Multi-factor authentication for Customer and Consumer Service Portals
Summarize
Summary of Multi-factor authentication for Customer and Consumer Service Portals
Multi-factor authentication (MFA) enhances security for users accessing Customer and Consumer Service Portals by requiring more than one credential for login. It helps protect against vulnerabilities while using self-service web portals.
Show less
Key Features
- Enable Multi-factor Authentication: Activate this feature for users and administrators. Default is enabled.
- Bypass Setup Count: Users can skip MFA setup a limited number of times (default: 3), allowing login without a mobile device.
- One-Time Code Validity: Set how long a code sent to a user's email is valid (default: 10 minutes).
- Clock Skew Adjustment: Allow a maximum of 60 seconds to accommodate time discrepancies in code validation.
- Role Configuration: Assign roles (sncustomerservice.customer, sncustomerservice.consumer) that mandate MFA for those users.
Key Outcomes
By implementing multi-factor authentication, ServiceNow customers can significantly enhance the security of their portals, ensuring that access is tightly controlled and that users have a seamless experience even when they encounter issues such as not having their mobile devices available. This setup not only protects sensitive information but also complies with best security practices.
Multi-factor authentication, also known as two-step verification, is a security requirement that asserts a user enter more than one set of credentials.
Enable multi-factor authentication for Customer and Consumer Service Portal users so that access to the self-service web portals is more secure from potential vulnerabilities. For more information, see Multifactor authentication (MFA).
Multi-factor authentication properties
| Property | Description |
|---|---|
| Enable Multi-factor authentication [glide.authenticate.multifactor] |
Select this check box to allow users and administrators to use this feature.
|
| Number of times a user can bypass setting up multi-factor authentication
[glide.authenticate.multifactor.setup.bypass.count] |
Enter a number that represents how many times a user can choose to skip the
additional passcode requirement. This gives your users the ability to still log in the
instance if they do not have their mobile device with them. If you disable this feature and
then re-enable it, the counter starts over again.
|
| The time in minutes, the one time code sent to user's email address is valid
for [glide.multifactor.onetime.code.validity] |
Enter a number in minutes that specifies how long the reset code is valid. See Log on with multi-factor
authentication.
|
| Additional time in seconds for which the code will be valid to accommodate for the
clock skew. Max value is 60
seconds. [glide.authenticate.multifactor.clock_skew] |
Enter a number in seconds with a maximum of 60. By default,
the instance validates the code entered by the user against the single app-generated code
generated at whatever the current time - x/2 and current time + x/2, where 'x' is
the value of this property. If you use the value of 10, for example, the
instance considers any codes generated by the app between the time range [the
current time - 5 seconds] and [current time + 5 seconds] to be
valid. Use this property to prevent log in issues where the user is unable to enter the correct code in the default time allotted. |
Configure roles for multi-factor authentication
- sn_customerservice.customer
- sn_customerservice.consumer