
          • Use Service Portal with Multi-Provider SSO to redirect a URL
          • Account recovery (ACR)
            • Configure an account recovery user
            • Account recovery properties
          • E-signature for Multi-Provider SSO
            • Activate Approval with e-Signature plugin
            • Use Multi-Provider SSO to set up an SSO approval for a SAML 2.0 authentication
            • Use Multi-Provider SSO to set up an SSO approval for an OIDC authentication
        • OpenID Connect (OIDC) as a Single Sign-On (SSO) identity provider (IdP)
          • Create an OpenID Connect (OIDC) configuration for Single Sign-On (SSO)
          • Use Facebook-based Single Sign-On (SSO)
          • Configure a Facebook-based Single Sign-On (SSO)
          • Create an OpenID Connect (OIDC) configuration for Single Sign-On (SSO)
        • SAML
          • Activate and set up SAML 2.0
            • Identity Provider (IdP) system properties
              • Set the IdP issuer URL
              • Set the AuthnRequest service URL
              • Set the SingleLogoutRequest service URL
              • (Optional) Enable signed logout requests
            • Service Provider (SP) system properties
              • Set the instance URL for SAML
              • Set the audience URL for SAML
              • Set up a NameID policy for SAML
                • Determine what User table field matches the NameID token
                • Set the IdP NameID policy
                • Values in the User table field for SAML
              • (Optional) Enable providing an authentication context class for SAML
              • (Optional) Set keystore properties for signing logout requests for SAML
                • Create a service provider keystore for SAML
                • Install a service provider keystore for signing SAML requests
            • (Optional) Advanced SAML properties
            • Install the identity provider certificate
              • Replacing a missing certificate for SAML
            • Install a service provider keystore for signing SAML requests
            • Test the SAML integration
              • Multi-SSO (SAML 2.0) errors and fixes
            • Redirect single sign-on (SSO) logins
            • Clone an instance with a SAML integration
          • SAML 2.0 concepts
            • Typical SAML process flow (diagram)
            • Login (AuthnRequest) process flow
            • Logout (LogoutRequest) process flow
            • URL information for an SSO provider
          • SAML 2.0 configuration using Multi-Provider SSO
            • X.509 certificates for SAML
          • SAML Guided Tour
          • Integrating SAML 2.0 with other features
            • Add deep linking support for SAML
            • ADFS integration with SAML 2.0
              • Set up ADFS for SAML
              • Set up the instance for ADFS
              • Configure an ADFS relying party
              • Configure the ADFS relying party claim rules
              • Create a SAML logout endpoint
              • Test the ADFS configuration
              • (Workaround) Enable service provider-initiated authentication
              • (Workaround) Support Kerberos authentication
            • Azure AD Integration with SAML 2.0
              • Add ServiceNow from the gallery
              • Configure Azure AD SSO
              • Create an Azure AD test user
              • Assign the Azure AD test user
              • Configure ServiceNow
            • Email links with external authentication
          • Add E-Signature support for SAML
          • Migrating an existing SAML 1.1 integration to SAML 2.0
          • Update your existing SAML 2.0 integration
            • Sample SAML 2 responses after the update
          • SAML user provisioning
            • Administer SAML user provisioning
          • SAML 2.0 troubleshooting
            • Monitor the event queue for login activities
            • Event queue login events
        • Changes to SAML 2.0 and digest token configuration
      • OAuth Inbound and Outbound authentication
        • OAuth 2.0
          • Set up OAuth
          • Activate OAuth
          • Set the OAuth property
          • Change OAuth password parameter
        • OAuth Inbound
          • OAuth authorization code grant flow
            • Authorize access to an OAuth endpoint using auth code flow
            • Authorization code flow state parameter requirement
            • Authorization code flow example: ServiceNow instance as authorization server
          • Create an endpoint for clients to access the instance
            • OAuth API response parameters
            • OAuth API request parameters
          • Create an OAuth JWT API endpoint for external clients (machine to machine integration)
          • Configure an OAuth OIDC provider for accepting third-party token
          • OAuth implicit grants
          • Manage OAuth tokens
            • Revoke an OAuth token
          • Client Credentials
            • Create the Client Credentials system property
            • Add the OAuth Application User
        • OAuth Outbound
          • Connect to a third-party OAuth provider
          • JWT Bearer
            • Set up OAuth provider with JWT Bearer grant type
            • Generate a JSON Web Token (JWT)
          • OAuth client APIs
          • OAuth parameters for default profile support
          • Private Key JWT Support for OAuth 2.0 Client Authentication
            • Configure Private Key JWT for OIDC based SSO
            • Configure Private Key JWT for Outbound OAuth
          • Create an outbound REST message
      • Password complexity requirements
        • Exploring Password complexity requirements
        • Enabling password policies on your instance
          • Password policy properties
        • Configuring your password policy
          • Configuring password for a user
          • Excluding passwords through password policies on your instance
        • Unsupported password characters
      • Self-register to ServiceNow instance
        • Exploring Self-register
        • Activating External User Self-Registration
          • External roles in self-registration
        • Configuring a user registration configuration for external users
          • Configure Google reCAPTCHA for external user self-registration
          • Default registration form fields
          • Add a custom registration form field
        • Enabling external user self-registration for Service Portal
        • External roles in self-registration
