Authentication release notes Authentication enhancements and updates in the Istanbul release. New in the Istanbul release OAuth ServiceNow instances support authorization code grant flow and implicit code flow. Authorization code grant flow gives users access to a resource by authenticating directly with an OAuth server that trusts the resource, instead of authenticating with username/password credentials. Implicit code flow allows the access token to be given directly to the client application. Changed in this release Self-service password reset: The Self Service Password Reset plugin (com.snc.password_reset) and the Password Reset (com.glideapp.password_reset) plugin are active by default for new instances and upgrades. By default, when the user requests a reset, the instance sends the user a URL with a user-specific token. After the user opens the URL, the instance prompts the user to enter and confirm the new password. The instance no longer sends a temporary password by default. Certificate expiration: Notifications for expired (but active) SAML certificates are enabled by default and are configured to be sent to the last three logged in users who have the administrator role. This feature reminds you when SAML certificates are going to expire. The notification is sent at least 20 days before certificate expiration. When a new certificate is associated with an active IdP, the notification is sent to the logged-in user who created the certificate. LDAP: If the LDAP server is down, users who are trying to log in can receive a one-time password to access the instance. This is controlled by the glide.ldap.onetime.password.enabled property, which is enabled by default.