Installed with Password Reset

Tables, roles, business rules, scripts, and workflows are installed with the Password Reset application.

Table 1. Password Reset tables
Table name Description
Password Reset Active Answer

[pwd_active_answer]

Security questions and associated answers, in an encrypted state, that users have selected while going through the enrollment process.
Password Reset Active Question

[pwd_active_question]

Security questions that users have selected while going through the enrollment process.
Password Reset Activity Log

[pwd_reset_activity]

All Password Reset requests.
Password Reset Activity Monitor

[pwd_activity_monitor]

Password Reset lockout activity.
Password Reset Credential Store

[pwd_cred_store]

Password Reset credential stores that are available.
Password Reset Credential Store Parameters

[pwd_cred_store_param]

User-created credential store parameters.
Password Reset Credential Store Types

[pwd_cred_store_type]

Password Reset credential store types that are available.
Password Reset Desktop Access Control

[pwd_access_control]

Password Reset Windows Application access control.
Password Reset Desktop Access Log

[pwd_access_log]

Password Reset Windows Application access logs.
Password Reset Device Enrollment Code

[pwd_dvc_enrollment_code]

Device enrollment codes that have been sent to users during SMS code enrollment.
Password Reset Devices

[pwd_device]

User SMS devices that are in a state of verified.
Password Reset Enrollment for Verification

[pwd_enrollment]

Information about user enrollment by verification.
Password Reset Enrollment Snapshot

[pwd_enrollment_snapshot]

Snapshot of user enrollment by verification. This table is regenerated daily by a scheduled job named Password Reset Enrollment Snapshot.
Password Reset Extension Type

[pwd_extension_type]

Extension types that are available.
Password Reset Identification Type

[pwd_identification_type]

Password Reset identification types that are available.
Password Reset Process

[pwd_process]

Password Reset processes that are available.
Password Reset Process Credential Store

[pwd_map_proc_to_cred_store]

Credential stores and the associated Password Reset processes that the application is using.
Password Reset Process User Group

[pwd_map_proc_to_group]

Groups and the associated Password Reset processes that the application is using.
Password Reset Process Verification

[pwd_map_proc_to_verification]

Verifications and the associated Password Reset processes that the application is using.
Password Reset Question

[pwd_question]

Questions that the application uses for security question verifications.
Password Reset Request

[pwd_reset_request]

Information about Password Reset requests.
Password Reset SMS Verification Code

[pwd_sms_code]

SMS verification codes that have been sent to users for a password reset.
Password Reset User Lockout

[pwd_user_lockout]

Users that are locked out of Password Reset.
Password Reset Verification

[pwd_verification]

Verifications that are available.
Password Reset Verification Param

[pwd_verification_param]

User-created verification parameters.
Password Reset Verification Type

[pwd_verification_type]

Password Reset verification types that are available.

Password Reset roles

Role Description
password reset administrator 

[password_reset_admin]

Configures and maintains Password Reset and Password Change.
service desk agent 

[password_reset_service_desk]

Resets passwords on behalf of users, tracks password reset requests, and views logs.
credentials manager 

[password_reset_credential_manager]

Determines which credential stores are valid for use with Password Reset.

Password Reset business rules

Business rule Table Description
Add default parameters QA verification Password Reset Verification

[pwd_verification]

If no parameters for Security Question verifications are specified, generates parameters.
Add default parameters SMS verification Password Reset Verification

[pwd_verification]

If there are no parameters specified, generates SMS code verifications parameters.
Add params personal confirm verification Password Reset Verification

[pwd_verification]

If there are no parameters specified, generates personal data confirmation verifications parameters.
Add params personal verification Password Reset Verification

[pwd_verification]

If there are no parameters specified, generates parameters for personal data verification.
Check unique verifications Password Reset Process Verification

[pwd_map_proc_to_verification]

Prevents a verification from being assigned multiple times to a specific Password Reset process.
Clear parameters for Mock verification Password Reset Verification

[pwd_verification]

