Password Reset release notes

ServiceNow® Password Reset application enhancements and updates in the Helsinki release.

Activation information

Password Reset is available as a separate subscription from the rest of the ServiceNow platform and requires the Password Reset plugin. The plugin activates related plugins if they are not already active and includes example verifications. For more information, contact your ServiceNow account representative.

New in the Helsinki release

Optional verifications for self-service password reset
You can specify that a particular type of verification is required or is not required for a user set. Use the Apply to all users setting on the Process form.
Strengthened verification with required verification count
You can require users to perform a minimum number of verifications when attempting to reset a password. Use the Number of security questions required during the password reset request property setting.
More flexible and capable SMS verification option
Users can enroll for SMS verification using ServiceNow Notify via Twilio SMS Messaging. Notify is a fast, configurable, and reliable way to deliver SMS messages. Notify supports international phone numbers and does not require an SMS service provider. See Use NotifyNow to send SMS codes for enrollment and verification.
Domain separation
The Password Reset application enforces absolute domain separation, enabling you to customize business process definitions and user interfaces for each domain. You still have the flexibility to maintain global processes and global reporting in a single instance.
Support for Active Directory domain history policies
Active Directory domains can be configured to include a history policy that ensures that users do not reuse passwords. The Microsoft Reset Password APIs do not currently honor AD domain history policies. To resolve the issue and honor the policy, ServiceNow created the Enforce history policy option that performs a reset and then a change. The process effectively changes the password two times in AD, and the history records both changes. See the Enforce history policy option in Configure and test the Password Reset connection to a credential store.

Changed in this release

  • Improved verification experience for mobile: Improved password reset experiences for mobile, tablet, and desktop with single-page verification actions that eliminate scrolling, clicks, and line breaks.