Password Reset and Password Change applications

The ServiceNow® Password Reset application enables an end user to use a self-service process to reset the password. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users.

Watch the video: Introducing Password Reset (Video)

Password Reset processes

Users with the password_reset_admin role can configure one or more of the following types of password reset process:
  • Self-service process: Users reset passwords over the Internet using a browser on any supported interface, including mobile devices.
  • Service desk-assisted process: A user requests the assistance of a service desk agent, over the phone or in person. Users do not reset passwords.

Elements of a password reset process

Elements of a password reset process
  • A credential store where user credentials (like username/password) are securely stored.
  • One or more user groups on the ServiceNow instance that can use the password reset process.
  • One or more verifications—methods to verify the identity of the person who is attempting to reset the password. Examples:
    • Answer a question that only the user knows how to answer. This verification is called the QA Verification and is based on the Personal Data verification type.
    • Respond to the system with a code number that is sent to a pre-authorized SMS-capable device like a cellular phone or tablet. This verification is called the SMS Verification and is based on the SMS Code verification type.

Implementing a password reset process

  • Plan your implementation: Ensure that all applicable organizational guidelines, security policies, and areas of the organization are considered.
  • Set up the password reset and password change processes according to the plan.
  • In the service desk-assisted model, service desk agents monitor and reset passwords as needed.
  • Monitor password reset activity to identify security threats and to ensure compliance with the password policy requirements of the organization.

Password Reset Windows Application

If a user forgets the password or gets locked out of their Windows computer, the user can reset the password directly from the Windows login screen. The user clicks the Forgot Password? link and is then guided through the process of resetting the password. Learn more on the ServiceNow Knowledge Base. If you do not have access, contact your ServiceNow administrator.

Domain separation

A password reset process that you define in any domain is isolated from a process that you create in any other domain.

  • Password Reset Admin service desk roles.
  • sys-overides column on process tables (business rules, UI actions, and so on).
  • unique constraints on names within a domain.
  • domain column in all Password Reset tables.
Limitations: The Password Reset application is built using Orchestration. Orchestration does not fully support domain separation.

Password Reset Orchestration Add-on

You can subscribe to the Password Reset Orchestration Add-on plugin (com.glideapp.password_reset.addon.orchestration), to add support for using Active Directory and other credential store types. Orchestration is available as a separate subscription.

Password Change application

The Password Change application extends the Password Reset application by letting admins define how users change their passwords. Only a self-service process is supported and an admin must publish the URL to the password change form.
  1. The user logs in to the instance and then selects the Change Password module or link from the user profile record.
  2. On the Change Password page, the user selects the credential store where the password resides.
  3. The user enters the old password and then enters and confirms a new password.
  4. Workflows validate the old password and then implement the new password.
  5. The system notifies the user that the password was changed.