Simplifying the authentication experience for your remote employees

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Simplifying the authentication experience for your remote employees

    The Issue Auto Resolution application streamlines the authentication process for remote employees accessing the ServiceNow service portal. This solution enables employees without corporate credentials to log in via a secure link sent through SMS or email, eliminating the need to manually enter a username and password.

    Show full answer Show less

    Key Features

    • Digest Link Authentication: When a case is created for a remote employee, they receive a digest link via SMS or email. This link directs them to a login page where, depending on configuration, they can access the portal without entering credentials if they meet specific user criteria.
    • Time Limited Authentication Plugin: By installing the Time Limited Authentication plugin (com.snc.authenticate.timelimitedauthentication), customers can extend the authentication experience to include one-time password (OTP) verification and control link usage limits.
    • One-Time Password (OTP) Verification: Employees verify their identity by entering an OTP received via email, after which they gain access to the ticket and recommendations page.
    • Link Validity and Security: The digest link's usage is limited by time and number of uses, as configured in the time-limited authentication settings, enhancing security by preventing reuse of expired links.
    • User Criteria Configuration: The system property sniarhr.digestlinkusercriteria defines which users qualify for digest link generation based on active user criteria. Admin roles can assign the sniarhr.digestlinkuser role to validate eligibility.

    Practical Application for ServiceNow Customers

    This authentication simplification is particularly useful for onboarding remote employees or external users who need timely access to the service portal without corporate credentials. By leveraging digest links and optional OTP verification, organizations can improve user experience while maintaining security controls.

    Configuration Highlights

    • Enable time-limited authentication via the glide.authenticate.enable.timelimitedauthentication property.
    • Configure multi-provider single sign-on (SSO) and account recovery settings to complement the simplified login.
    • Set up and manage user criteria to control which employees receive digest links.
    • Define time-limited authentication properties to govern link expiration and usage limits.

    Expected Outcomes

    • Remote employees can quickly access the service portal without needing corporate credentials.
    • Improved user satisfaction and reduced support overhead for login issues.
    • Secure access maintained through OTP verification and controlled link validity.

    With the Issue Auto Resolution application, you can simplify the authentication experience for your remote employees. Instead of entering a user name and password to access the service portal, your remote employees can get to the portal through a link in a short messaging service (SMS) or email.

    By using the Issue Auto Resolution application, your remote employees who don't have the corporate credentials can still access your service portal without entering a user name and password. When you create a case for the employee, that employee gets a link through a text (SMS) or email. That link directs them to the login page where they’re prompted to enter a user name and password. With this simplified authentication experience feature, these employees, who fulfill the user criteria mentioned in the sn_iar_hr.digest_link_user_criteria system property, can access the portal without entering credentials.

    You can install the Time Limited Authentication (com.snc.authenticate.time_limited_authentication) plugin to extend the core functionality of the Issue Auto Resolution application.

    Successful and simplified login experience

    Let's say that a remote employee recently joined your organization. Your employee doesn't have the corporate credentials to access the service portal but that employee has a query about the dental benefits enrollment. With the Issue Auto Resolution application, your employee can access the service portal through an email by using a personal device.

    The following example shows how a remote employee can log in to the portal without credentials by using a digest link.

    Figure 1. Simplified log in experience for remote workers
    The process is as follows:
    1. The remote employee gets the digest link through an email.
    2. The link directs the employee to verify the identity page, where the employee has to enter a one-time password (OTP) received through an email.
    3. The employee is then directed to the standard ticket page, where the employee can view the recommendations.
      Note:
      The link’s validity depends on the values that are defined in the time-limited authentication configuration record. In this case, the maximum number of times an employee can use the link is set to one.
    4. The employee is redirected to the expired link page when the employee tries to use the same link again.
    5. The employee gets an email with a new digest link.

    Time-limited authentication

    You can do the following tasks to set the existing time-limited authentication properties:
    • Enable the time-limited authentication glide.authenticate.enable.time_limited_authentication property.
    • Disable the account recovery property.
    • Enable multi-provider single sign-on (SSO).
    • Enable the Active field in the time limited authentication properties config record.
    To learn how to configure the properties, see Time Limited Authentication Properties form.

    To learn more about time-limited authentication, see Time limited authentication.

    User criteria for generating the digest link

    You can use the sn_iar_hr.digest_link_user_criteria system property to get and validate the user criteria for generating the digest link. This link appears in an SMS or email that is sent to the employee. The value should be the sys_id of the active user criteria. For more information, see User criteria form.

    Users with the admin and sn_hr_core.admin roles can assign the sn_iar_hr.digest_link_user role. This role is added to the available user criteria to validate if that user qualifies for digest link generation.