Installed with Password Reset

Tables, roles, business rules, scripts, and workflows are installed with the Password Reset application.

Table 1. Password Reset tables
Table name Description
Password Reset Active Answer

[pwd_active_answer]

Security questions and associated answers, in an encrypted state, that users have selected while going through the enrollment process.
Password Reset Active Question

[pwd_active_question]

Security questions that users have selected while going through the enrollment process.
Password Reset Activity Log

[pwd_reset_activity]

All Password Reset requests.
Password Reset Activity Monitor

[pwd_activity_monitor]

Password Reset lockout activity.
Password Reset Credential Store

[pwd_cred_store]

Password Reset credential stores that are available.
Password Reset Credential Store Parameters

[pwd_cred_store_param]

User-created credential store parameters.
Password Reset Credential Store Types

[pwd_cred_store_type]

Password Reset credential store types that are available.
Password Reset Device Enrollment Code

[pwd_dvc_enrollment_code]

Device enrollment codes that have been sent to users during SMS code enrollment.
Password Reset Devices

[pwd_device]

User SMS devices that are in a state of verified.
Password Reset Enrollment for Verification

[pwd_enrollment]

Information about user enrollment by verification.
Password Reset Enrollment Snapshot

[pwd_enrollment_snapshot]

Snapshot of user enrollment by verification. This table is regenerated daily by a scheduled job named Password Reset Enrollment Snapshot.
Password Reset Extension Type

[pwd_extension_type]

Extension types that are available.
Password Reset Identification Type

[pwd_identification_type]

Password Reset identification types that are available.
Password Reset Process

[pwd_process]

Password Reset processes that are available.
Password Reset Process Credential Store

[pwd_map_proc_to_cred_store]

Credential stores and the associated Password Reset processes that the application is using.
Password Reset Process User Group

[pwd_map_proc_to_group]

Groups and the associated Password Reset processes that the application is using.
Password Reset Process Verification

[pwd_map_proc_to_verification]

Verifications and the associated Password Reset processes that the application is using.
Password Reset Question

[pwd_question]

Questions that the application uses for security question verifications.
Password Reset Request

[pwd_reset_request]

Information about Password Reset requests.
Password Reset SMS Verification Code

[pwd_sms_code]

SMS verification codes that have been sent to users for a password reset.
Password Reset User Lockout

[pwd_user_lockout]

Users that are locked out of Password Reset.
Password Reset Verification

[pwd_verification]

Verifications that are available.
Password Reset Verification Param

[pwd_verification_param]

User-created verification parameters.
Password Reset Verification Type

[pwd_verification_type]

Password Reset verification types that are available.

Password Reset roles

Role Description
password reset administrator 

[password_reset_admin]

Configures and maintains Password Reset and Password Change.
service desk agent 

[password_reset_service_desk]

Resets passwords on behalf of users, tracks password reset requests, and views logs.
credentials manager 

[password_reset_credential_manager]

Determines which credential stores are valid for use with Password Reset.

Password Reset business rules

Business rule Table Description
Verify Account Lookup Script Password Reset Credential Store

[pwd_cred_store]

Checks whether the account lookup script has the correctly named function.
Prevent against deletion Password Reset Credential Store

[pwd_cred_store]

Checks whether the credential store is part of an active process before allowing deletion.
Send SMS code Password Reset Device Enrollment Code

[pwd_dvc_enrollment_code]

Sends an enrollment code to a device.
Prevent against deletion Password Reset Identification Type

[pwd_identification_type]

If an identification type is part of an active process, prevents the identification type from being deleted.
Single credential store per process Password Reset Process Credential Store

[pwd_map_proc_to_cred_store]

Prevents having more than one credential store per process.
Deactivate process with no group Password Reset Process User Group

[pwd_map_proc_to_group]

Deactivates the process if it does not apply to all users or if the groups associated with it are removed.
Check unique verifications Password Reset Process Verification

[pwd_map_proc_to_verification]

Prevents a verification from being assigned multiple times to a specific Password Reset process.
Deactivate process with no verification Password Reset Process Verification

[pwd_map_proc_to_verification]

Deactivates the process if the verifications associated with it are removed.
Password Reset Validate Auto-generate Password Reset Process

[pwd_process]

Checks that either Email password or Display password is selected when the Auto-generate password check box is selected.
Validate Process Password Reset Process

[pwd_process]

Verifies that a Password Reset process is configured correctly.
Update proc_to_cred_store Password Reset Process

[pwd_process]

Enforces a one-to-one relation between a Password Reset process and a credential store.
Set new record flag Password Reset Process

[pwd_process]

Sets a new record flag for the client to take appropriate action.
Validate Security Question Password Reset Question

[pwd_question]

Validates rules for security questions such as no duplicates or empty questions.
Password Reset Activity Monitor Password Reset User Lockout

[pwd_user_lockout]

Creates an event when the number of users locked out of Password Reset during a specific interval exceeds the threshold value.
Add default parameters QA verification Password Reset Verification

[pwd_verification]

If no parameters for Security Question verifications are specified, generates parameters.
Add params personal confirm verification Password Reset Verification

