Pre authentication context
Summarize
Summary of Pre Authentication Context
The pre authentication context defines the enforcement of access policies during the login process, executing before users see a login screen. This allows administrators to allow or deny access based on specific criteria before users enter their credentials.
Show less
Key Features
- Policy Execution: Policies are enforced when a user first accesses the instance.
- Default Policy Options: Administrators can set a default policy to either allow or deny access based on specified conditions.
- Policy Inputs and Conditions: The context includes tabs to view inputs and conditions for the selected Allow or Deny policies, though modifications must be made directly within the policy settings.
- Filter Criteria: Only IP Filter, Trusted Mobile App Filter, and Location Filter criteria can be utilized within this context.
Key Outcomes
By configuring the pre authentication context, ServiceNow customers can effectively manage access prior to user login, ensuring that only authorized users can proceed based on predefined policies. This reduces the risk of unauthorized access and enhances security during the login phase.
It is crucial to validate all inputs associated with the pre authentication context to avoid access issues, such as inadvertently blocking administrators due to mismatched IP addresses.
The pre authentication policy context defines how and when a policy is enforced during the login process. The policy used in this context executes before your users see a login screen.
Pre authentication context record
Policies in the pre authentication context execute when a user first accesses the instance, before they see a login screen.
You can use the pre authentication context to allow or deny access before your users are prompted for login credentials based on your selected policy. Because these policies evaluate before a user enters any information, those policies can’t take criteria such as a user's roles or groups into account.
Use the fields in the Pre Authentication policy context record to define how your instance uses your policy.
| Field | Description |
|---|---|
| Name | Name of the policy context. This field is static and can’t be changed. |
| Description | Description of the context |
| Default Policy | Defines the default behavior of this context when evaluating the policy. Select from the following options.
|
| Allow Policy | The policy used for this context uses. This field appears only when the Default Policy field is set to Allow Policy. |
| Deny Policy | The policy used for this context uses. This field appears only when the Default Policy field is set to Deny Policy. |
You can only use the IP Filter, Trusted Mobile App Filter, and Location Filter criteria in the Pre Authentication Policy Context.
Policy inputs and conditions
The Policy Input and Policy Conditions tabs display the inputs and conditions of the policy selected in the Allow Policy or Deny Policy
field. These tabs serve as a reference, but can’t be used to change the policy inputs or conditions. To modify your policy, navigate to the policy using the reference icon (
) next to the Allow Policy or Deny Policy field.
- Only IP-Based filters, Location based filters, or Trusted Mobile App filter can be used in the pre authentication policy context.
- Whenever there's a pre authentication set with non absolute conditions or filter criteria, you're displayed with an error message stating that the policy or context can’t be configured. It's recommended to validate all
the inputs for the pre authentication context before executing it to the instance.
For example: If the administrator is outside the trusted network and configures pre authentication context with IP ranges, if the IP ranges are mismatched with the current session of the admin, the admin is blocked.