_
_
_
_
Datadog
navy blue arrow pointing right
Datadog
Deploy Datadog
Optimize Cost & Governance
Security
Managed Datadog
Integrations
ServiceNow
navy blue arrow pointing right
ServiceNow
ITOM Visibility
ITOM Health
ITSM
ITAM
SecOps
CMDB
GenAI
ServiceNow Store Apps
Resources
navy blue arrow pointing right
resources
Case Studies
Videos
Solution Briefs
Reference Documents
Press
Blog
Company
navy blue arrow pointing right
company
About RapDev
Careers
Press
Events
Get in Touch
This is some text inside of a div block.
This is some text inside of a div block.
© RapDev 2024 | All rights reserved.
Our team is growing! Join us
arrow to go to next page in lime green
Datadog
Datadog
Deploy Datadog
Implement Datadog ObservabilityMigrate to Datadog
Optimize Cost
Health Check & Observability Best PracticesCost Monitoring & ControlTagging Strategy & Governance
Security
Automate Migrations & Tool ConsolidationCustom Workflows & Rules
Managed Datadog
Managed Datadog
Integrations
Enhancing Terraform with Datadog: New Metrics, Improvements, and More
Explore the latest Terraform integration updates: drift metrics, improved dashboard, token monitoring, and enhanced module support
Read More
Contact Us
Datadog Marketplace
ServiceNow
ServiceNow
ITOM Visibility
DiscoveryService MappingServiceGraph ConnectorsCMDBCSDM as CodeModern ServiceOpsACC Agent
ITOM Health
Event ManagementAIOpsModern ServiceOpsCMDB
ITSM
Lean into DevOpsIntegration HubCMDBChatOpsModern ServiceOpsCSDM as Code
ITAM
HAM Pro | SAM ProCMDBAsset & CI Insights
SecOps
Vulnerability Response
CMDB
Asset & CI InsightsCMDB Assessment
GenAI
Major Incident ManagementPrivate GPT
ServiceNow Store
Asset & CI InsightsCSDM as CodeInfoBloxLean into DevOpsModern ServiceOpsyaml JSON ConverterTag Generator
Automate CI Tagging with Tag Generator
Automate Key-Value tagging for complete visibility in ServiceNow
Read More
Contact Us
ServiceNow Store
Resources
Company
Company
Company
About UsCareers10PressEvents
August 2024
RapDev Ranks Among Top 15% on Inc. 5000’s 2024 List of America’s Fastest Growing Companies
The list, compiled by Inc. magazine, celebrates the fastest-growing privately held companies in the United States, highlighting those that have demonstrated remarkable growth and innovation over the past year.
Go to Article
Contact Us
Get in Touch
Back to Blog
ServiceNow
No items found.

Authentication and Authorization

When we visit any application or website, including ServiceNow, three things are important in the context of security.
6
min read
|
by
Pallavi Gupta
December 7, 2023

When we visit any application or website, including ServiceNow, three things are important in the context of security.

  • Identity
  • Authentication
  • Authorization

These seemingly benign statements can cause an enterprise half of its headaches. Let's quickly go over each of these definitions and the steps ServiceNow takes to guarantee them.

Identity - They are a unique set of attributes that identify each user. This can include things like the user's name, email address, or anything that helps identify who you are.

Authentication - It is the process of verifying the claimed identity of the user. It may include methods like username and password authentication, biometrics (fingerprint, facial recognition), smart cards, tokens, and multi-factor authentication (MFA).

Authorization - Authorization is the process of determining what actions or operations an authenticated user, device, or entity is allowed to perform within a computer system or network. Authorization ensures that even authenticated users only have access to the resources and actions that are appropriate for their role and level of privilege.

It would be a disaster if an end user were able to delete user records from ServiceNow or if everyone had the ability to raise an off-boarding request. That is why this topic is crucial. We don't want strangers to come into our house and we don’t want guests to go into our bedroom and look through our closets. 

Some of the methods ServiceNow employees for authentication are as follows:

  • Username and Password - This is the most basic form of authentication. Users provide a username and a secure password to verify their identity. 
  • Multi-Factor Authentication (MFA) - Since usernames and passwords have been around long, they are sometimes insufficient. To add an extra layer of security, the ServiceNow uses multi-factor authentication.
  • LDAP/Active Directory: Organizations can integrate ServiceNow with LDAP or Active Directory systems, allowing users to log in using their existing corporate credentials.
  • SSO (Single Sign-On): ServiceNow also supports SOO, enabling users to use a single set of credentials across multiple applications.

