Simplifying the authentication experience for your remote employees

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Simplifying the authentication experience for your remote employees

    The Issue Auto Resolution application streamlines how remote employees access the ServiceNow service portal by eliminating the need to enter corporate credentials each time. Instead of a username and password, employees receive a secure link via SMS or email, allowing them to log in easily from personal devices. This approach helps organizations support remote workers who don't have standard corporate credentials while maintaining secure access.

    Show full answer Show less

    Key Features

    • Digest Link Authentication: Remote employees receive a digest link through SMS or email that directs them to a login page without needing to enter username and password.
    • One-Time Password (OTP) Verification: Employees verify their identity by entering an OTP sent to their email, ensuring secure access.
    • Time-Limited Authentication Plugin: By installing the Time Limited Authentication plugin, you can configure how long and how many times these digest links remain valid, enhancing security.
    • User Criteria Control: The sniarhr.digestlinkusercriteria system property lets you define which users qualify for receiving digest links based on active user criteria and assigned roles.
    • Role Management: Administrators with admin or snhrcore.admin roles can assign the sniarhr.digestlinkuser role to users who qualify for simplified login access.

    How It Works in Practice

    When a remote employee is created in the system, they receive a digest link via email or SMS. Clicking the link takes them to an identity verification page where they enter an OTP. After successful verification, they gain access to their service portal ticket page with relevant recommendations. The link is strictly time- and use-limited to prevent unauthorized reuse, redirecting expired or reused link attempts to an expired link page and issuing a new link via email.

    Configuration and Security Considerations

    • Enable and configure time-limited authentication properties such as enabling the feature, disabling account recovery, enabling multi-provider SSO, and activating the configuration record.
    • Maintain security by setting limits on link usage and validity period through the Time Limited Authentication properties form.
    • Use user criteria and role assignments to precisely control which remote employees can use simplified authentication.

    Benefits for ServiceNow Customers

    This functionality empowers ServiceNow customers to provide a seamless and secure authentication experience for remote employees lacking corporate credentials. It reduces friction in accessing support resources, improves user satisfaction, and maintains security through time-limited, OTP-verified access. Administrators gain flexible control over eligibility and authentication parameters to align with organizational policies.

    With the Issue Auto Resolution application, you can simplify the authentication experience for your remote employees. Instead of entering a user name and password to access the service portal, your remote employees can get to the portal through a link in a short messaging service (SMS) or email.

    By using the Issue Auto Resolution application, your remote employees who don't have the corporate credentials can still access your service portal without entering a user name and password. When you create a case for the employee, that employee gets a link through a text (SMS) or email. That link directs them to the login page where they’re prompted to enter a user name and password. With this simplified authentication experience feature, these employees, who fulfill the user criteria mentioned in the sn_iar_hr.digest_link_user_criteria system property, can access the portal without entering credentials.

    You can install the Time Limited Authentication (com.snc.authenticate.time_limited_authentication) plugin to extend the core functionality of the Issue Auto Resolution application.

    Successful and simplified login experience

    Let's say that a remote employee recently joined your organization. Your employee doesn't have the corporate credentials to access the service portal but that employee has a query about the dental benefits enrollment. With the Issue Auto Resolution application, your employee can access the service portal through an email by using a personal device.

    The following example shows how a remote employee can log in to the portal without credentials by using a digest link.

    Figure 1. Simplified log in experience for remote workers
    Remote employee accessing digest link to view recommendations.
    The process is as follows:
    1. The remote employee gets the digest link through an email.
    2. The link directs the employee to verify the identity page, where the employee has to enter a one-time password (OTP) received through an email.
    3. The employee is then directed to the standard ticket page, where the employee can view the recommendations.
      Note:
      The link’s validity depends on the values that are defined in the time-limited authentication configuration record. In this case, the maximum number of times an employee can use the link is set to one.
    4. The employee is redirected to the expired link page when the employee tries to use the same link again.
    5. The employee gets an email with a new digest link.

    Time-limited authentication

    You can do the following tasks to set the existing time-limited authentication properties:
    • Enable the time-limited authentication glide.authenticate.enable.time_limited_authentication property.
    • Disable the account recovery property.
    • Enable multi-provider single sign-on (SSO).
    • Enable the Active field in the time limited authentication properties config record.
    To learn how to configure the properties, see Time Limited Authentication Properties form.

    To learn more about time-limited authentication, see Time limited authentication.

    User criteria for generating the digest link

    You can use the sn_iar_hr.digest_link_user_criteria system property to get and validate the user criteria for generating the digest link. This link appears in an SMS or email that is sent to the employee. The value should be the sys_id of the active user criteria. For more information, see User criteria form.

    Users with the admin and sn_hr_core.admin roles can assign the sn_iar_hr.digest_link_user role. This role is added to the available user criteria to validate if that user qualifies for digest link generation.