Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
User Records are being Created by the "guest" User - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • User Records are being Created by the "guest" User
KB0683896

User Records are being Created by the "guest" User


12202 Views Last updated : Jun 7, 2023 public Copy Permalink English (Original)
  • English (Original)
  • Japanese
KB Summary by Now Assist

Issue

There are several user records that look to have been Created by the "guest" account.

(Note article is specifically for the "Created by" guest account issue, if you are experiencing the issue with the guest user and the "Updated by" field, see:  User Records are Being Updated by the "guest" User)

Release

This occurs in all releases.

Cause

User records are being automatically created from emails when property "glide.email.create_userid_from_email" is set to true or "glide.pop3readerjob.create_caller" is set to true. If the system does not recognize the incoming email, or they are not from an approved domain, the inbound actions are processed under the guest account.

Additionally, if an instance has SAML enabled or LDAP imports, there is a mechanism by which user accounts can be auto-provisioned, which is also completed through the guest account. If these properties are set to true, users will be auto-provisioned in the system, "glide.ldap.user.autoprovision" and "glide.authenticate.multisso.user.autoprovision".

Resolution

If the property "glide.pop3readerjob.create_caller" is set to true, user accounts are automatically created from emails. Admins can specify the approved domains user accounts should be created from with property "glide.user.trusted_domain". There is a note about these two properties in our product documentation:

"NOTE: The glide.user.trusted_domain property only prevents user creation if the sender is not from a trusted domain. The system processes the inbound actions of the email as a guest user. If you want the system to ignore these email messages, use the email filters plugin, specifically the "ignore sender" setting. You can also prevent untrusted users from triggering inbound actions by locking out the guest user. "

When the property "glide.pop3readerjob.create_caller" is set to false, the instance runs inbound actions from users who do not match an existing user by impersonating the guest user.

The "glide.email.create_userid_from_email" property was introduced into the system with the Email Automatic User Creation plugin. The property is described as follows: 

"When set to true, causes new users to be created with a UserID that matches their email address instead of firstname.lastname. This helps create unique UserIDs when two users with the same name send emails to an instance. Also changes the behavior of gs.createUser() to match the entire email address of the user (including the domain name), instead of just the first part of the email in front of the @-sign." 
 
You can read about this functionality at the following documentation: Enable Automatic User Creation:
 
 
----

 

To disable the SAML Auto Provisioning process, admins can un-check the "Enable Auto importing of users from all identity providers into the user table" on the Multi-Provider SSO > Properties page, as well as the "Auto Provisioning User" checkbox found on each Identity Provider page. It is important to note that the SAML Auto Provisioning process can only be disabled if you are utilizing a separate LDAP import system for your users. If you are relying upon the SSO process to create your users and do not have a separate LDAP import process, you will need to leave these boxes checked. 
SAML Automatic User Provisioning documentation - Administer SAML user provisioning
 
 
For the LDAP import process, users are auto-provisioned with "glide.ldap.user.autoprovision" set to true and "glide.ldap.authentication" is set to true.
LDAP Automatic User Provisioning documentation  - Auto Provision LDAP users
 
 
----
 
To verify how the guest account is creating your sys_user records, please check the above-mentioned properties, as all four of them allow for automatic user record creation in the system which will cause some user records to show "Created by guest".:
-glide.pop3readerjob.create_caller
-glide.email.create_userid_from_email
-glide.ldap.user.autoprovision
-glide.authenticate.multisso.user.autoprovision
 

The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.