SOLVED

Intune or Azure for MFA with ServiceNow

%3CLINGO-SUB%20id%3D%22lingo-sub-1315559%22%20slang%3D%22en-US%22%3EIntune%20or%20Azure%20for%20MFA%20with%20ServiceNow%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1315559%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22x-hidden-focus%22%3EHello.%20We%20will%20soon%20switch%20over%20to%20Intune%20for%20our%20Mobil%20Device%20Management%20(we%20currently%20use%20Centrify).%20We%20also%20use%20ServiceNow(SN)%20for%20incident%20management.%20We%20would%20like%20require%20MFA%20when%20users%20Log%20into%20SN%20from%20outside%20of%20our%20network%20(ie%20on%20their%20home%20computer).%20ServiceNow's%20MFA%20is%20not%20user%20friendly.%20Do%20you%20know%20if%20we%20can%20use%20Intune%20for%20this%3F%20Currently%2C%20SN%20uses%20our%20on-prem%20Active%20Directory%20for%20Authentication.%20I%20heard%20Azure%20AD%20could%20possibly%20be%20used%20for%20SN%20MFA%2C%20but%20I%20am%20not%20sure%20if%20that%20is%20possible.%3C%2FP%3E%3CP%3EAny%20help%2Fsuggestions%20that%20you%20have%20would%20be%20appreciated.%3C%2FP%3E%3CP%20class%3D%22x-hidden-focus%22%3EThanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1315559%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1315587%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20or%20Azure%20for%20MFA%20with%20ServiceNow%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1315587%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F626069%22%20target%3D%22_blank%22%3E%40jtw1228%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERequiring%20MFA%20for%20ServiceNow%20has%20nothing%20to%20do%20with%20Intune%2C%20but%20with%20Conditional%20Access.%3C%2FP%3E%3CP%3EIf%20you%20authenticate%20ServiceNow%20to%20Azure%20Active%20Directory%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fservicenow-tutorial%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Etutorial%3C%2FA%3E)%2C%20you%20could%20configure%20a%20Conditional%20Access%20policy%20to%20require%20MFA%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fbs-latn-ba%2Fazure%2Factive-directory%2Fconditional-access%2Fhowto-conditional-access-policy-all-users-mfa%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Etutorial%3C%2FA%3E).%20You%20can%20select%20the%20'ServiceNow'%20cloud%20app%20in%20the%20Conditional%20Access%20policy%2C%20this%20would%20make%20sure%20that%20users%20only%20need%20to%20do%20MFA%20when%20they%20go%20to%20ServiceNow.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316832%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20or%20Azure%20for%20MFA%20with%20ServiceNow%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316832%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F186539%22%20target%3D%22_blank%22%3E%40Thijs%20Lecomte%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20very%20much%20for%20your%20response.%20This%20is%20very%20helpful.%20Others%20have%20said%20that%20Intune%20would%20be%20used%20for%20the%20SN%20MFA%2C%20but%20that%20does%20not%20sound%20like%20it%20is%20correct.%20We%20would%20need%20to%20use%20Azure%20AD%20for%20this%20functionality.%20If%20this%20is%20incorrect%2C%20please%20let%20me%20know.%20Thanks%20again.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1318142%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20or%20Azure%20for%20MFA%20with%20ServiceNow%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1318142%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20are%20correct%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello. We will soon switch over to Intune for our Mobil Device Management (we currently use Centrify). We also use ServiceNow(SN) for incident management. We would like require MFA when users Log into SN from outside of our network (ie on their home computer). ServiceNow's MFA is not user friendly. Do you know if we can use Intune for this? Currently, SN uses our on-prem Active Directory for Authentication. I heard Azure AD could possibly be used for SN MFA, but I am not sure if that is possible.

Any help/suggestions that you have would be appreciated.

Thanks in advance.

3 Replies
Highlighted
Best Response confirmed by jtw1228 (New Contributor)
Solution

Hi @jtw1228 

 

Requiring MFA for ServiceNow has nothing to do with Intune, but with Conditional Access.

If you authenticate ServiceNow to Azure Active Directory (tutorial), you could configure a Conditional Access policy to require MFA (tutorial). You can select the 'ServiceNow' cloud app in the Conditional Access policy, this would make sure that users only need to do MFA when they go to ServiceNow.

Highlighted

@Thijs Lecomte 

Thank you very much for your response. This is very helpful. Others have said that Intune would be used for the SN MFA, but that does not sound like it is correct. We would need to use Azure AD for this functionality. If this is incorrect, please let me know. Thanks again.

Highlighted
Hi

You are correct :)