Contents Now Platform Capabilities Previous Topic Next Topic Password Reset admin guide Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics All Topics in Contents Share Password Reset admin guide The Password Reset application enables an end user to reset or change a password using a self-service process. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users. Watch the video: Introducing Password Reset (Video) Password Reset processesUsers with the password_reset_admin role configure how the process of resetting a password works for an end user. Self-service process: Users reset passwords over the Internet using a browser on any supported interface, including mobile devices. Service desk-assisted process: A user requests the assistance of a service desk agent, over the phone or in person. Users do not reset passwords. End-user experience of the self-service process The following example is typical: On the login page, the user clicks the Forgot Password? link to start the process. The Identify page opens and the user enters their identifying information (typically username or email address). The example includes the default Google reCAPTCHA security feature: On the Verify page, the user verifies their identity by providing information that proves that they are who they say they are. You, the admin, configure the method of verification and you can require multiple verifications. In the example, the admin has configured the Security Question verification. The user must answer a question to prove identity. (Earlier, the user selected the question and provided a secure private answer while enrolling for the password reset process.) Other possible verifications require the user to enter a code number that was sent to a mobile device by SMS text, through the Google Authenticator app, or by email. The system checks the credential store to verify identity and then displays the new password on the Reset page. Elements of a password reset process You configure the following elements of the process for your organization: A connection to the credential store for your organization where user credentials (like username/password) are securely stored. One or more user groups on the ServiceNow instance that can use the password reset process. The type of identification that users must enter to identify themselves (typically username or email address). One or more verifications — methods to verify the identity of the user. Examples: Answer a question that only the user knows how to answer — the QA Verification (based on the Security Question verification type). Enter a code number that was emailed to the user — the Email verification. Enter a code number that was texted to a mobile device — the SMS verification. Enter a code number that appears on the Google Authenticator app on a mobile device — the Google Authenticator verification. How you implement a password reset process Plan your implementation: Ensure that all applicable organizational guidelines, security policies, and areas of the organization are considered. Set up the elements of the password reset and password change processes according to the plan: Connection to the credential store. User groups that will use the password reset process. Identification type to use. Verifications to use. In the service desk-assisted model, assign service desk agents to monitor and reset passwords as needed. Monitor password reset activity to identify security threats and to ensure compliance with the password policy requirements of your organization. Password Reset Windows Application If a user forgets the password or gets locked out of a Windows computer, the user can reset the password directly from the Windows login screen. The user clicks the Forgot Password? link and is then guided through the process of resetting the password. To learn more, see Password Reset Windows Application. Password Change applicationThe Password Change application extends the Password Reset application by letting admins define how users change their passwords. Only a self-service process is supported and an admin must publish the URL to the password change form. The user logs in to the instance and then selects the Change Password module or link from the user profile record. Password change is supported on mobile devices. On the Change Password page, the user selects the credential store where the password resides. The user enters the old password and then enters and confirms a new password. Workflows validate the old password and then implement the new password. The system notifies the user that the password was changed. What to do nextPlan your Password Reset processes Example: The default self-service Password Reset processThe default self-service Password Reset process enables a user to reset the password without assistance from service desk agents.Plan your Password Reset processesTo ensure security and efficiency, take the time to plan your Password Reset implementation.Configure your Password Reset processTo implement the process, you configure credentials, verification methods and settings, and enrollment settings. You also specify which users the process applies to.Customizing Password Reset processesPassword Reset scripts enable you to customize Password Reset by creating your own credential store, verification, and identification types, and extend them by defining extension scripts. You can also create a custom credential store type, custom verification type, or verification.Service desk: Reset a password or unlock a user accountIn a service desk-assisted Password Reset process, service desk agents with the password_reset_service_desk role reset user passwords—users cannot reset passwords. Watch a video example of service desk agents resetting passwords: Resetting User Passwords (Video).Integrate Password Reset with a Service Portal widgetYou can enable a Password Reset process in a Service Portal page by adding a widget that opens the password reset pages inside the portal.Integrate Password Reset with a CMS integrationYou can configure a site in the ServiceNow content management (CMS) application to define a single-site access point that includes the Password Reset service. For example, you can create an employee self-service site that provides Password Reset service.Password Reset and Password Change reports and logsThe Password Reset application provides several tools for monitoring and troubleshooting password reset activities. On this page Send Feedback Previous Topic Next Topic