Clears parameters for the Mock verification.
Deactivate process with no group Password Reset Process User Group

[pwd_map_proc_to_group]

Deactivates the process if it does not apply to all users or if the groups associated with it are removed.
Deactivate process with no min ver Password Reset Process Verification

[pwd_map_proc_to_verification]

Deactivates the process if the verifications associated with the process are less than the minimum value for the process.
Deactivate process with no verification Password Reset Process Verification

[pwd_map_proc_to_verification]

Deactivates the process if the verifications associated with it are removed.
Google Auth Enabled Check Password Reset Process

[pwd_process]

Deactivates the process with Google Authenticator verification if the Google authenticator is disabled.
Handle req_enroll validation/default val Password Reset Process Verification

[pwd_map_proc_to_verification]

Handles requires_enrollment and auto_enroll values for the process.
Order must be unique Password Reset Desktop Access Control

[pwd_access_control]

Enforces order to be unique.
Parameter Names Cannot Be Updated Password Reset Verification Param

[pwd_verification_param]

Prevents parameter name changes.
Password Reset Activity Monitor Password Reset User Lockout

[pwd_user_lockout]

Creates an event when the number of users locked out of Password Reset during a specific interval exceeds the threshold value.
Password Reset Validate Auto-generate Password Reset Process

[pwd_process]

Checks that either Email password or Display password is selected when the Auto-generate password check box is selected.
Personal Data Confirm Param Validation Password Reset Verification Param

[pwd_verification_param]

Checks that a column exists in the sys_user table for the parameter used in a personal data confirmation verification.
Personal Data Param Validation Password Reset Verification Param

[pwd_verification_param]

Checks that a column exists in the sys_user table for the parameter used in a personal data verification.
Prevent against deletion Password Reset Credential Store

[pwd_cred_store]

Checks whether the credential store is part of an active process before allowing deletion.
Prevent against deletion Password Reset Identification Type

[pwd_identification_type]

If an identification type is part of an active process, prevents the identification type from being deleted.
Prevent against deletion Password Reset Verification

[pwd_verification]

If the verification is part of an active process, prevents it from being deleted.
Prevent against deletion when in use Password Reset Credential Store Types

[pwd_cred_store_type]

Prevents deletion when the type is in use.
Prevent against deletion when in use Password Reset Verification Type

[pwd_verification_type]

Prevents deletion when the type is in use.
Security Questions Param Validation Password Reset Verification Param

[pwd_verification_param]

Checks for valid parameters in security question verifications.
Send SMS code Password Reset Device Enrollment Code

[pwd_dvc_enrollment_code]

Sends an enrollment code to a device.
Set new record flag Password Reset Process

[pwd_process]

Sets a new record flag for the client to take appropriate action.
Send SMS Verification Code Via Notify

Password Reset SMS Verification Code

[pwd_sms_code]

Sends out SMS authentication code via Notify if the Notify plugin is active.
Single credential store per process Password Reset Process Credential Store

[pwd_map_proc_to_cred_store]

Prevents having more than one credential store per process.
SMS Code Param Validation Password Reset Verification Param

[pwd_verification_param]

Checks for valid parameters in SMS code verifications.
Update action based on access conditions Password Reset Desktop Access Log

[pwd_access_log]

Updates the “action” field of this log record based on the access control conditions.
Update proc_to_cred_store Password Reset Process

[pwd_process]

Enforces a one-to-one relation between a Password Reset process and a credential store.
Validate Process Password Reset Process

[pwd_process]

Verifies that a Password Reset process is configured correctly.
Validate Pwd Cred Store Name Password Reset Credential Store

[pwd_cred_store]

Enforces the name to be unique.
Validate Pwd Cred Store Type Name Password Reset Credential Store Types

[pwd_cred_store_type]

Enforces the name to be unique.
Validate Pwd Extension Type Name Password Reset Extension Type

[pwd_extension_type]

Enforces the name to be unique.
Validate Pwd Identification Type Name Password Reset Identification Type

[pwd_identification_type]

