Secure your platform
Secure your instance, protect data, and authenticate users:
- Turn on Single Sign On, require basic authentication for SOAP, and disable passwordless authentication
- Limit web service accounts to 10 failed login attempts
- Limit file types that can be downloaded
- Prevent expired CSRF tokens from identifying and validating incoming requests
×
![]()
×
![]()
Protect against data leakage
A misconfigured ServiceNow instance can increase risks of data leakage — take these steps to prevent that risk:
- Require basic authentication before users can download Excel files, PDFs, and XML files
- Disable ability to expose modules to public without a password
- Disable access to attachments by unauthorized users
Prevent malware from entering ServiceNow
Confirm that files stored within ServiceNow are free from malware:
- Set escape XML to false to prevent foreign scripts attacks
- Restrict dangerous file extensions from being uploaded and downloaded into and out of ServiceNow
- Enable usage of CSRF token to prevent cross-site forgery attacks
×
![]()
×
![]()
Secure mobile devices
Secure data appearing on mobile devices:
- Enable mobile app blurring when the app is not in focus
- Blur screenshots taken when the app is in the background
