Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Enable automatic user creation

Enable automatic user creation

An administrator can set an email property to automatically create users from incoming email. The administrator provides a list of trusted domains to prevent untrusted users from being automatically created.

Before you begin

Role required: admin

About this task

For example, you can prevent email from users outside your company domain from creating incidents. When an instance receives a message and there is no matching email address from the sender, the instance can create a user with the User ID [sys_user.user_name] set to the sender's full email address.

Users in your instance must still have write and update access to the records that they create or update through inbound email actions.

Table 1. Creating users from incoming email
Value of email.from Variable User ID Created Email Address Name
new.user@company.com new.user@company.com new.user@company.com New User
"New User" <new.user@company.com> new.user@company.com new.user@company.com New User
"User, New" <new.user@company.com> new.user@company.com new.user@company.com New User
"User" <nuser@company.com> nuser@company.com nuser@company.com User

Procedure

  1. Navigate to System Properties > Email Properties.
  2. Select the check box for Automatically create users for incoming email from trusted domains (glide.pop3readerjob.create_caller).
    Automatically creating users
  3. Enter the list of trusted domains in Trusted domains for creating users from incoming emails (glide.user.trusted_domain).
    Trusted domains
    Note: The glide.user.trusted_domain property only prevents user creation if the sender is not from a trusted domain. The system processes the inbound actions of the email as a guest user. If you want the system to ignore these email messages, use the email filters plugin, specifically the "ignore sender" setting. You can also prevent untrusted users from triggering inbound actions by locking out the guest user.
  4. Click Save.
  5. (Optional) Complete the following steps to lock out the guest user.
    1. Navigate to User Administration > Users and select the user guest.
    2. Select the Locked out field to disable the guest account.

What to do next

When the property glide.pop3readerjob.create_caller is set to false, the instance runs inbound actions from users who do not match an existing user by impersonating the guest user.

If the property glide.pop3readerjob.create_caller is set to true, but a user has a valid email address associated with a non-primary device, the instance creates a new user record for that email address if there is no matching email address in the Users [sys_user] table. The instance does not validate non-primary email addresses against the Notification Devices [cmn_notif_device] table.

The method the instance uses to create users can be upgraded to use the full email address by activating the Email Automatic User Creation plugin.

The plugin makes the following changes:
  • Sets the property glide.email.create_userid_from_email to true.
  • Increases the width of the User ID [sys_user.user_name] column to accommodate email addresses.
After activating the plugin, enable automatic user creation from email.
Warning: Review your existing user records to reconcile any that contain identical email addresses. If you activate the plugin prior to reconciling email addresses, your instance cannot distinguish between users with identical email addresses and randomly selects one of the users with the matching email address.

Allowing locked out users to request a password reset

A property is available to allow locked out users to trigger inbound actions. It is used by locked out users who need to reset their password to send email to the instance to ask for assistance.

Table 2. Property allowing locked out users to trigger inbound email actions
Property Description
glide.pop3.process_locked_out Enables (true) or disables (false) the ability for locked out users to trigger inbound actions.
  • Type: true | false
  • Default value: false
  • System Properties [sys_properties] table
Warning: Enabling this property (glide.pop3.process_locked_out) also enables users from untrusted domains to trigger inbound actions.