Installed with Password Reset
- UpdatedJan 30, 2025
- 12 minutes to read
- Yokohama
- Password Reset Application
Tables, roles, business rules, scripts, and workflows are installed with the Password Reset application.
Password Reset tables
| Table name | Description |
|---|---|
| Password Reset Active Answer [pwd_active_answer] |
Security questions and associated answers, in an encrypted state, that users selected while going through the enrollment process. |
| Password Reset Active Question [pwd_active_question] |
Security questions that users selected while going through the enrollment process. |
| Password Reset Activity Log [pwd_reset_activity] |
All Password Reset requests. |
| Password Reset Activity Monitor [pwd_activity_monitor] |
Password Reset lockout activity. |
| Password Reset Credential Store [pwd_cred_store] |
Password Reset credential stores that are available. |
| Password Reset Credential Store Parameters
[pwd_cred_store_param] |
User-created credential store parameters. |
| Password Reset Credential Store Types [pwd_cred_store_type] |
Password Reset credential store types that are available. |
| Password Reset Desktop Access Control [pwd_access_control] |
Password Reset Windows Application access control. |
| Password Reset Desktop Access Log [pwd_access_log] |
Password Reset Windows Application access logs. |
| Password Reset Device Enrollment Code [pwd_dvc_enrollment_code] |
Device enrollment codes that were sent to users during SMS code enrollment. |
| Password Reset Devices [pwd_device] |
User SMS devices that are in a state of verified. |
| Password Reset Email Verification Code [pwd_email_code] |
Verification codes that were sent to users via email for password reset or email address enrollment. |
| Password Reset Enrollment for Verification [pwd_enrollment] |
Information about user enrollment by verification. |
| Password Reset Enrollment Snapshot [pwd_enrollment_snapshot] |
Snapshot of user enrollment by verification. This table is used for the reporting purpose. The Sync Password Reset Enrollment Snapshot Data Monthly scheduled job runs once a month to generate or sync snapshot data in this table. The data, such as sys_user creation or deletion, verification to process creation or deletion, and so on, is synchronized. Password Reset DB listener is used to create or update the data in this table which is managed by the pwd_reset.enable.dbListener property with default value as true. If you’re an admin and want to manually sync the data in this table related to an active process, select Sync Enrollment Snapshot Data on that Password Reset process. You can turn off the data synchronization in this table through the DB listener or the monthly scheduled job by setting the pwd_reset.enable.enrollment_snapshot property to false. Note: Initially, an inactive record is created by the DB listener for a user-verification pair. When the users enrol themselves on the Password Reset Enrolment page, the record becomes active in this table. |
| Password Reset Extension Type [pwd_extension_type] |
Extension types that are available. |
| Password Reset History [pwd_history] |
History of passwords that users reset. |
| Password Reset Identification Type [pwd_identification_type] |
Password Reset identification types that are available. |
| Password Reset Process [pwd_process] |
Password Reset processes that are available. |
| Password Reset Process Credential Store
[pwd_map_proc_to_cred_store] |
Credential stores and the associated Password Reset processes that the application is using. |
| Password Reset Process User Group [pwd_map_proc_to_group] |
Groups and the associated Password Reset processes that the application is using. |
| Password Reset Process Verification
[pwd_map_proc_to_verification] |
Verifications and the associated Password Reset processes that the application is using. |
| Password Reset Question [pwd_question] |
Questions that the application uses for security question verifications. |
| Password Reset Request [pwd_reset_request] |
Information about Password Reset requests. |
| Password Reset Request
Verification [pwd_map_request_to_verification] |
Password reset requests and the associated verification that the application is using. |
| Password Reset SMS Verification Code [pwd_sms_code] |
SMS verification codes that were sent to users for a password reset. |
| Password Reset User Lockout [pwd_user_lockout] |
Users that are locked out of Password Reset. |
| Password Reset Verification [pwd_verification] |
Verifications that are available. |
| Password Reset Verification Param [pwd_verification_param] |
User-created verification parameters. |
| Password Reset Verification Type [pwd_verification_type] |
Password Reset verification types that are available. |
Password Reset roles
Note: Only the user with the following roles can have access to Password Reset tables. The deny unless authenticated ACLs restrict access to the Password Reset tables for any unauthenticated role such as public role user.
For more information, see Deny-Unless ACL.
| Role | Description |
|---|---|
| password reset administrator [password_reset_admin] |
Configures and maintains Password Reset and Password Change. |
| service desk agent [password_reset_service_desk] |
Resets passwords on behalf of users, tracks password reset requests, and views logs. |
| credentials manager [password_reset_credential_manager] |
Determines which credential stores are valid for use with Password Reset. |
Password Reset business rules
| Business rule | Table | Description |
|---|---|---|
| Abort if password history limit exceeds | Password Reset Credential Store Parameters [pwd_cred_store_param] |
Prevents setting password history limit that exceeds the value of the
password_reset.history.limit
property. You can set a password reset history value
in the password_reset.history.limit property. This system
property checks the history of previous passwords based on the specified value. By
default, the value is 10. But you can set it based on your organizational
needs. Note: Currently, this property is applicable only to the ServiceNow credential store. |
| Add default parameters QA verification | Password Reset
Verification [pwd_verification] |
If no parameters for Security Question verifications are specified, generates parameters. |
| Add default parameters SMS verification | Password Reset
Verification [pwd_verification] |
If there are no parameters specified, generates SMS code verifications parameters. |
| Add params personal confirm verification | Password Reset
Verification [pwd_verification] |
If there are no parameters specified, generates personal data confirmation verifications parameters. |
| Add params personal verification | Password Reset
Verification [pwd_verification] |
If there are no parameters specified, generates parameters for personal data verification. |
| Check unique verifications | Password Reset Process
Verification [pwd_map_proc_to_verification] |
Prevents a verification from being assigned multiple times to a specific Password Reset process. |
| Clear parameters for Mock verification | Password Reset Verification [pwd_verification] |
Clears parameters for the Mock verification. |
| Deactivate process with no group | Password Reset Process
User Group [pwd_map_proc_to_group] |
Deactivates the process if it does not apply to all users or if the groups associated with it are removed. |
| Deactivate process with no min ver | Password Reset Process
Verification [pwd_map_proc_to_verification] |
Deactivates the process if the verifications associated with the process are less than the minimum value for the process. |
| Deactivate process with no verification | Password Reset Process
Verification [pwd_map_proc_to_verification] |
Deactivates the process if the verifications associated with it are removed. |
| Delete history passwords if needed | Password Reset Credential Store [pwd_cred_store] |
Deletes history passwords if needed. |
| Enforce password history message | Password Reset Credential Store [pwd_cred_store] |
Passes enforce password history related messages to the client side. |
| Google Auth Enabled Check | Password Reset Process [pwd_process] |
Deactivates the process with Google Authenticator verification if the Google authenticator is disabled. |
| GoogleAuthSysPropertyCheck | Password Reset Process
Verification [pwd_map_proc_to_verification] |
Deactivates the process with the Google Authenticator verification if the Google authenticator is disabled. |
| Handle req_enroll validation/default val | Password Reset Process
Verification [pwd_map_proc_to_verification] |
Handles requires_enrollment and auto_enroll values for the process. |
| Insert/update scheduled job for reminder | Password Reset Process [pwd_process] |
Inserts/updates the scheduled job for enrollment reminder. |
| Order must be unique | Password Reset Desktop Access Control [pwd_access_control] |
Enforces order to be unique. |
| Parameter Names Cannot Be Updated | Password Reset
Verification Param [pwd_verification_param] |
Prevents parameter name changes. |
| Password Reset Activity Monitor | Password Reset User
Lockout [pwd_user_lockout] |
Creates an event when the number of users locked out of Password Reset during a specific interval exceeds the threshold value. |
| Password Reset Validate Auto-generate | Password Reset Process
[pwd_process] |
Checks that either Email/SMS password or Display password is selected when the Auto-generate password check box is selected. |
| Personal Data Confirm Param Validation | Password Reset
Verification Param [pwd_verification_param] |
Checks that a column exists in the sys_user table for the parameter used in a personal data confirmation verification. |
| Personal Data Param Validation | Password Reset
Verification Param [pwd_verification_param] |
Checks that a column exists in the sys_user table for the parameter used in a personal data verification. |
| Prevent against deletion | Password Reset Credential
Store [pwd_cred_store] |
Checks whether the credential store is part of an active process before allowing deletion. |
| Prevent against deletion | Password Reset
Identification Type [pwd_identification_type] |
If an identification type is part of an active process, prevents the identification type from being deleted. |
| Prevent against deletion | Password Reset
Verification [pwd_verification] |
If the verification is part of an active process, prevents it from being deleted. |
| Prevent against deletion when in use | Password Reset Credential Store Types [pwd_cred_store_type] |
Prevents deletion when the type is in use. |
| Prevent against deletion when in use | Password Reset Verification Type [pwd_verification_type] |
Prevents deletion when the type is in use. |
| Queue event if history limit decreases | Password Reset Credential Store Parameters [pwd_cred_store_param] |
Queues the pwd.credStore.history.limit.decrease event if history limit decreases. |
| Security Questions Param Validation | Password Reset
Verification Param [pwd_verification_param] |
Checks for valid parameters in security question verifications. |
| Send SMS code | Password Reset Device
Enrollment Code [pwd_dvc_enrollment_code] |
Sends an enrollment code to a device. |
| Set new record flag | Password Reset Process
[pwd_process] |
Sets a new record flag for the client to take appropriate action. |
| Send SMS Verification Code Via Notify | Password Reset SMS Verification Code [pwd_sms_code] |
Sends out SMS authentication code via Notify if the Notify plugin is active. |
| Single credential store per process | Password Reset Process
Credential Store [pwd_map_proc_to_cred_store] |
Prevents having more than one credential store per process. |
| SMS Code Param Validation | Password Reset
Verification Param [pwd_verification_param] |
Checks for valid parameters in SMS code verifications. |
| Update action based on access conditions | Password Reset Desktop Access Log [pwd_access_log] |
Updates the “action” field of this log record based on the access control conditions. |
| Update proc_to_cred_store | Password Reset Process
[pwd_process] |
Enforces a one-to-one relation between a Password Reset process and a credential store. |
| Validate Process | Password Reset Process
[pwd_process] |
Verifies that a Password Reset process is configured correctly. |
| Validate Pwd Cred Store Name | Password Reset Credential Store [pwd_cred_store] |
Enforces the name to be unique. |
| Validate Pwd Cred Store Type Name | Password Reset Credential Store Types [pwd_cred_store_type] |
Enforces the name to be unique. |
| Validate Pwd Extension Type Name | Password Reset Extension Type [pwd_extension_type] |
Enforces the name to be unique. |
| Validate Pwd Identification Type Name | Password Reset Identification Type [pwd_identification_type] |
Enforces the name to be unique and not empty. |
| Validate Pwd Process Name | Password Reset Process [pwd_process] |
Enforces the name to be unique. |
| Validate Pwd Verification Name | Password Reset Verification [pwd_verification] |
Enforces the name to be unique. |
| Validate Pwd Verification Type Name | Password Reset Verification Type [pwd_verification_type] |
Enforces the name to be unique. |
| Validate Security Question | Password Reset Question
[pwd_question] |
Validates rules for security questions such as no duplicates or empty questions. |
| Verify Account Lookup Script | Password Reset Credential
Store [pwd_cred_store] |
Checks whether the account lookup script has the correctly named function. |
| VerifyAutoEnroll | Password Reset
Verification Type [pwd_verification_type] |
Checks whether auto-enroll is selected and ensures that an enrollment check script is provided. |
Password Reset UI pages
| Name | Description |
|---|---|
| $pwd_reset | First page of self-service reset process (asks for user ID). |
| $pwd_reset_serviceDesk | First page of service desk assisted reset process (asks for user ID). |
| $pwd_verify | Second page of reset process (asks user to verify identity). |
| $pwd_new | Last page of password change process (asks for new password). |
| $pwd_success | Page that appears when password is reset successfully. |
| $pwd_error | Page that appears on error during reset process. |
| $pwd_confirm | For processes configured to email or SMS password reset URL: After successful verification, this page displays message about sending link to user. |
| $pwd_change | Page for changing password. |
| $pwd_change_success | Page that appears when password is changed successfully. |
| $pwd_change_error | Page that appears on error during password change process. |
| $pwd_enrollment_form_container | Enrollment page for all verifications. |
| $pwd_enrollment_success | Page that appears when enrollment is successful. |
| $pwd_enroll_error | Page that appears when any error happens during enrollment. |
| $pwd_unlock_success | Page that appears when locked user is successfully unlocked. |
| $pwd_reset_downloads_ui | Page for downloading Password Reset Windows Application. |
Password Reset UI macros
| Name | Description |
|---|---|
| $pwd_csrf_validation | CSRF validation for Password Reset Application. If violation is detected, the page will be redirected to the error page. |
| $pwd_display_password | Displays a temporary password on the success page if the process is configured to auto-generate. |
| $pwd_enroll_email_ui and $pwd_verify_email_ui | UI for email enrollment and verification. |
| $pwd_enroll_google_auth_ui and $pwd_verify_google_auth_ui | UI for Google Authentication enrollment and verification. |
| $pwd_enroll_questions_ui | UI for question and answer security validation enrollment. |
| $pwd_enroll_questions_ui_js | JavaScript code that requires server-side data for security question and answer enrollment. |
| $pwd_enroll_sample_ui | Sample UI macro for enrollment for Mock Verification Type. |
| $pwd_enroll_sms_ui and $pwd_verify_sms_ui | UI for SMS enrollment and verification. |
| $pwd_enrollment_form_title | Jelly macro function that prints the title for the enrollment form. A verification ID is mandatory. |
| $pwd_error_message | UI for displaying error messages. |
| $pwd_process_flow | UI for indicating current stage. |
| $pwd_process_footer | JavaScript code to get the footer macro name. |
| $pwd_reset_stylesheet | JavaScript code to get the default CSS file ID. |
| $pwd_verify_personal_data_ui and $pwd_verify_personal_data_confirmation_ui | UI for verifying personal data and for confirming personal data. |
| $pwd_verify_questions_ui | UI for verifying questions. |
| $pwd_verify_simple_ui | Input section for a simple verification method. This field is a single input field. |
UI scripts installed with Password Reset
You can create a UI script and reference the script from a UI macro or UI page by using a <g:include_script> Jelly tag. The following example shows how the $pwd_enroll_questions_ui UI macro can reference the $pwd_enroll_questions_ui script. In the example, [UI Script Name]+".jsdbx" is the name of the script:<g:include_script src="$pwd_enroll_questions_ui.jsdbx" />| Name | Description |
|---|---|
| $pwd_csrf_common_ui_script | Common UI script for handling a Cross-site Request Forgery (CSRF). |
| $pwd_enroll_email_ui | JavaScript code for the $pwd_enroll_questions_ui UI macro. |
| $pwd_enroll_google_auth_ui | JavaScript code for the $pwd_enroll_google_auth_ui UI macro. |
| $pwd_enroll_questions_ui | JavaScript code for the $pwd_enroll_questions_ui UI macro. |
| $pwd_enroll_sample_ui | Included sample client JavaScript for the $pwd_enroll_sample_ui UI macro. |
| $pwd_enroll_sms_ui | SMS enrollment UI script. |
| $pwd_enrollment_submit_event | UI script for an enrollment submission event. |
| $pwd_util | Utilities for password reset UI pages and UI macros. |
| $pwdWfManager | Helper class to handle workflow activities and post-processing. |
Password Reset workflows
The Password Reset plugin adds workflows that you can use as examples to create custom workflows for Password Reset processes.| Workflow | Description |
|---|---|
| Pwd Reset - AD | Connects to an AD server. |
| Pwd Reset - Local ServiceNow | Current (local) instance. |
| Pwd Reset - Master | Password Reset primary workflow. |
| Pwd Reset - Mock Fatal | Example workflow to use in Password Reset testing to simulate a fatal error. No retries. |
| Pwd Reset - Mock Non Fatal | Example workflow to use in Password Reset testing to simulate a non-fatal error. |
| Pwd Reset - Mock Success | Example workflow to use in Password Reset testing to simulate a successful completion. |
| Pwd Reset - Remote ServiceNow | Connects to a remote(SOAP) ServiceNow instance. |
| Workflow | Description |
|---|---|
| Pwd Connection Test - AD | Tests connection to an AD server. |
| Pwd Connection Test - Local SN | Tests connection to local instance. |
| Pwd Connection Test - Master | Master workflow to test credential store connectivity. |
| Pwd Connection Test - Mock Failure | Example credential store connection test that simulates a failed connection. |
| Pwd Connection Test - Mock Success | Example credential store connection test that simulates a successful connection. |
| Pwd Connection Test - Remote SN | Tests connection to a remote(SOAP) ServiceNow instance. |
| Workflow | Description |
|---|---|
| Pwd Get Lock State - AD | Gets a user account lock state for the AD server. |
| Pwd Get Lock State - Local SN | Workflow to get a user account lock state for the local instance. |
| Pwd Get Lock State - Master | Primary workflow to get a user account lock state. |
| Pwd Get Lock State - Remote SN | Gets a user account lock state for the remote(SOAP) ServiceNow instance. |
| Workflow | Description |
|---|---|
| Pwd Unlock Account – AD | Unlocks a user account for a local instance. |
| Pwd Unlock Account - Local SN | Workflow to unlock a user account for a local instance. |
| Pwd Unlock Account - Master | Master workflow to unlock a user account. |
| Pwd Unlock Account – Remote SN | Unlocks a user account for a remote(SOAP) ServiceNow instance. |
| Workflow | Description |
|---|---|
| Pwd Change - Master | Password change primary workflow. |
| Pwd Change – Local ServiceNow | Connects to a local instance to change a password. |
| Pwd Change – AD | Connects to an AD server to change a password. |
| Pwd Change – Remote ServiceNow | Connects to a remote(SOAP) ServiceNow instance to change a password. |
Password Reset notifications
| Name | Fired by event name | Description |
|---|---|---|
| Password Reset – Send SMS Code | pwd.send_sms_code.trigger | Sends out SMS authentication code for verification. |
| [K] Password Reset – Send Email Code | pwd.send_email_code.trigger | Sends out authentication code via Email for verification. |
| Password Reset - Enrollment Reminder | pwd.enrollment_reminder.trigger | Sends emails to remind users to enroll in the required verifications. |
| Password Reset - New Password Confirmation | pwd.email.trigger | For the Email/SMS Password process, sends an email or SMS (if configured) that includes the new password. |
| Password Reset - Send Verify Code | pwd.send_verify_code.trigger | Sends authentication code to users using email or SMS for password reset or
enrollment. Note: If the Notify plugin is active,
SMS code is sent via Twilio instead of ServiceNow
Notification. |
| Password Reset URL | password.reset.url | For the Email/SMS Password Reset URL process: Sends email or
SMS (if configured) that includes a link to the password reset
URL. Note: Check the following items if the instance does not send
the email notification to the user:
|
SOAP messages for Password Reset
| SOAP Message | Description |
|---|---|
| Change Password | When the Orchestration Add-on plugin is active, the system can use the SOAP protocol to change passwords on remote credential stores such as a remote ServiceNow instance. |
| Password Reset Request | When the Orchestration Add-on plugin is active, the system can use the SOAP protocol to reset passwords on remote credential stores such as a remote ServiceNow instance. |
REST API
- Name: Pwd Reset
- API ID: pwd_reset
- Base API path: /api/now/pwd_reset
| Name | Resource path | API Version | Description |
|---|---|---|---|
| pwd_init | /api/now/v1/pwd_reset/init | v1 | Initial request to establish session, write logs, and fetch UI messages. |
| pwd_identify | /api/now/v1/pwd_reset/identify | v1 | Get identification page components. |
| pwd_verify | /api/now/v1/pwd_reset/verify | v1 | Get verification page components. |
| pwd_new | /api/now/v1/pwd_reset/reset | v1 | Get resetting password page components. |
| pwd_success | /api/now/v1/pwd_reset/success | v1 | Get success page components. |
| pwd_failure | /api/now/v1/pwd_reset/failure | v1 | Get failure page components. |
| Name | Resource path | API Version | Description |
|---|---|---|---|
| pwd_init | /api/now/v2/pwd_reset/init | v2 | Initial request to establish session, write logs, and fetch UI messages. |
| pwd_identify | /api/now/v2/pwd_reset/identify | v2 | Get identification page components. |
| pwd_verify | /api/now/v2/pwd_reset/verify | v2 | Get verification page components. |
| pwd_new | /api/now/v2/pwd_reset/reset | v2 | Get reset password page components. |
| pwd_success | /api/now/v2/pwd_reset/success | v2 | Get success page components. |
| pwd_failure | /api/now/v2/pwd_reset/failure | v2 | Get failure page components. |