Once we have authenticated the user, and we know they are who they say they are, the next step is to determine what they have access to. It is crucial that we permit access to resources only based on their role and responsibilities within the organization. 

Following are some of the components used by ServiceNow for authorization. 

  • Roles - Roles are what dictate what a user can do within the platform. For example, an IT support technician may have a "Support" role, granting access to incident management but not system administration features.   

  • ACLs (Access Control Lists) - This is one level below the roles. Even if a user is granted permission to a table based on their role, we can fine-tune controls to specify what they can read, write, and delete. ACLs make it feasible. They let us define records or data that users can access and what operations they can perform on it. 

  • Groups - Groups are a way of organizing users, like assigning a common group to people with a shared purpose. We can assign roles to these groups and all their members inherit those permissions. For instance, we could create a group called 'Support' and permit them to access incident management modules.

The logic of this all makes sense - permit only genuine users to enter the system and allow them to access only what they need. Authentication and Authorization are super important to maintain the integrity of data and processes. By properly implementing authentication and authorization, the IT Service Management processes can run smoothly, improve security, and save a lot of money and headaches. 

Some of the below points explain why authentication and authorization are important 

  • Data Security - Nothing is more important than data and nothing is worse than data in the hands of a malicious user. Properly implemented authentication prevents the risk of data breaches. 
  • Compliance - To comply with strict compliance requirements, such as HIPPA and GDPR, organizations must have proper authentication and authorization. 
  • Workflow efficiency - To achieve optimal organizational efficiency and streamline processes and workflows, it is crucial to assign appropriate roles and permissions. 
  • Auditability - Auditability would help with audits and investigations by allowing us to have logs that track who accessed what and when.

It's easy to become lost when there's so much information about what to implement and how. But some best practices can help us focus on what's important and keep our eyes on the prize. 

Some of the best practices in ServiceNow can include the following- 

  • Implement strong authentication policies.
  • Enforce strong password policies, asking users to change their passwords every few months, and including MFA to protect against unauthorized access. 
  • Review roles and permissions regularly. If the system is allowed to sit for a while, it can become stale. Review and update roles and groups regularly to align with organizational changes and security requirements.
  • Apply the principle of least privilege. This means that users should have the minimum access necessary to perform their tasks.
  • Identifying vulnerabilities on an ongoing basis is crucial for testing and monitoring. Continuously test user activities and regularly perform security testing. 
  • Keep the platform updated. Ensure the ServiceNow platform runs the latest updates and patches to address security vulnerabilities.

Authentication and authorization are the foundation of data security and user access control in ServiceNow. Understanding these concepts is essential for ServiceNow administrators and developers to configure the platform to meet the specific needs and security requirements of the organizations. By implementing strong authentication and fine-tuning authorization, organizations can harness the full potential of the platform while safeguarding their data and operations. So, a solid knowledge of these topics is fundamental.

Written by
Pallavi Gupta
Boston, MA
Loves music so much she can work for lengthy periods while listening to anything. 1 part engineer, 1 part wanderer, 2 parts geek and 3 parts artist.
More by
Pallavi
ServiceNow’s Special Keyboard Shortcuts
Aug 2024
teal arrow pointing right to go further
Crafting Good APIs in ServiceNow
Jun 2024
teal arrow pointing right to go further
Accelerating Innovation with ServiceNow UI Builder
Jan 2024
teal arrow pointing right to go further
you might also like
ServiceNow
Automate CI Tagging with Tag Generator
Automate CI Tagging with Tag Generator
Read
teal arrow pointing right to go further
ServiceNow
Minimizing Upgrade Conflicts with ServiceNow
Minimizing Upgrade Conflicts with ServiceNow
Read
teal arrow pointing right to go further
ServiceNow
Debugging Windows Discovery Using Powershell
Debugging Windows Discovery Using Powershell
Read
teal arrow pointing right to go further
back to blog
Company
About UsCareersPressContactEvents
© RapDev 2024 | All rights reserved. | 
Privacy Policy