        • Verify user self-registration requests
      • Token based authentication (User logins)
        • Time limited authentication
          • Exploring Time limited authentication
          • Activate time limited authentication
          • Time limited authentication with SMS - Twilio Tutorial
        • Digest token authentication
          • Exploring Digest token authentication
          • Configuring the digest properties for multi-provider single sign-on (SSO)
          • Sample digest token implementations
          • Sample Java digest algorithm for encryption
          • Sample C
      • Zero Trust Access
        • Exploring Zero Trust Access
        • Activating Zero Trust Access
        • Configuring Session Access role
        • Zero Trust Access system properties
          • Session Access Audits
        • Use Zero Trust Access
          • Configure IDP attribute for Session Access
        • Zero Trust Access for Mobile
    • Connections and Credentials
      • Exploring credentials, connections, and aliases
        • Scope protections for Credentials and Connections
        • Domain separation and Credentials and Connections
        • Connection & Credential configuration templates
          • Configure a template for OAuth JWT Bearer grant type
          • Create a configuration template
      • Getting started with connections
        • Create a basic connection for PowerShell and SSH
        • Create an HTTP(s) connection
        • Create a JDBC connection
        • Create a JMS connection
        • Create connection attributes for IntegrationHub
      • Getting started with credentials
        • Create a Connection & Credential alias
        • Credential aliases for Discovery
        • Credential aliases for Orchestration activities
        • Create and test your credentials
          • Ansible Tower credentials
          • API key credentials
          • Applicative credentials
          • Basic authentication credentials
          • Chef server credentials
          • CIM credentials
          • Cloud credentials
          • Infoblox credentials
          • JDBC credentials
          • JMS credentials
          • OAuth 2.0 credentials
          • SAP credentials
          • SNMP credentials
          • SSH credentials
          • VMware credentials
          • Windows credentials
          • Container image repository credentials
        • Credential affinity for Discovery and Orchestration
        • Credentials troubleshooting
        • External credential storage
          • Request external credential storage for Discovery and Orchestration
          • External credential storage configuration
          • CyberArk credential storage integration
            • CyberArk integration configuration
              • Configure the CyberArk vault and install the AIM API
              • Import the CyberArk JAR file
              • Configure the MID Server for CyberArk
              • Configure CyberArk for SNMPv2 credentials
              • Configure the CyberArk credential identifier
              • Configure AWS credentials on a CyberArk vault
                • Configure AWS credentials on a CyberArk vault using Classic UI
              • Configure Azure credentials on a CyberArk vault
      • Authentication Algorithms
        • Configure an authentication algorithm
        • Configure an Amazon Signature based Custom Algorithm
        • Configure a custom authentication algorithm
        • Check IP service affinity for Discovery and Orchestration
    • Login and authentication security
      • Exploring Login and authentication security
      • Configuring the logout confirmation prompt
        • Configuring Password Reset properties
      • Defining login scenarios
        • Logins and the employee self-service portal
        • Specify a login landing page
        • Specify lockout for failed login attempts
        • Make UI pages public or private
      • Reference Example: The default self-service Password Reset process
        • Modify the Password Reset notification email text
        • Remove the Logout button
        • Installation exits
        • Strengthen password validation rules
        • Change settings for the Remember me check box and cookie
        • IP range based authentication
          • IP Address Access Control
          • Find denied IP addresses
        • Implementing a nonce
          • Nonce process flow
          • Implement a nonce
    • Web service security
      • Exploring Web service security
      • Configuring mutual authentication
      • Reference: WS-Security
  • General Platform Security settings
    • Antivirus Scanning
      • Exploring Antivirus Scanning
      • Configuring Antivirus Scanning
      • Reviewing quarantined files
        • Reviewing antivirus activity
      • Knowing about Dictionary attributes for Antivirus Scanning
    • Auditing
      • Exploring Auditing
      • Configuring auditing for a table
        • Enabling inclusion list auditing for a table
        • Excluding a field from being audited (exclusion listing)
        • Including a table field in auditing (inclusion listing)
        • Enable auditing for a system table
      • Viewing Sys Audit and Audit Relationship Change tables
      • Knowing about History sets
        • Differences Between Audit and History Sets
        • Control access to history
        • Change the number of history entries
        • History List
        • History Calendar
        • History Timeline
          • View timeline of changes to related records
          • Export a snapshot of a CI
          • Compare CI snapshots
        • Tracking changes to reference fields
        • Tracking inserts
        • Tracking CI Relationships
    • High Security Settings
      • Exploring High Security Settings
      • Configuring Script sandbox property
      • Activating High Security Settings
    • HTML sanitizer
      • Exploring HTML sanitizer
      • Configuring HTML sanitizer
      • Enabling HTML sanitizer
        • Enabling sanitization on individual fields
        • Enabling HTML Sanitizer logging
    • ServiceNow® access control
      • Exploring ServiceNow® access control
      • Activating ServiceNow® access control
      • Configuring ServiceNow® access control
      • Audit logging
    • Virtual Private Network (VPN)
      • Exploring Virtual Private Network (VPN)
      • Activating a VPN service
      • Configuring an address for VPN communication
HomeWashington DC Platform securityPlatform PrivacyAccess Control List RulesCurrent page
Table of Contents

