Walk-up Experience portal security and access

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Walk-up Experience portal security and access

    The Walk-up Experience on-site portal is designed with built-in security to prevent users from gaining elevated role privileges through end-user facing devices. Access to this portal is granted via an account with thesnwalkup.walkuploginrole, ensuring controlled user permissions.

    Show full answer Show less

    Key Features

    • Explicit Role Plugin (com.glide.explicitroles): Introduced in the ServiceNow AI Platform Paris release, this plugin manages user security roles by assigning either sncinternal or sncexternal roles. Walk-up Experience depends on this plugin to explicitly set users as external.
    • Role Assignment Behavior: For new Walk-up Experience installations (post-Quebec release), the plugin correctly assigns the Walk-up Experience user the sncexternal role automatically. For upgrades prior to the Rome release, the Walk-up Experience user is assigned sncinternal by default and cannot have this role removed automatically during upgrade.
    • User Access: Walk-up Experience Agents use accounts with the snwalkup.walkuplogin role to access the portal. Internal and external users can check in on-site via devices such as tablets, while authenticated internal users can also check in through online queues using desktops or mobile devices.

    Important Considerations for Upgrading to Xanadu Release

    • Walk-up Experience added a dependency on the Explicit Role plugin in the Xanadu release to manage user role assignments explicitly.
    • During upgrades to Xanadu, the Walk-up Experience user account is assigned the sncinternal role instead of sncexternal due to plugin behavior.
    • After upgrading, administrators must manually remove the sncinternal role from the Walk-up Experience user accounts and add the sncexternal role to ensure proper role assignment and security compliance.
    • This manual role adjustment is not required for upgrades after the Xanadu release or for new installations.

    ServiceNow customers should carefully follow these role management steps during upgrades to maintain secure and correct access to the Walk-up Experience portal.

    Security is built into the application to prevent end-user facing devices at the Walk-up Experience on-site portal from offering elevated role privileges to users. The Walk-up Experience on-site portal is accessed by an account containing only the sn_walkup.walkup_login role.

    Understanding Walk-up Experience portal security

    Activate the Explicit Role (com.glide.explicit_roles) plugin to assign users security roles, either snc_internal or snc_external. This plugin was introduced in the ServiceNow AI Platform Paris release. With the Quebec release, for new installations, Walk-up Experience added a dependency on this plugin to explicitly set the Walk-up Experience user as an external user.

    When upgrading Walk-up Experience installations prior to Rome, the Walk-up Experience user is assigned snc_internal instead of snc_external. This is because the Explicit Role plugin assigns all users, including Walk-up Experience users, to snc_internal. Walk-up Experience cannot remove snc_internal during upgrade. For new installations of Walk-up Experience, this process works automatically.
    Note:
    Refer to Explicit roles plugin for details about the plugin and Explicit Roles for more information about this upgrade process.

    Access to Walk-up Experience

    Agents opening up the on-site Walk-up location for business, or joining the support team during operation hours, access the user record account with sn_walkup.walkup_login role to log into the Walk-up Experience portal. Internal and external users can access the on-site Walk-up Experience portal via a check-in device, typically a tablet, to enter a queue. Internal, authenticated users can also access an online queue check-in via desktop or mobile device.

    Important information for upgrading Walk-up Experience to Xanadu

    The Explicit Role (com.glide.explicit_roles) plugin was introduced in the ServiceNow AI Platform Paris release. When installed, users are assigned security roles, either snc_internal or snc_external. With the Xanadu, release Walk-up Experience has added a dependency on this plugin to explicitly set the Walk-up Experience user as an external user.

    When upgrading Walk-up Experience to Xanadu, the Walk-up Experience user is assigned snc_internal instead of snc_external. This is because the Explicit Role plugin assigns all users, including the Walk-up Experience user, to snc_internal. Walk-up Experience cannot remove snc_internal during upgrade. For new installs of Walk-up Experience, this process works without issue because the Explicit Role plugin installs first, assigns all users to snc_internal, then the Walk-up Experience user account is created with the snc_external role already assigned.
    Note:
    Refer to Explicit roles plugin for complete details about the plugin and ServiceNow AI Platform explicit roles.
    After upgrading to Xanadu, you need to remove the snc_internal role from the Walk-up Experience user account, or any users created to log into the Walk-up Experience kiosk. Then you need to add the snc_external role to the users. This process is not necessary for upgrades after Xanadu.
    Note:
    Refer to Explicit Roles for complete details about this process.