Key Features

• glide.ip.authenticate.strict (Boolean): When set to true, the instance uses a strict and more restrictive IP allow list for inbound and outbound connections, replacing the default broader allow list.
• For self-hosted instances, the strict IP list is replaced by the glide.ip.authenticate.allow.secured.selfhostedlist property, and the default list by glide.ip.authenticate.allow.selfhostedlist if glide.ip.authenticate.strict is false.
• Custom IP addresses can be included via system properties glide.custom.ip.authenticate.allow and glide.custom.ip.outbound.authenticate.allow, regardless of strict mode.
• IP ranges can be specified in multiple formats including single IP, IP ranges with hyphens, or CIDR notation.
• At runtime, additional IP addresses can be added or denied using the IP Address Access Controls [ipaccess] table for granular access control.

Key Outcomes

• Enhanced security: Limiting the IP allow list reduces exposure to insider threats and misconfiguration by restricting access to essential ServiceNow infrastructure only.
• Controlled internal access: Prevents non-essential ServiceNow personnel from accessing instances, improving privileged access management.
• No functional disruption: Setting the strict property should not impact normal functionality, as non-essential users typically do not require instance access.
• Flexible exceptions: Access can be granted on a case-by-case basis via the IP Address Access Controls table if needed.

Important Notes

• This property is a no-DB override, meaning it cannot be altered or overridden in the database once set.
• The IP allow list may be updated over time as the ServiceNow internal network changes.
• There are no dependencies or prerequisites for enabling this property.
• To add or modify system properties, customers can refer to the standard process for adding system properties in ServiceNow.