[pwd_verification]

If there are no parameters specified, generates personal data confirmation verifications parameters.
Add params personal verification Password Reset Verification

[pwd_verification]

If there are no parameters specified, generates parameters for personal data verification.
Prevent against deletion Password Reset Verification

[pwd_verification]

If the verification is part of an active process, prevents it from being deleted.
Add default parameters SMS verification Password Reset Verification

[pwd_verification]

If there are no parameters specified, generates SMS code verifications parameters.
Parameter Names Cannot Be Updated Password Reset Verification Param

[pwd_verification_param]

Prevents parameter name changes.
Personal Data Param Validation Password Reset Verification Param

[pwd_verification_param]

Checks that a column exists in the sys_user table for the parameter used in a personal data verification.
Security Questions Param Validation Password Reset Verification Param

[pwd_verification_param]

Checks for valid parameters in security question verifications.
Personal Data Confirm Param Validation Password Reset Verification Param

[pwd_verification_param]

Checks that a column exists in the sys_user table for the parameter used in a personal data confirmation verification.
SMS Code Param Validation Password Reset Verification Param

[pwd_verification_param]

Checks for valid parameters in SMS code verifications.
VerifyAutoEnroll Password Reset Verification Type

[pwd_verification_type]

Checks whether auto-enroll is selected and ensures that an enrollment check script is provided.

Password Reset UI macros

Name Description
$pwd_enrollment_form_title Jelly macro function that prints the title for the enrollment form. A verification ID is mandatory.
$pwd_enroll_questions_ui UI for question and answer security validation enrollment.
$pwd_enroll_questions_ui_js JavaScript code that requires server-side data for security question and answer enrollment.
$pwd_enroll_sample_ui Sample UI macro for enrollment for Mock Verification Type.
$pwd_enroll_sms_ui UI for SMS verification enrollment.
$pwd_verify_personal_data_confirmation_ui UI for verifying personal data confirmation.
$pwd_verify_personal_data_ui UI for verifying personal data.
$pwd_verify_questions_ui UI for verifying questions.
$pwd_verify_simple_ui Input section for a simple verification method. This field is a single input field.
$pwd_verify_sms_ui UI for SMS verification.

UI scripts installed with Password Reset

You can create a UI script and reference the script from a UI macro or UI page by using a <g:include_script> Jelly tag. For example, the following shows how the pwd_enroll_questions_ui UI macro can reference the pwd_enroll_questions_ui script. In the example, [UI Script Name]+".jsdbx" is the name of the script:
<g:include_script src="pwd_enroll_questions_ui.jsdbx" />
By referencing an external script, you can maintain separation between client JavaScript code and Jelly code, which simplifies maintenance. You can use the following installed scripts with Password Reset UI macros:
Name Description
$pwdWfManager Helper class to handle workflow activities and post-processing.
$pwd_csrf_common_ui_script Common UI script for handling a Cross-site Request Forgery (CSRF).
$pwd_enrollment_submit_event UI script for an enrollment submission event.
$pwd_enroll_questions_ui JavaScript code for the pwd_enroll_questions_ui UI macro.
$pwd_enroll_sample_ui Included sample client JavaScript for the pwd_enroll_sample_ui UI macro.
$pwd_enroll_sms_ui SMS enrollment UI script.

Password Reset workflows

The Password Reset plugin adds workflows that you can use as examples to create custom workflows for Password Reset processes.
Table 2. Workflows that connect to a credential stores
Workflow Description
Pwd Reset - Local ServiceNow Current (local) instance.
Pwd Reset - Master Password Reset master workflow.
Pwd Reset - Mock Fatal Example workflow to use in Password Reset testing to simulate a fatal error. No retries.
Pwd Reset - Mock Non Fatal Example workflow to use in Password Reset testing to simulate a non-fatal error.
Pwd Reset - Mock Success Example workflow to use in Password Reset testing to simulate a successful completion.
Table 3. Workflows that test the connection to a credential store
Workflow Description
Pwd Connection Test - Local SN Tests connection to local instance.
Pwd Connection Test - Master Master workflow to test credential store connectivity.
Pwd Connection Test - Mock Failure Example credential store connection test that simulates a failed connection.
Pwd Connection Test - Mock Success Example credential store connection test that simulates a successful connection.
Table 4. Workflows that determine the lock state of a user account
Workflow Description
Pwd Get Lock State - Local SN Workflow to get a user account lock state for the local instance.
Pwd Get Lock State - Master Master workflow to get a user account lock state.
Table 5. Workflows that unlock a user account
Workflow Description
Pwd Unlock Account - Local SN Workflow to unlock a user account for a local instance.
Pwd Unlock Account - Master Master workflow to unlock a user account.

SOAP messages for Password Reset

SOAP Message Description
Change Password When the Orchestration Add-on plugin is active, the system can use the SOAP protocol to change passwords on remote credential stores such as a remote ServiceNow instance.
Password Reset Request When the Orchestration Add-on plugin is active, the system can use the SOAP protocol to reset passwords on remote credential stores such as a remote ServiceNow instance.