_
_
_
_
Datadog
navy blue arrow pointing right
Datadog
Deploy Datadog
Optimize Cost & Governance
Integrations
ServiceNow
navy blue arrow pointing right
ServiceNow
ITOM Visibility
ITOM Health
ITSM
ITAM
SecOps
CMDB
GenAI
ServiceNow Platform Co-Pilot
ServiceNow Store Apps
Resources
navy blue arrow pointing right
resources
Case Studies
Videos
Product Sheets
Reference Documents
Press
Blog
Company
navy blue arrow pointing right
company
About RapDev
Careers
Press
Get in Touch
This is some text inside of a div block.
This is some text inside of a div block.
© RapDev 2024 | All rights reserved.
Check out RapDev's lineup for Knowledge 2024
arrow to go to next page in lime green
Datadog
Datadog
Deploy Datadog
Implement Datadog ObservabilityMigrate to Datadog
Optimize Cost
Datadog Platform Co-PilotHealth Check & Observability Best PracticesCost Monitoring & ControlTagging Strategy & Governance
Integrations
Ansible Methods for Automating Datadog Deployment
Take control of sprawling deployments and optimize efficiency with ease
Read More
Contact Us
Datadog Marketplace
ServiceNow
ServiceNow
ITOM Visibility
DiscoveryService MappingServiceGraph ConnectorsCMDBCSDM as CodeModern CloudOpsACC Agent
ITOM Health
Event ManagementAIOpsModern CloudOpsCMDB
ITSM
Lean into DevOpsIntegration HubCMDBChatOpsModern CloudOpsCSDM as Code
ITAM
HAM Pro | SAM ProCMDBAsset & CI Insights
SecOps
Vulnerability Response
CMDB
Asset & CI InsightsCMDB Assessment
GenAI
DiGiMajor Incident ManagementPrivate GPT
Platform Co-Pilot
ServiceNow Platform Co-pilot
ServiceNow Store
Asset & CI InsightsCSDM as CodeInfoBloxLean into DevOpsModern CloudOpsyaml JSON Converter
Transforming User Experiences with ServiceNow DEX
ServiceNow DEX: Proactive End-User Experience Monitoring for a Smoother Digital Employee Experience
Read More
Contact Us
ServiceNow Store
Resources
Company
Company
Company
About UsCareers10PressEvents
April 2024
RapDev Awarded Patent for ‘CSDM as Code’ Solution for PaaS Environments
RapDev has been awarded its first patent for CSDM as Code, a configuration management tool tailored for Platform as a Service (PaaS) environments.
Go to Article
Contact Us
Get in Touch
Back to Blog
ServiceNow
No items found.

Authentication and Authorization

When we visit any application or website, including ServiceNow, three things are important in the context of security.
6
min read
|
by
Pallavi Gupta
December 7, 2023

When we visit any application or website, including ServiceNow, three things are important in the context of security.

  • Identity
  • Authentication
  • Authorization

These seemingly benign statements can cause an enterprise half of its headaches. Let's quickly go over each of these definitions and the steps ServiceNow takes to guarantee them.

Identity - They are a unique set of attributes that identify each user. This can include things like the user's name, email address, or anything that helps identify who you are.

Authentication - It is the process of verifying the claimed identity of the user. It may include methods like username and password authentication, biometrics (fingerprint, facial recognition), smart cards, tokens, and multi-factor authentication (MFA).

Authorization - Authorization is the process of determining what actions or operations an authenticated user, device, or entity is allowed to perform within a computer system or network. Authorization ensures that even authenticated users only have access to the resources and actions that are appropriate for their role and level of privilege.

It would be a disaster if an end user were able to delete user records from ServiceNow or if everyone had the ability to raise an off-boarding request. That is why this topic is crucial. We don't want strangers to come into our house and we don’t want guests to go into our bedroom and look through our closets. 

Some of the methods ServiceNow employees for authentication are as follows:

  • Username and Password - This is the most basic form of authentication. Users provide a username and a secure password to verify their identity. 
  • Multi-Factor Authentication (MFA) - Since usernames and passwords have been around long, they are sometimes insufficient. To add an extra layer of security, the ServiceNow uses multi-factor authentication.
  • LDAP/Active Directory: Organizations can integrate ServiceNow with LDAP or Active Directory systems, allowing users to log in using their existing corporate credentials.
  • SSO (Single Sign-On): ServiceNow also supports SOO, enabling users to use a single set of credentials across multiple applications.