Enforces the name to be unique and not empty.
Validate Pwd Process Name Password Reset Process

[pwd_process]

Enforces the name to be unique.
Validate Pwd Verification Name Password Reset Verification

[pwd_verification]

Enforces the name to be unique.
Validate Pwd Verification Type Name Password Reset Verification Type

[pwd_verification_type]

Enforces the name to be unique.
Validate Security Question Password Reset Question

[pwd_question]

Validates rules for security questions such as no duplicates or empty questions.
Verify Account Lookup Script Password Reset Credential Store

[pwd_cred_store]

Checks whether the account lookup script has the correctly named function.
VerifyAutoEnroll Password Reset Verification Type

[pwd_verification_type]

Checks whether auto-enroll is selected and ensures that an enrollment check script is provided.

Password Reset UI pages

Name Description
$pwd_reset First page of self-service reset process (asks for user ID).
$pwd_reset_serviceDesk First page of service desk assisted reset process (asks for user ID).
$pwd_verify Second page of reset process (asks user to verify identity).
$pwd_new Last page of password change process (asks for new password).
$pwd_success Page that appears when password is reset successfully.
$pwd_error Page that appears on error during reset process.
$pwd_confirm For processes configured to email password reset URL: After successful verification, this page displays message about sending link to user.
$pwd_change Page for changing password.
$pwd_change_success Page that appears when password is changed successfully.
$pwd_change_error Page that appears on error during password change process.
$pwd_enrollment_form_container Enrollment page for all verifications.
$pwd_enrollment_success Page that appears when enrollment is successful.
$pwd_enroll_error Page that appears when any error happens during enrollment.
$pwd_unlock_success Page that appears when locked user is successfully unlocked.
$pwd_reset_downloads_ui Page for downloading Password Reset Windows Application.

Password Reset UI macros

Name Description
$pwd_csrf_validation CSRF validation for Password Reset Application. If violation is detected, the page will be redirected to the error page.
$pwd_display_password Displays a temporary password on the success page if the process is configured to auto-generate.
$pwd_enroll_questions_ui UI for question and answer security validation enrollment.
$pwd_enroll_questions_ui_js JavaScript code that requires server-side data for security question and answer enrollment.
$pwd_enroll_sample_ui Sample UI macro for enrollment for Mock Verification Type.
$pwd_enroll_sms_ui and $pwd_verify_sms_ui UI for SMS enrollment and verification.
$pwd_enrollment_form_title Jelly macro function that prints the title for the enrollment form. A verification ID is mandatory.
$pwd_error_message UI for displaying error messages.
$pwd_process_flow UI for indicating current stage.
$pwd_process_footer JavaScript code to get the footer macro name.
$pwd_verify_personal_data_ui and $pwd_verify_personal_data_confirmation_ui UI for verifying personal data and for confirming personal data.
$pwd_verify_questions_ui UI for verifying questions.
$pwd_verify_simple_ui Input section for a simple verification method. This field is a single input field.

UI scripts installed with Password Reset

You can create a UI script and reference the script from a UI macro or UI page by using a <g:include_script> Jelly tag. The following example shows how the $pwd_enroll_questions_ui UI macro can reference the $pwd_enroll_questions_ui script. In the example, [UI Script Name]+".jsdbx" is the name of the script:
<g:include_script src="$pwd_enroll_questions_ui.jsdbx" />
By referencing an external script, you can maintain separation between client JavaScript code and Jelly code, which simplifies maintenance. You can use the following installed scripts with Password Reset UI macros:
Name Description
$pwd_csrf_common_ui_script Common UI script for handling a Cross-site Request Forgery (CSRF).
$pwd_enroll_questions_ui JavaScript code for the $pwd_enroll_questions_ui UI macro.
$pwd_enroll_sample_ui Included sample client JavaScript for the $pwd_enroll_sample_ui UI macro.
$pwd_enroll_sms_ui SMS enrollment UI script.
$pwd_enrollment_submit_event UI script for an enrollment submission event.
$pwdWfManager Helper class to handle workflow activities and post-processing.