Access Control List Rules

  •  
    • Washington DC
    • Yokohama
    • Xanadu
    • Vancouver
  • UpdatedFeb 1, 2024
  • 1 minute read
    • Washington DC
    • Platform Security

Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.

Explore Exploring Learn about ACL.

Configure Configuring

Configure ACL.

ReferenceReference

Get details about Contextual Security Manager.

Advanced Advanced

Learn more about Advanced ACL.
Was this topic helpful?
YesNo

Previous

Platform Privacy

Next

Exploring Access Control Lists

Previous

Platform Privacy

Next

Exploring Access Control Lists

Log in to get a better experience

Log in
ServiceNow LogoThe world works with ServiceNow.™
  • Terms and conditions
  • Privacy statement
  • GDPR
  • AI Acceptable Use Policy
  • Cookie policy
  • Cookie Preferences
©2025 ServiceNow. All rights reserved.
Title
We use cookies on this site to improve your browsing experience, analyze individualized usage and website traffic, tailor content to your preferences, and make your interactions with our website more meaningful. To learn more about the cookies we use and how you can change your preferences, please read our Cookie Policy and visit our Cookie Preference Manager. By clicking “Accept and Proceed,” closing this banner or continuing to browse this site, you consent to the use of cookies.

Please let us know how to improve this content

Save as PDF

Please let us know how to improve this content