Once we have authenticated the user, and we know they are who they say they are, the next step is to determine what they have access to. It is crucial that we permit access to resources only based on their role and responsibilities within the organization. 

Following are some of the components used by ServiceNow for authorization. 

  • Roles - Roles are what dictate what a user can do within the platform. For example, an IT support technician may have a "Support" role, granting access to incident management but not system administration features.   

  • ACLs (Access Control Lists) - This is one level below the roles. Even if a user is granted permission to a table based on their role, we can fine-tune controls to specify what they can read, write, and delete. ACLs make it feasible. They let us define records or data that users can access and what operations they can perform on it. 

  • Groups - Groups are a way of organizing users, like assigning a common group to people with a shared purpose. We can assign roles to these groups and all their members inherit those permissions. For instance, we could create a group called 'Support' and permit them to access incident management modules.

The logic of this all makes sense - permit only genuine users to enter the system and allow them to access only what they need. Authentication and Authorization are super important to maintain the integrity of data and processes. By properly implementing authentication and authorization, the IT Service Management processes can run smoothly, improve security, and save a lot of money and headaches. 

Some of the below points explain why authentication and authorization are important 

  • Data Security - Nothing is more important than data and nothing is worse than data in the hands of a malicious user. Properly implemented authentication prevents the risk of data breaches. 
  • Compliance - To comply with strict compliance requirements, such as HIPPA and GDPR, organizations must have proper authentication and authorization. 
  • Workflow efficiency - To achieve optimal organizational efficiency and streamline processes and workflows, it is crucial to assign appropriate roles and permissions. 
  • Auditability - Auditability would help with audits and investigations by allowing us to have logs that track who accessed what and when.

It's easy to become lost when there's so much information about what to implement and how. But some best practices can help us focus on what's important and keep our eyes on the prize. 

Some of the best practices in ServiceNow can include the following- 

  • Implement strong authentication policies.
  • Enforce strong password policies, asking users to change their passwords every few months, and including MFA to protect against unauthorized access. 
  • Review roles and permissions regularly. If the system is allowed to sit for a while, it can become stale. Review and update roles and groups regularly to align with organizational changes and security requirements.
  • Apply the principle of least privilege. This means that users should have the minimum access necessary to perform their tasks.
  • Identifying vulnerabilities on an ongoing basis is crucial for testing and monitoring. Continuously test user activities and regularly perform security testing. 
  • Keep the platform updated. Ensure the ServiceNow platform runs the latest updates and patches to address security vulnerabilities.

Authentication and authorization are the foundation of data security and user access control in ServiceNow. Understanding these concepts is essential for ServiceNow administrators and developers to configure the platform to meet the specific needs and security requirements of the organizations. By implementing strong authentication and fine-tuning authorization, organizations can harness the full potential of the platform while safeguarding their data and operations. So, a solid knowledge of these topics is fundamental.

Written by
Pallavi Gupta
Boston, MA
Loves music so much she can work for lengthy periods while listening to anything. 1 part engineer, 1 part wanderer, 2 parts geek and 3 parts artist.
More by
Pallavi
Accelerating Innovation with ServiceNow UI Builder
Jan 2024
teal arrow pointing right to go further
ServiceNow IntegrationHub ETL
Oct 2023
teal arrow pointing right to go further
ServiceNow's Glide APIs
Sep 2023
teal arrow pointing right to go further
Service Portal Dependencies
May 2023
teal arrow pointing right to go further
Service Graph Connectors
Jan 2023
teal arrow pointing right to go further
Wisdom with Performance Analytics
Feb 2022
teal arrow pointing right to go further
you might also like
ServiceNow
Transforming User Experiences with ServiceNow DEX
Transforming User Experiences with ServiceNow DEX
Read
teal arrow pointing right to go further
ServiceNow
ServiceNow Store Integration: CSDM as Code
ServiceNow Store Integration: CSDM as Code
Read
teal arrow pointing right to go further
ServiceNow
Unclassed Hardware and Vulnerability Response
Unclassed Hardware and Vulnerability Response
Read
teal arrow pointing right to go further
back to blog
Company
About UsCareersPressContactEvents
© RapDev 2024 | All rights reserved. | 
Privacy Policy