Multi-factor authentication is a good way to ensure you know the identity of your users as they not only need a userID and password they also need access to their mobile phone (or tablet), giving you a high level of confidence that they are who they say they are.

The problem is... by default, this page redirects to regular ServiceNow not to the portal. So this is an article showing how to fix that.

There are two ways of solving this dilemma. If you want your Google multi-factor authentication to go directly to the service portal, both of these will work. My preference is the first one, but for people that don't want to change a core UI Page (which will then NEVER be upgraded) the second option might be better.

Option 1: Add a redirect to the UI Page

Open the UI Page called google_auth_setup_page add add the following line to the processing script.

gs.setRedirect("/sp");

If you want to go to some other portal or if you need some logic to redirect to various portals, this is where you should add it.

That's it. That's all you need to do.

Option 2: Use the old CMS redirects

If you have an older version of ServiceNow you may still have the CMS system lingering somewhere in the background. Newer customers won't have this option, but anyone that adopted ServiceNow prior to 2018 should have this enabled (but unused).

The advantage of this approach is if the UI Page is ever updated, you'll get that update. The disadvantage is it's a little convoluted and the user may see a few pages flicker in the background (but only on the first time they use the system)

In essence, the problem is the mfa pages are part of the old content management system (CMS) and so want to redirect there. The workaround I've come up with is to set up a dummy CMS portal that redirects to the service portal.

Step 1: Set up an old style CSM portal

Set up an old style CMS portal to handle the redirect

This can be really sparse (to help with performance). You can use almost any name for the URL suffix, I went with redirecting so if the user sees this flickering in the URL they'll understand something deliberate is happening.

Save and click on Edit Page

Step 2: Add dynamic content

Click on Add Content and select *New Dynamic Content as this will allow us to add a script that redirects immediately to the service portal in a Jelly XML script.

Create a new dynamic content block with the following code.

<?xml version="1.0" encoding="utf-8" ?>
<j:jelly trim="false" xmlns:j="jelly:core" xmlns:g="glide" xmlns:j2="null" xmlns:g2="null">
    <script>
        if(top.location.href.indexOf('content')==-1) top.location.href='/sp'
    </script>
</j:jelly>

You'll notice there's a little logic to only run this when we're not in the content editor (or else it's impossible to ever remove this or alter any other CMS pages)

Now we can set up our multi-factor authentication criteria

Step 3: set up MFA

Create a new role called requires_mfa. All the users you want to use MFA should be part of a group that has this role. Then add that to your Multi-factor Criteria. This will force all users in that particular group to sign up for MFA.

Step 4: Login rule to redirect

Finally, we tie it all together with a CMS login rule to redirect users to the service portal. Simply create a new rule (with the lowest execution order) to push users with this role over to our portal redirect and... voila, your MFA should now take users directly to the service portal

gs.getUser().hasRole('requires_mfa');

My preference is option 1.

Have fun.