Password Reset workflows

The Password Reset plugin adds workflows that you can use as examples to create custom workflows for Password Reset processes.
Table 2. Workflows that connect to a credential stores
Workflow Description
Pwd Reset - AD Connects to an AD server.
Pwd Reset - Local ServiceNow Current (local) instance.
Pwd Reset - Master Password Reset master workflow.
Pwd Reset - Mock Fatal Example workflow to use in Password Reset testing to simulate a fatal error. No retries.
Pwd Reset - Mock Non Fatal Example workflow to use in Password Reset testing to simulate a non-fatal error.
Pwd Reset - Mock Success Example workflow to use in Password Reset testing to simulate a successful completion.
Pwd Reset - Remote ServiceNow Connects to a remote(SOAP) ServiceNow instance.
Table 3. Workflows that test the connection to a credential store
Workflow Description
Pwd Connection Test - AD Tests connection to an AD server.
Pwd Connection Test - Local SN Tests connection to local instance.
Pwd Connection Test - Master Master workflow to test credential store connectivity.
Pwd Connection Test - Mock Failure Example credential store connection test that simulates a failed connection.
Pwd Connection Test - Mock Success Example credential store connection test that simulates a successful connection.
Pwd Connection Test - Remote SN Tests connection to a remote(SOAP) ServiceNow instance.
Table 4. Workflows that determine the lock state of a user account
Workflow Description
Pwd Get Lock State - AD Gets a user account lock state for the AD server.
Pwd Get Lock State - Local SN Workflow to get a user account lock state for the local instance.
Pwd Get Lock State - Master Master workflow to get a user account lock state.
Pwd Get Lock State - Remote SN Gets a user account lock state for the remote(SOAP) ServiceNow instance.
Table 5. Workflows that unlock a user account
Workflow Description
Pwd Unlock Account – AD Unlocks a user account for a local instance.
Pwd Unlock Account - Local SN Workflow to unlock a user account for a local instance.
Pwd Unlock Account - Master Master workflow to unlock a user account.
Pwd Unlock Account – Remote SN Unlocks a user account for a remote(SOAP) ServiceNow instance.
Table 6. Workflows that change a password
Workflow Description
Pwd Change - Master Password change master workflow.
Pwd Change – Local ServiceNow Connects to a local instance to change a password.
Pwd Change – AD Connects to an AD server to change a password.
Pwd Change – Remote ServiceNow Connects to a remote(SOAP) ServiceNow instance to change a password.

Password Reset notifications

Name Fired by event name Description
Password Reset – Send SMS Code pwd.send_sms_code.trigger Sends out SMS authentication code for verification.
Password Reset - New Password Confirmation pwd.email.trigger For the Email Password process, sends an email that includes the new password.
Password Reset URL password.reset.url For the Email Password Reset URL process: Sends email that includes a link to the password reset URL.

SOAP messages for Password Reset

SOAP Message Description
Change Password When the Orchestration Add-on plugin is active, the system can use the SOAP protocol to change passwords on remote credential stores such as a remote ServiceNow instance.
Password Reset Request When the Orchestration Add-on plugin is active, the system can use the SOAP protocol to reset passwords on remote credential stores such as a remote ServiceNow instance.

REST API

Name: Pwd Reset

API ID: pwd_reset

Base API path: /api/now/pwd_reset

Table 7. Resources (Version v1)
Name Resource path API Version Description
pwd_init /api/now/v1/pwd_reset/init v1 Initial request to establish session, write logs, and fetch UI messages.
pwd_identify /api/now/v1/pwd_reset/identify v1 Get identification page components.
pwd_verify /api/now/v1/pwd_reset/verify v1 Get verification page components.
pwd_new /api/now/v1/pwd_reset/reset v1 Get resetting password page components.
pwd_success /api/now/v1/pwd_reset/success v1 Get success page components.
pwd_failure /api/now/v1/pwd_reset/failure v1 Get failure page components.