Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Now Platform capabilities
Table of Contents
Choose your release version
    Home Madrid Now Platform Capabilities Now Platform capabilities Password Reset application Password Reset setup guide Domain separation in the Password Reset application

    Domain separation in the Password Reset application

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Domain separation in the Password Reset application

    A password reset process that you define in any domain is isolated from a process that you create in any other domain. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.

    Overview

    Support: Level 2

    Domain separation is supported in this application. Not all ServiceNow applications support domain separation; some include limitations on the data and administrative settings that can be domain separated. To learn more, see Application support for domain separation.

    Each password reset process follows these steps:

    1. The end user asks to reset the password.
    2. The user provides identifying information (typically username or email address).
    3. The user verifies the identity — proves that they are who they say they are (typically by answering questions or submitting a code number that was delivered securely).
    4. The instance connects to the credential store to confirm the user credentials.
    5. The instance generates the new password and displays it to the user.

    How domain separation works in Password Reset

    Domain separation for Password Reset is applied at the process level. The admin configures the following elements to define a password reset process: A connection to a credential store, user groups that can use the process, method of identification, and verifications to use during the process.

    • A connection to the credential store where user credentials (like username/password) are securely stored. Each connection inherits the domain setting from a template called a connection type. Each connection type is tied to a domain (the connection type record has a domain field). There are uniqueness constraints on connection names within a domain.
    • One or more user groups on the ServiceNow instance that can use the password reset process. User accounts are members of one or more domains — they use the standard ServiceNow domain separation. When a user enrolls to use one of the password reset processes that is configured for the organization, the user is allowed to choose only from the processes in the user’s domain.
    • The identification — the method that the end user employs to claim identity for the public password reset or password change process. Each identification inherits the domain setting from a template called an identification type. Each identification type is tied to a domain (the identification type record has a domain field). There are uniqueness constraints on identification names within a domain.
    • One or more verifications — methods to verify the identity of the person who is attempting to reset the password. Each verification inherits the domain setting from a template called a verification type. Each verification type is tied to a domain (the verification type record has a domain field). There are uniqueness constraints on verification names within a domain.
    • All Password Reset tables have a domain column.
    • Password Reset process tables include a sys-overrides column on business rules, UI actions, and so on.
    • The Password Reset application is built using Orchestration. Orchestration supports "Data only" domain separation — the data security model of separating visibility of data from one domain to another.

    Self-service and Service desk-assisted processes

    In addition to configuring the connections, user groups, identifications, and verifications that are used in each process, the admin specifies one of the following operational methods for the organization:

    • Self-service process: End users reset passwords over the Internet using a browser on any supported interface, including mobile devices. The end user can select from any configured process in the end user’s domain (or child domain of an end user’s domain).
    • Service desk-assisted process: End users do not reset passwords. An end user requests the assistance of a service desk agent, over the phone or in person. The agent processes the request. Each service desk agent has the Password Reset Admin service desk role. The “reset request” form that the agent works in presents a User field and a Process field. On the form, the agent can view all processes in the end user’s domain, even if the agent is not a member of one or more of the domains.

    Password Change process

    The Password Change application extends the Password Reset application by letting admins define how users change their passwords. A service desk-assisted process is not supported. An admin must publish the URL for the self-service password change form.

    The Password Change application enables an end user to change a password over the Internet using a browser on any supported interface, including mobile devices. The end user can select from any configured process in the end user’s domain (or child domain of an end user’s domain).

    A password change process uses the same elements as a password reset process (connections, user groups, identifications, and verifications), with the same domain-separation features.

    Related topics
    • Domain separation

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Domain separation in the Password Reset application

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Domain separation in the Password Reset application

      A password reset process that you define in any domain is isolated from a process that you create in any other domain. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.

      Overview

      Support: Level 2

      Domain separation is supported in this application. Not all ServiceNow applications support domain separation; some include limitations on the data and administrative settings that can be domain separated. To learn more, see Application support for domain separation.

      Each password reset process follows these steps:

      1. The end user asks to reset the password.
      2. The user provides identifying information (typically username or email address).
      3. The user verifies the identity — proves that they are who they say they are (typically by answering questions or submitting a code number that was delivered securely).
      4. The instance connects to the credential store to confirm the user credentials.
      5. The instance generates the new password and displays it to the user.

      How domain separation works in Password Reset

      Domain separation for Password Reset is applied at the process level. The admin configures the following elements to define a password reset process: A connection to a credential store, user groups that can use the process, method of identification, and verifications to use during the process.

      • A connection to the credential store where user credentials (like username/password) are securely stored. Each connection inherits the domain setting from a template called a connection type. Each connection type is tied to a domain (the connection type record has a domain field). There are uniqueness constraints on connection names within a domain.
      • One or more user groups on the ServiceNow instance that can use the password reset process. User accounts are members of one or more domains — they use the standard ServiceNow domain separation. When a user enrolls to use one of the password reset processes that is configured for the organization, the user is allowed to choose only from the processes in the user’s domain.
      • The identification — the method that the end user employs to claim identity for the public password reset or password change process. Each identification inherits the domain setting from a template called an identification type. Each identification type is tied to a domain (the identification type record has a domain field). There are uniqueness constraints on identification names within a domain.
      • One or more verifications — methods to verify the identity of the person who is attempting to reset the password. Each verification inherits the domain setting from a template called a verification type. Each verification type is tied to a domain (the verification type record has a domain field). There are uniqueness constraints on verification names within a domain.
      • All Password Reset tables have a domain column.
      • Password Reset process tables include a sys-overrides column on business rules, UI actions, and so on.
      • The Password Reset application is built using Orchestration. Orchestration supports "Data only" domain separation — the data security model of separating visibility of data from one domain to another.

      Self-service and Service desk-assisted processes

      In addition to configuring the connections, user groups, identifications, and verifications that are used in each process, the admin specifies one of the following operational methods for the organization:

      • Self-service process: End users reset passwords over the Internet using a browser on any supported interface, including mobile devices. The end user can select from any configured process in the end user’s domain (or child domain of an end user’s domain).
      • Service desk-assisted process: End users do not reset passwords. An end user requests the assistance of a service desk agent, over the phone or in person. The agent processes the request. Each service desk agent has the Password Reset Admin service desk role. The “reset request” form that the agent works in presents a User field and a Process field. On the form, the agent can view all processes in the end user’s domain, even if the agent is not a member of one or more of the domains.

      Password Change process

      The Password Change application extends the Password Reset application by letting admins define how users change their passwords. A service desk-assisted process is not supported. An admin must publish the URL for the self-service password change form.

      The Password Change application enables an end user to change a password over the Internet using a browser on any supported interface, including mobile devices. The end user can select from any configured process in the end user’s domain (or child domain of an end user’s domain).

      A password change process uses the same elements as a password reset process (connections, user groups, identifications, and verifications), with the same domain-separation features.

      Related topics
      • Domain separation

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login