Password Reset admin guide The Password Reset application enables an end user to reset or change a password using a self-service process. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users. Watch the video: Introducing Password Reset (Video) Password Reset processesUsers with the password_reset_admin role configure how the process of resetting a password works for an end user. Self-service process: Users reset passwords over the Internet using a browser on any supported interface, including mobile devices. Service desk-assisted process: A user requests the assistance of a service desk agent, over the phone or in person. Users do not reset passwords. End-user experience of the self-service process The following example is typical: On the login page, the user clicks the Forgot Password? link to start the process. The Identify page opens and the user enters their identifying information (typically username or email address). The example includes the default Google reCAPTCHA security feature: On the Verify page, the user verifies their identity by providing information that proves that they are who they say they are. You, the admin, configure the method of verification and you can require multiple verifications. In the example, the admin has configured the Security Question verification. The user must answer a question to prove identity. (Earlier, the user selected the question and provided a secure private answer while enrolling for the password reset process.) Other possible verifications require the user to enter a code number that was sent to a mobile device by SMS text, through the Google Authenticator app, or by email. The system checks the credential store to verify identity and then displays the new password on the Reset page. Elements of a password reset process You configure the following elements of the process for your organization: A connection to the credential store for your organization where user credentials (like username/password) are securely stored. One or more user groups on the ServiceNow instance that can use the password reset process. The type of identification that users must enter to identify themselves (typically username or email address). One or more verifications — methods to verify the identity of the user. Examples: Answer a question that only the user knows how to answer — the QA Verification (based on the Security Question verification type). Enter a code number that was emailed to the user — the Email verification. Enter a code number that was texted to a mobile device — the SMS verification. Enter a code number that appears on the Google Authenticator app on a mobile device — the Google Authenticator verification. How you implement a password reset process Plan your implementation: Ensure that all applicable organizational guidelines, security policies, and areas of the organization are considered. Set up the elements of the password reset and password change processes according to the plan: Connection to the credential store. User groups that will use the password reset process. Identification type to use. Verifications to use. In the service desk-assisted model, assign service desk agents to monitor and reset passwords as needed. Monitor password reset activity to identify security threats and to ensure compliance with the password policy requirements of your organization. Password Reset Windows Application If a user forgets the password or gets locked out of a Windows computer, the user can reset the password directly from the Windows login screen. The user clicks the Forgot Password? link and is then guided through the process of resetting the password. To learn more, see Password Reset Windows Application. Password Change applicationThe Password Change application extends the Password Reset application by letting admins define how users change their passwords. Only a self-service process is supported and an admin must publish the URL to the password change form. The user logs in to the instance and then selects the Change Password module or link from the user profile record. Password change is supported on mobile devices. On the Change Password page, the user selects the credential store where the password resides. The user enters the old password and then enters and confirms a new password. Workflows validate the old password and then implement the new password. The system notifies the user that the password was changed. What to do nextPlan your Password Reset processes Example: The default self-service Password Reset processThe default self-service Password Reset process enables a user to reset the password without assistance from service desk agents.Plan your Password Reset processesTo ensure security and efficiency, take the time to plan your Password Reset implementation.Configure your Password Reset processTo implement the process, you configure credentials, verification methods and settings, and enrollment settings. You also specify which users the process applies to.Customizing Password Reset processesPassword Reset scripts enable you to customize Password Reset by creating your own credential store, verification, and identification types, and extend them by defining extension scripts. You can also create a custom credential store type, custom verification type, or verification.Service desk: Reset a password or unlock a user accountIn a service desk-assisted Password Reset process, service desk agents with the password_reset_service_desk role reset user passwords—users cannot reset passwords. Watch a video example of service desk agents resetting passwords: Resetting User Passwords (Video).Integrate Password Reset with a Service Portal widgetYou can enable a Password Reset process in a Service Portal page by adding a widget that opens the password reset pages inside the portal.Integrate Password Reset with a CMS integrationYou can configure a site in the ServiceNow content management (CMS) application to define a single-site access point that includes the Password Reset service. For example, you can create an employee self-service site that provides Password Reset service.Password Reset and Password Change reports and logsThe Password Reset application provides several tools for monitoring and troubleshooting password reset activities.
