What are Portal Pages used for?
Some customers may need to make certain pages, such as login pages, publicly accessible. ServiceNow allows administrators to do this by configuring the pages as Public. Once a page is configured as public, non-authenticated users can access it.
Why is this an issue?
Misconfigured service portal pages may grant unauthorized users access to parts of the ServiceNow instance or functionality they should not have. This can result in data breaches and misuse of your ServiceNow instance.
Additionally, such security lapses can undermine the confidentiality, integrity, and availability of clients. Proper configuration and robust access controls are essential to prevent these risks and ensure the secure operation of your ServiceNow instance.
How do I fix it?
To ensure that a portal page is not publicly accessible, make sure the Public field is set to unmarked. To do this:
-
In the Filter Navigator, type and enter sp_page.list.
-
On list view, click on the page that needs to be changed.
-
Unmark the Public field and Save.