Multi-factor authentication for Customer and Consumer Service Portals
Summarize
Summary of Multi-factor Authentication for Customer and Consumer Service Portals
Multi-factor authentication (MFA), also known as two-step verification, enhances security for users accessing Customer and Consumer Service Portals by requiring multiple credentials. This feature protects self-service web portals from potential vulnerabilities.
Show less
Key Features
- Enable Multi-factor Authentication: Allows users and administrators to utilize MFA. Default is enabled.
- Bypass Configuration: Users can skip MFA setup a specified number of times (default: 3). This ensures access when a mobile device is unavailable.
- One-Time Code Validity: The one-time code sent via email is valid for a configurable duration (default: 10 minutes).
- Clock Skew Adjustment: Allows a maximum 60-second adjustment to account for time discrepancies, facilitating successful code entry within a broader time frame.
- Role Configuration: Assign external roles (sncustomerservice.customer, sncustomerservice.consumer) to enforce MFA for designated users.
Key Outcomes
By implementing MFA, ServiceNow customers can significantly enhance the security of their service portals, ensuring that only authenticated users gain access. Configurable options allow for flexibility in how MFA is applied, accommodating user needs while maintaining security standards.
Multi-factor authentication, also known as two-step verification, is a security requirement that asserts a user enter more than one set of credentials.
Enable multi-factor authentication for Customer and Consumer Service Portal users so that access to the self-service web portals is more secure from potential vulnerabilities. For more information, see Multifactor authentication (MFA).
Multi-factor authentication properties
| Property | Description |
|---|---|
| Enable Multi-factor authentication [glide.authenticate.multifactor] |
Select this check box to allow users and administrators to use this feature.
|
| Number of times a user can bypass setting up multi-factor authentication
[glide.authenticate.multifactor.setup.bypass.count] |
Enter a number that represents how many times a user can choose to skip the
additional passcode requirement. This gives your users the ability to still log in the
instance if they do not have their mobile device with them. If you disable this feature and
then re-enable it, the counter starts over again.
|
| The time in minutes, the one time code sent to user's email address is valid
for [glide.multifactor.onetime.code.validity] |
Enter a number in minutes that specifies how long the reset code is valid. See Log on with multi-factor
authentication.
|
| Additional time in seconds for which the code will be valid to accommodate for the
clock skew. Max value is 60
seconds. [glide.authenticate.multifactor.clock_skew] |
Enter a number in seconds with a maximum of 60. By default,
the instance validates the code entered by the user against the single app-generated code
generated at whatever the current time - x/2 and current time + x/2, where 'x' is
the value of this property. If you use the value of 10, for example, the
instance considers any codes generated by the app between the time range [the
current time - 5 seconds] and [current time + 5 seconds] to be
valid. Use this property to prevent log in issues where the user is unable to enter the correct code in the default time allotted. |
Configure roles for multi-factor authentication
- sn_customerservice.customer
- sn_customerservice.consumer