Password Reset admin guide The Password Reset application enables an end user to reset or change a password using a self-service process. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users. Watch the video: Introducing Password Reset (Video) Password Reset processesUsers with the password_reset_admin role configure how the process of resetting a password works for an end user. Self-service process: Users reset passwords over the Internet using a browser on any supported interface, including mobile devices. Service desk-assisted process: A user requests the assistance of a service desk agent, over the phone or in person. Users do not reset passwords. End-user experience of the self-service process The following example is typical: On the login page, the user clicks the Forgot Password? link to start the process. The Identify page opens and the user enters their identifying information (typically username or email address). The example includes the default Google reCAPTCHA security feature: On the Verify page, the user verifies their identity by providing information that proves that they are who they say they are. You, the admin, configure the method of verification and you can require multiple verifications. In the example, the admin has configured the Security Question verification. The user must answer a question to prove identity. (Earlier, the user selected the question and provided a secure private answer while enrolling for the password reset process.) Other possible verifications require the user to enter a code number that was sent to a mobile device by SMS text, through the Google Authenticator app, or by email. The system checks the credential store to verify identity and then displays the new password on the Reset page. Elements of a password reset process You configure the following elements of the process for your organization: A connection to the credential store for your organization where user credentials (like username/password) are securely stored. One or more user groups on the ServiceNow instance that can use the password reset process. The type of identification that users must enter to identify themselves (typically username or email address). One or more verifications — methods to verify the identity of the user. Examples: Answer a question that only the user knows how to answer — the QA Verification (based on the Security Question verification type). Enter a code number that was emailed to the user — the Email verification. Enter a code number that was texted to a mobile device — the SMS verification. Enter a code number that appears on the Google Authenticator app on a mobile device — the Google Authenticator verification. How you implement a password reset process Plan your implementation: Ensure that all applicable organizational guidelines, security policies, and areas of the organization are considered. Set up the elements of the password reset and password change processes according to the plan: Connection to the credential store. User groups that will use the password reset process. Identification type to use. Verifications to use. In the service desk-assisted model, assign service desk agents to monitor and reset passwords as needed. Monitor password reset activity to identify security threats and to ensure compliance with the password policy requirements of your organization. Password Reset Windows Application If a user forgets the password or gets locked out of a Windows computer, the user can reset the password directly from the Windows login screen. The user clicks the Forgot Password? link and is then guided through the process of resetting the password. To learn more, see Password Reset Windows Application. Password Change applicationThe Password Change application extends the Password Reset application by letting admins define how users change their passwords. Only a self-service process is supported and an admin must publish the URL to the password change form. The user logs in to the instance and then selects the Change Password module or link from the user profile record. Password change is supported on mobile devices. On the Change Password page, the user selects the credential store where the password resides. The user enters the old password and then enters and confirms a new password. Workflows validate the old password and then implement the new password. The system notifies the user that the password was changed. What to do nextPlan your Password Reset processes Example: The default self-service Password Reset processThe default self-service Password Reset process enables a user to reset the password without assistance from service desk agents.Plan your Password Reset processesTo ensure security and efficiency, take the time to plan your Password Reset implementation.Configure your Password Reset processTo implement the process, you configure credentials, verification methods and settings, and enrollment settings. You also specify which users the process applies to.Customizing Password Reset processesPassword Reset scripts enable you to customize Password Reset by creating your own credential store, verification, and identification types, and extend them by defining extension scripts. You can also create a custom credential store type, custom verification type, or verification.Service desk: Reset a password or unlock a user accountIn a service desk-assisted Password Reset process, service desk agents with the password_reset_service_desk role reset user passwords—users cannot reset passwords. Watch a video example of service desk agents resetting passwords: Resetting User Passwords (Video).Integrate Password Reset with a Service Portal widgetYou can enable a Password Reset process in a Service Portal page by adding a widget that opens the password reset pages inside the portal.Integrate Password Reset with a CMS integrationYou can configure a site in the ServiceNow content management (CMS) application to define a single-site access point that includes the Password Reset service. For example, you can create an employee self-service site that provides Password Reset service.Password Reset and Password Change reports and logsThe Password Reset application provides several tools for monitoring and troubleshooting password reset activities.
