This one's pretty cool for infosec geeks. ServiceNow now allows you to limit the number of concurrent interactive sessions for a given user, OR for a given role! This means that if you've set the limit to, say, one concurrent session for all users, and a user tries to log in simultaneously from two different browsers (like Chrome and IE, or Chrome and Chrome Incognito mode), it will log out their previous session.

I'm hoping that they'll soon add an option to choose whether it logs out your previous session, or denies access to the new session, but for now that's not included. Still though, this is a pretty cool new feature in the Jakarta release.

In order for this functionality to be available, you'll need to enable the Limit concurrent sessions plugin, which installs two system properties: glide.authenticate.max.concurrent.interactive.sessions, and glide.authenticate.limit.concurrent.interactive.sessions. The former (max.concurrent.interactive.sessions) sets the maximum number of sessions, whereas the latter (limit.concurrent.interactive.sessions) is a boolean that switches the feature on or off altogether.

The session limit works with all authentication methods, including LDAP and SAML, and also works with MFA (multi-factor auth) sessions. It does not however (yet) work with the native mobile app. It will work with a mobile web-browser session, though.

Unfortunately, you can only have one "limit" number. You cannot, for example, set the 'itil' role to maximum 50 concurrent sessions, and limit a specific user, or another role, to only 2.

You should also be aware that once you've activated the plugin, the feature is still disabled. By default, you must manually set the glide.authenticate.limit.concurrent.interactive.sessions property to true. Once that's done, you'll still need to add the Limit Concurrent Sessions field to the sys_user (and potentially sys_user_role) form like so: