Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Configure the connection to a credential store for the Password Reset processes

Log in to subscribe to topics and get notified when content changes.

Configure the connection to a credential store for the Password Reset processes

You create a Password Reset credential store record to configure access to your credential store server while a user is changing or resetting a password. In addition to host connection information, you can specify the password hints that users should see, restrictions on password reuse, the allowed number of failed reset attempts, and other settings.

About this task

For an AD credential store, skip this procedure and instead follow the instructions in Integrate Password Reset with your Active Directory service. The Password Reset Windows Application supports only AD credential stores.

Procedure

  1. Navigate to Password Reset > Credential Stores.
  2. Select one of the following sample credential stores:
    • Local ServiceNow Instance credential store.
    • Remote (SOAP) ServiceNow credential store (installed with the Orchestration Add-on).
  3. Enter a unique and meaningful Name and Description, and then fill in the form.
    Type Type of credential store that you are connecting to. A ServiceNow credential store type is a template that provides the required set of capabilities for a particular kind of credential store. Credential stores inherit the functionality of the credential store type.
    Note: For an AD credential store, skip this procedure and see Integrate Password Reset with your Active Directory service. The Password Reset Windows Application supports only AD credential stores.
    Auto-generate password Script include that generates a temporary password for use during the reset process.

    If you select the Enforce history policy check box, then you must specify a value for Auto-generate password.

    Enforce history policy Appears only if you select a credential store Type of AD Credential Store or Local ServiceNow Instance. For information on configuring the setting for an AD credential store, see Configure the connection to an AD credential store.

    Select the Enforce history policy check box to ensure that users do not reuse passwords. For example, you might configure the history policy to not allow the user to reuse any of the previous 10 passwords. Follow this procedure:

    1. Select the Enforce history policy check box.
    2. In the Password Reset Credential Store Parameters related list, create a password_history_limit parameter.
    3. Set the value of the parameter to the number of previous passwords that cannot be used (maximum 10). The default value of 0 (zero) enables use of any previous password.
    Hostname URL or IP address of the credential store.
    User account lookup Script include that maps the user ServiceNow platform ID to the user credential store ID. A default script, PwdDefaultUserAccountLookup, returns the user ServiceNow platform user name.
    Password rule hint Specify the text that appears on the password reset page to help the user to create a password that meets all requirements. The Password rule script enforces the requirements.
    Note: The Password Reset Windows Application supports newline characters in the hint. Other formatting is not supported (bold, underline, hyperlink, and so on).
    Password rule Specify the client script that validates the new password that the user enters. The script is invoked when the user enters a new password and clicks Password Reset. You can use the script to enforce password strength/complexity requirements.
    Enable Password Strength Select the check box to:
    • Display the text box for the Strength rule script so you can update the script.
    • Display the graphical Password Strength bar to the user while the user changes or resets the password.
    Note: The Password Reset Windows Application does not support Password Strength.
    Strength rule This text box appears only if you select Enable Password Strength.

    Specify the client script that calculates the strength/complexity of the password that the user enters. The script is invoked when the user begins to enter a new password during the reset process.

    Default settings:
    • Selected for local ServiceNow credential stores
    • Not selected for other credential stores
    Note:

    To guide the user during the reset process, the system displays a graphical bar labeled Password Strength under the New password field.

    Password strength indicator
    Note: The Password Reset Windows Application does not support Password Strength.
  4. Click Submit.
  5. If you use the Local ServiceNow Instance credential store and you selected the Enforce history policy check box, then follow these steps:
    1. Open the Password Reset process that is associated with the credential store: Password Reset > Processes.
    2. On the Password Reset Details tab of the Password Reset Process form, clear the Auto-generate password check box and then save the process definition.
  6. Test the connection to the credential store.
Feedback